stef167

Bonjour, J'ai réinstallé le pc de mon frère il y a 2 mois et il vient de me le ramener avec des pages de pub qui s'ouvre avec le signe ~ devant et de grosse lenteur avec internet explorer. J'ai passé spybot et adaware mais pas de changement. L'antivirus est nod32 et le parefeu est Look n Stop. Il me dit qu'il a autorisé une fois un truc et depuis çà merche plus. Voici le rapport HijackThis en vous remerciant d'avance. Logfile of HijackThis v1.99.1 Scan saved at 22:55:37, on 05/06/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20772) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\topdesk.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\UberIcon\UberIcon Manager.exe C:\Windows\System32\VisualTaskTips.exe C:\Program Files\styler\Styler.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Soft4Ever\looknstop\looknstop.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX04.984\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: ::1 localhost O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TopDesk] C:\WINDOWS\system32\topdesk.exe O4 - HKLM\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKLM\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe O4 - HKLM\..\Run: [styler] C:\Program Files\styler\Styler.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O11 - Options group: [TABS] Tabbed Browsing O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199888245281 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

Un très grand merci à toi pour ton aide. Pour le reste, je fais le nécessaire dès que possible. @+ Stef

-->- Recherche: C:\_OtMoveIt: trouvé ! C:\clean\clean\tar.exe: trouvé ! C:\clean\clean\remove.reg: trouvé ! C:\clean\clean\pskill.exe: trouvé ! C:\clean\clean\LFiles.exe: trouvé ! C:\clean\clean\gzip.exe: trouvé ! C:\clean\clean\delsiri.cmd: trouvé ! C:\clean\clean\delr.cmd: trouvé ! C:\clean\clean\del3.cmd: trouvé ! C:\clean\clean\del2.cmd: trouvé ! C:\clean\clean\clean.cmd: trouvé ! C:\clean\clean\cherche.cmd: trouvé ! C:\Documents and Settings\Admin\Bureau\HijackThis.lnk: trouvé ! C:\Documents and Settings\Admin\Bureau\Lop S&D.lnk: trouvé ! C:\Documents and Settings\Admin\Bureau\LopSD.exe: trouvé ! C:\Documents and Settings\Admin\Bureau\Msnfix.zip: trouvé ! C:\Documents and Settings\Admin\Bureau\BtFix.zip: trouvé ! C:\Documents and Settings\Admin\Bureau\OtMoveIt.exe: trouvé ! C:\Documents and Settings\Admin\Bureau\Navilog1.exe: trouvé ! C:\Documents and Settings\Admin\Bureau\DiagHelp: trouvé ! C:\Documents and Settings\Admin\Bureau\MsnFix: trouvé ! C:\Documents and Settings\Admin\Bureau\Btfix: trouvé ! C:\Documents and Settings\Admin\Bureau\BTFix\Btfix: trouvé ! C:\Documents and Settings\Admin\Bureau\DiagHelp\tar.exe: trouvé ! C:\Documents and Settings\Admin\Bureau\DiagHelp\LFiles.exe: trouvé ! C:\Documents and Settings\Admin\Bureau\DiagHelp\gzip.exe: trouvé ! C:\Documents and Settings\Admin\Bureau\MSNFix\MsnFix: trouvé ! C:\Documents and Settings\Admin\Menu Démarrer\Programmes\Lop S&D: trouvé ! C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé ! C:\Program Files\Lop SD: trouvé ! C:\Program Files\Navilog1: trouvé ! C:\Program Files\Lop SD\Lop S&D.lnk: trouvé ! C:\Program Files\Navilog1\Navilog1.bat: trouvé ! C:\Program Files\Trend Micro\HijackThis: trouvé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé ! --------------------------------- -->- Suppression: C:\clean\clean\tar.exe: supprimé ! C:\clean\clean\remove.reg: supprimé ! C:\clean\clean\pskill.exe: supprimé ! C:\clean\clean\LFiles.exe: supprimé ! C:\clean\clean\gzip.exe: supprimé ! C:\clean\clean\delsiri.cmd: supprimé ! C:\clean\clean\delr.cmd: supprimé ! C:\clean\clean\del3.cmd: supprimé ! C:\clean\clean\del2.cmd: supprimé ! C:\clean\clean\clean.cmd: supprimé ! C:\clean\clean\cherche.cmd: supprimé ! C:\Documents and Settings\Admin\Bureau\HijackThis.lnk: supprimé ! C:\Documents and Settings\Admin\Bureau\Lop S&D.lnk: supprimé ! C:\Documents and Settings\Admin\Bureau\LopSD.exe: supprimé ! C:\Documents and Settings\Admin\Bureau\Msnfix.zip: supprimé ! C:\Documents and Settings\Admin\Bureau\BtFix.zip: supprimé ! C:\Documents and Settings\Admin\Bureau\OtMoveIt.exe: supprimé ! C:\Documents and Settings\Admin\Bureau\Navilog1.exe: supprimé ! C:\Documents and Settings\Admin\Bureau\DiagHelp\tar.exe: supprimé ! C:\Documents and Settings\Admin\Bureau\DiagHelp\LFiles.exe: supprimé ! C:\Documents and Settings\Admin\Bureau\DiagHelp\gzip.exe: supprimé ! C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: supprimé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé ! C:\Program Files\Lop SD\Lop S&D.lnk: supprimé ! C:\Program Files\Navilog1\Navilog1.bat: supprimé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé ! C:\_OtMoveIt: supprimé ! C:\Documents and Settings\Admin\Bureau\DiagHelp: supprimé ! C:\Documents and Settings\Admin\Bureau\MsnFix: supprimé ! C:\Documents and Settings\Admin\Bureau\Btfix: supprimé ! C:\Documents and Settings\Admin\Menu Démarrer\Programmes\Lop S&D: supprimé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé ! C:\Program Files\Lop SD: supprimé ! C:\Program Files\Navilog1: supprimé ! C:\Program Files\Trend Micro\HijackThis: supprimé ! Fichiers temporaires nettoyés ! Corbeille vidée!

Même avec l'option "afficher les fichiers cachés", il n'y a pas de cmdow.exe. Pour le reste, on va laisser pour les petits. C'est ma filleul qui utilise ce pc et je pense qu'elle veut garder ce truc. Je verrai avec elle. Merci.

Pas de trace de cmdow.exe sur le pc et l'autre fichier vient d'être supprimé sans problème. Le pc se comporte à nouveau normalement. Un grand grand merci pour tout. A + Stef

Ok, j'ai fait ce que tu m'as dit. Tout c'est bien passé !!

Search Navipromo version 3.4.3 commencé le 08/02/2008 à 8:01:42,21 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 06.02.2008 à 18h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.11 Système de fichiers : NTFS Executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans C:\WINDOWS *** *** Recherche dossiers dans C:\Program Files *** *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 *** *** Recherche dossiers dans "C:\Documents and Settings\Admin\application data" *** *** Recherche dossiers dans "C:\Documents and Settings\Admin\local settings\application data" *** *** Recherche dossiers dans "C:\Documents and Settings\Admin\MENUDM~1\PROGRA~1" *** *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Aucun Fichier trouvé *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans C:\WINDOWS\system32 * * Recherche dans "C:\Documents and Settings\Admin\local settings\application data" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans C:\WINDOWS\system32 : * Dans "C:\Documents and Settings\Admin\local settings\application data" : 3)Recherche Certificats : Certificat Egroup absent ! 4)Recherche fichiers connus : *** Analyse terminée le 08/02/2008 à 8:10:56,34 ***

Fichier wzjckp.exe reçu le 2008.02.06 22:24:45 (CET)Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.2.6.10 2008.02.05 - AntiVir 7.6.0.62 2008.02.06 ADSPY/NaviPromo.LH.5 Authentium 4.93.8 2008.02.05 - Avast 4.7.1098.0 2008.02.06 - AVG 7.5.0.516 2008.02.06 - BitDefender 7.2 2008.02.06 - CAT-QuickHeal 9.00 2008.02.04 - ClamAV 0.92 2008.02.06 - DrWeb 4.44.0.09170 2008.02.06 - eSafe 7.0.15.0 2008.01.28 - eTrust-Vet 31.3.5512 2008.02.05 - Ewido 4.0 2008.02.06 - FileAdvisor 1 2008.02.06 - Fortinet 3.14.0.0 2008.02.06 - F-Prot 4.4.2.54 2008.02.06 - F-Secure 6.70.13260.0 2008.02.06 - Ikarus T3.1.1.20 2008.02.06 not-a-virus:AdWare.Win32.NaviPromo Kaspersky 7.0.0.125 2008.02.06 not-a-virus:AdWare.Win32.NaviPromo.gen McAfee 5224 2008.02.06 - Microsoft 1.3204 2008.02.06 Adware:Win32/Slagent NOD32v2 2854 2008.02.06 - Norman 5.80.02 2008.02.06 - Panda 9.0.0.4 2008.02.06 Adware/NaviPromo Prevx1 V2 2008.02.06 Heuristic: Suspicious Self Modifying File Rising 20.29.22.00 2008.01.30 - Sophos 4.26.0 2008.02.06 - Sunbelt 2.2.907.0 2008.02.05 - Symantec 10 2008.02.06 - TheHacker 6.2.9.210 2008.02.06 - VBA32 3.12.6.0 2008.02.06 - VirusBuster 4.3.26:9 2008.02.06 - Webwasher-Gateway 6.6.2 2008.02.06 Ad-Spyware.NaviPromo.LH.5 Information additionnelle File size: 441856 bytes MD5: 66322447a69005f4fa7150cbbcccb910 SHA1: a01f5775444b1a46e6fcc79d87ae9f5a8a4a1063 PEiD: UPX v1.03 - v1.04 Prevx info: http://info.prevx.com/aboutprogramtext.asp...CAD2500CF37FA47 Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.2.6.10 2008.02.05 - AntiVir 7.6.0.62 2008.02.06 ADSPY/NaviPromo.LH.5 Authentium 4.93.8 2008.02.05 - Avast 4.7.1098.0 2008.02.06 - AVG 7.5.0.516 2008.02.06 - BitDefender 7.2 2008.02.06 - CAT-QuickHeal 9.00 2008.02.04 - ClamAV 0.92 2008.02.06 - DrWeb 4.44.0.09170 2008.02.06 - eSafe 7.0.15.0 2008.01.28 - eTrust-Vet 31.3.5512 2008.02.05 - Ewido 4.0 2008.02.06 - FileAdvisor 1 2008.02.06 - Fortinet 3.14.0.0 2008.02.06 - F-Prot 4.4.2.54 2008.02.06 - F-Secure 6.70.13260.0 2008.02.06 - Ikarus T3.1.1.20 2008.02.06 not-a-virus:AdWare.Win32.NaviPromo Kaspersky 7.0.0.125 2008.02.06 not-a-virus:AdWare.Win32.NaviPromo.gen McAfee 5224 2008.02.06 - Microsoft 1.3204 2008.02.06 Adware:Win32/Slagent NOD32v2 2854 2008.02.06 - Norman 5.80.02 2008.02.06 - Panda 9.0.0.4 2008.02.06 Adware/NaviPromo Prevx1 V2 2008.02.06 Heuristic: Suspicious Self Modifying File Rising 20.29.22.00 2008.01.30 - Sophos 4.26.0 2008.02.06 - Sunbelt 2.2.907.0 2008.02.05 - Symantec 10 2008.02.06 - TheHacker 6.2.9.210 2008.02.06 - VBA32 3.12.6.0 2008.02.06 - VirusBuster 4.3.26:9 2008.02.06 - Webwasher-Gateway 6.6.2 2008.02.06 Ad-Spyware.NaviPromo.LH.5 Information additionnelle File size: 441856 bytes MD5: 66322447a69005f4fa7150cbbcccb910 SHA1: a01f5775444b1a46e6fcc79d87ae9f5a8a4a1063 PEiD: UPX v1.03 - v1.04 Prevx info: http://info.prevx.com/aboutprogramtext.asp...CAD2500CF37FA47

Bonjour, J'ai fait ce qu'il fallait pour e0.st et supprimer le fichier indiqué. Pour virus total, pour l'instant le site ne reagit pas. Merci

------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Wednesday, February 06, 2008 6:42:08 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 5/02/2008 Kaspersky Anti-Virus database records: 550073 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 124291 Number of viruses found: 9 Number of infected objects: 18 Number of suspicious objects: 2 Duration of the scan process: 01:41:07 Infected Object Name / Virus Name / Last Action C:\autorun.MSNFix\lpt3.This folder was created by Flash_Disinfector Object is locked skipped C:\clean\clean\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped C:\Documents and Settings\Admin\Application Data\Creative\Media Database\PCML_1.dpm Object is locked skipped C:\Documents and Settings\Admin\Application Data\Creative\Media Database\PCML_1.ldb Object is locked skipped C:\Documents and Settings\Admin\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Admin\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Admin\Local Settings\Historique\History.IE5\MSHist012008020520080206\index.dat Object is locked skipped C:\Documents and Settings\Admin\Local Settings\Temp\IH178A.tmp Object is locked skipped C:\Documents and Settings\Admin\Local Settings\Temp\JET9D59.tmp Object is locked skipped C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\2D4Q2CVJ\Soldes_2D_728x90[1].swf Object is locked skipped C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\FSDRH6DC\ZwinkySetup2.2.60.11-2[1].exe/mwsSetup.Zwinky.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\FSDRH6DC\ZwinkySetup2.2.60.11-2[1].exe CAB: infected - 1 skipped C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\OUJP0PJC\clean[1].zip/clean/pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\OUJP0PJC\clean[1].zip ZIP: infected - 1 skipped C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\QE0XAH2Z\Navilog1[1].exe/file09 Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\QE0XAH2Z\Navilog1[1].exe Inno: infected - 1 skipped C:\Documents and Settings\Admin\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Admin\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\6c0df73924a3d939b4fa1bf04842484f_119d2cba-fbf9-4afe-be86-1fba952d7987 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpywareSecure25.zip/Launcher.exe Suspicious: Password-protected-EXE skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpywareSecure25.zip ZIP: suspicious - 1 skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Eset\cache\CACHE.NDB Object is locked skipped C:\Program Files\Eset\infected\IBK03VBA.NQF Infected: Trojan.Win32.Inject.mf skipped C:\Program Files\Eset\logs\virlog.dat Object is locked skipped C:\Program Files\Eset\logs\warnlog.dat Object is locked skipped C:\Program Files\Navilog1\Backupnavi\ugdjyjxk.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.gen skipped C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\Program Files\RealVNC\VNC4\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\upload_moi_XPSP2-988680013.tar.gz/upload_moi.tar/_OTMoveIt/MovedFiles/02012008_172203/WINDOWS/System32/141B19171D1A18.exe Infected: Trojan-Downloader.Win32.VB.chy skipped C:\upload_moi_XPSP2-988680013.tar.gz/upload_moi.tar Infected: Trojan-Downloader.Win32.VB.chy skipped C:\upload_moi_XPSP2-988680013.tar.gz GZIP: infected - 2 skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{6AF972B0-1002-48C8-80D4-761B0B7AF106}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\system32\wzjckp.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.gen skipped C:\WINDOWS\Temp\Perflib_Perfdata_5f8.dat Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.

Voici le site qui s'affiche le plus souvent en ayant simplement internet explorer ouvert sur la page google: http://news3.eorezo.com/cgi-bin/ovt/splink...date=2008-02-05

Ok, je vais faire cela dès que possible. Concernant le pc, il se comporte à nouveau normalement niveau vitesse mais lorsque je laisse internet explorer ouvert au bout de quelques minutes, des pages de pub s'ouvrent. Merci pour l'aide jusqu'ici.

c:\Documents and Settings\p1\Application Data\Hotbar\IESkins moved successfully. c:\Documents and Settings\p1\Application Data\Hotbar\eskin moved successfully. c:\Documents and Settings\p1\Application Data\Hotbar moved successfully. c:\Documents and Settings\p1\Local Settings\Temp\AutoRun.exe moved successfully. Created on 02/05/2008 13:00:06

Comme je l'avais indiqué, l'ancien antivirus installé sur ce PC était Avast !!

up