psykopat67

J'avais le même problème. Cela vient probablement du fait que l'adresse passport.net n'existe plus. Après plusieurs tentatives, j'ai créée une nouvelle adresse sur Msn (ou autre réseau), j'ai modifié en conséquence money OK avec la nouvelle adresse et je l'ai supprimée OK money s'ouvre sans passport.net Voili voilou Pat

Formatage de f: - passage de 2 anti virus et 2 en ligne (kaspersy et secuser) + anti spyware + un ghost pour sécuriser Le pC est nickel et tourne comme un avion Un grand merci - chapeau bas Pat

Bien noté, je te remercie pour tout Patrick

Rapport Kasperky Pas de problème pour les virus trouvé sur F: - une fois C: réglé et ghosté , je le formate Pat Thursday, February 21, 2008 3:57:11 PM Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 21/02/2008 Kaspersky Anti-Virus database records: 574259 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ E:\ F:\ G:\ H:\ Scan Statistics Total number of scanned objects 84454 Number of viruses found 6 Number of infected objects 34 Number of suspicious objects 0 Duration of the scan process 01:02:34 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-02-21_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped C:\Documents and Settings\CSDB\Cookies\index.dat Object is locked skipped C:\Documents and Settings\CSDB\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\CSDB\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\CSDB\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\CSDB\Local Settings\Historique\History.IE5\MSHist012008022120080222\index.dat Object is locked skipped C:\Documents and Settings\CSDB\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\CSDB\NTUSER.DAT Object is locked skipped C:\Documents and Settings\CSDB\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Canon\iW DM\Program\Resource\Userdic.dic Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$CANONIWDM\Data\master.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$CANONIWDM\Data\mastlog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$CANONIWDM\Data\model.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$CANONIWDM\Data\modellog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$CANONIWDM\Data\tempdb.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$CANONIWDM\Data\templog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$CANONIWDM\LOG\ERRORLOG Object is locked skipped C:\Program Files\MultiMedia France Toolbar\MultiMedia - Installer.exe/data0015/data0005 Infected: not-a-virus:AdWare.Win32.Shopper.l skipped C:\Program Files\MultiMedia France Toolbar\MultiMedia - Installer.exe/data0015 Infected: not-a-virus:AdWare.Win32.Shopper.l skipped C:\Program Files\MultiMedia France Toolbar\MultiMedia - Installer.exe NSIS: infected - 2 skipped C:\Program Files\Rippackv3\Logiciels\codec\DivX5.02\DivXPro502GAINBundle.exe/Gain_Trickler.exe Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped C:\Program Files\Rippackv3\Logiciels\codec\DivX5.02\DivXPro502GAINBundle.exe Vise: infected - 1 skipped C:\Program Files\themexp\Themexp.org File\Ezthemes_WhenUSaveNow_InstallerInst.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\l5p4tm99.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_358.dat Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped F:\insta_iw\iR C3380_C2880Series\g794frx.exe Infected: Virus.Win32.Tenga.a skipped F:\insta_iw\iW DM Workgroup V4.0\iW Document Manager Gateway V4.0.0\IndexSys\IndexSysInterface\Setup.exe Infected: Virus.Win32.Tenga.a skipped F:\insta_iw\iW DM Workgroup V4.0\iW Document Manager Gateway V4.0.0\IndexSys\Setup.exe Infected: Virus.Win32.Tenga.a skipped F:\insta_iw\iW DM Workgroup V4.0\iW Document Manager Gateway V4.0.0\instmsia.exe Infected: Virus.Win32.Tenga.a skipped F:\insta_iw\iW DM Workgroup V4.0\iW Document Manager Gateway V4.0.0\instmsiw.exe Infected: Virus.Win32.Tenga.a skipped F:\insta_iw\iW DM Workgroup V4.0\iW Document Manager Gateway V4.0.0\setup.exe Infected: Virus.Win32.Tenga.a skipped F:\insta_iw\iW DM Workgroup V4.0\iW Document Manager Workgroup V4.0.3\instmsia.exe Infected: Virus.Win32.Tenga.a skipped F:\insta_iw\iW DM Workgroup V4.0\iW Document Manager Workgroup V4.0.3\instmsiw.exe Infected: Virus.Win32.Tenga.a skipped F:\insta_iw\iW DM Workgroup V4.0\iW Document Manager Workgroup V4.0.3\MDAC26\mdac_typ_fr.exe Infected: Virus.Win32.Tenga.a skipped F:\insta_iw\iW DM Workgroup V4.0\iW Document Manager Workgroup V4.0.3\MSDE2000\FRENCH\MSI\INSTMSI.EXE Infected: Virus.Win32.Tenga.a skipped F:\insta_iw\iW DM Workgroup V4.0\iW Document Manager Workgroup V4.0.3\MSDE2000\FRENCH\MSI\InstMsi20.exe Infected: Virus.Win32.Tenga.a skipped F:\insta_iw\iW DM Workgroup V4.0\iW Document Manager Workgroup V4.0.3\MSDE2000\FRENCH\MSI\INSTMSIW.EXE Infected: Virus.Win32.Tenga.a skipped F:\insta_iw\iW DM Workgroup V4.0\iW Document Manager Workgroup V4.0.3\MSDE2000\FRENCH\MSI\InstMsiW20.exe Infected: Virus.Win32.Tenga.a skipped F:\insta_iw\iW DM Workgroup V4.0\iW Document Manager Workgroup V4.0.3\MSDE2000\FRENCH\SETUP.EXE Infected: Virus.Win32.Tenga.a skipped F:\insta_iw\iW DM Workgroup V4.0\iW Document Manager Workgroup V4.0.3\Setup.exe Infected: Virus.Win32.Tenga.a skipped F:\insta_iw\iW DM Workgroup V4.0\iW Web Document Server V4.0.3\instmsia.exe Infected: Virus.Win32.Tenga.a skipped F:\insta_iw\iW DM Workgroup V4.0\iW Web Document Server V4.0.3\instmsiw.exe Infected: Virus.Win32.Tenga.a skipped F:\insta_iw\iW DM Workgroup V4.0\iW Web Document Server V4.0.3\Setup.exe Infected: Virus.Win32.Tenga.a skipped F:\insta_iw\Patch et Service Pack\iW Document Manager\iWDM4SP2FR\Setup.exe Infected: Virus.Win32.Tenga.a skipped F:\insta_iw\Patch et Service Pack\iW Gateway\iWGW4_SP1\iW Gateway 4 SP1.exe Infected: Virus.Win32.Tenga.a skipped F:\insta_iw\Patch et Service Pack\iW Scan Manager\iWSM4_SP2\setup.exe Infected: Virus.Win32.Tenga.a skipped F:\insta_iw\Patch et Service Pack\iW Scan Manager\iWSM4_SP3\setup.exe Infected: Virus.Win32.Tenga.a skipped F:\sauve\jean 2007\Nouveau dossier\Outil pour avoir windows original.rar/Outil pour avoir windows original/outils/2Changer de clef XP.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped F:\sauve\jean 2007\Nouveau dossier\Outil pour avoir windows original.rar/Outil pour avoir windows original/outils/2Changer de clef XP.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped F:\sauve\jean 2007\Nouveau dossier\Outil pour avoir windows original.rar/Outil pour avoir windows original/outils/2Changer de clef XP.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped F:\sauve\jean 2007\Nouveau dossier\Outil pour avoir windows original.rar/Outil pour avoir windows original/outils/2Changer de clef XP.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped F:\sauve\jean 2007\Nouveau dossier\Outil pour avoir windows original.rar RAR: infected - 4 skipped Scan process completed.

Désinstallation ComboFix = OK Clé de registre = OK

Je n'ai pas ce fichier dans les rep c:\Qoobox

Ici : http://www.sendspace.com/file/nlsw1k

1 C'est bien ça routeur ADSL Netgear WIFI 2 Le micro sert peu, petit serveur et téléchargement (ce qui explique les virus), je vais le mettre à jour dès que possible Encore merci Les rapports Pour Ewido, j'ai oublié de sauvegarder le rapport avant le netoyage, j'ai donc recommencer pour avoir un rapport - je ne sais pas si ca va servir à quelque chose ComboFix ComboFix 08-02-20.2 - CSDB 2008-02-21 10:07:51.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.712 [GMT 1:00] Endroit: C:\Documents and Settings\CSDB\Bureau\Combo-Fix.exe Command switches used :: C:\Documents and Settings\CSDB\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\DOCUME~1\CSDB\LOCALS~1\Temp\cel90xbe.sys C:\WINDOWS\system32\iqxhrvar.ini C:\WINDOWS\system32\leygvsdn.ini C:\WINDOWS\System32\ravrhxqi.dll C:\WINDOWS\system32\ucbhklvi.dll.vir C:\WINDOWS\system32\ucbhklvi.dllbox C:\WINDOWS\system32\winmgnt.dll.bkup C:\WINDOWS\system32\wkwhlbjs.ini C:\WINDOWS\system32\zdhycgwh.dllbox C:\WINDOWS\system32\ziftvpuq.dll.vir C:\WINDOWS\web\related.htm . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Save C:\Program Files\Save\SaveNowupdate.exe C:\WINDOWS\system32\iqxhrvar.ini C:\WINDOWS\system32\leygvsdn.ini C:\WINDOWS\system32\ucbhklvi.dll.vir C:\WINDOWS\system32\winmgnt.dll.bkup C:\WINDOWS\system32\wkwhlbjs.ini C:\WINDOWS\system32\ziftvpuq.dll.vir C:\WINDOWS\web\related.htm . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_CEL90XBE -------\cel90xbe ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-21 to 2008-02-21 )))))))))))))))))))))))))))))))))))) . 2008-02-21 08:22 . 2008-02-21 08:22 <REP> d-------- C:\WINDOWS\ERUNT 2008-02-21 08:19 . 2008-02-21 08:34 <REP> d-------- C:\SDFix 2008-02-20 08:34 . 2008-02-21 08:55 <REP> d-------- C:\Hijackthis 2008-02-19 13:49 . 2008-02-19 15:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-02-18 12:44 . 2008-02-18 12:44 <REP> d-------- C:\WINDOWS\AU_Temp 2008-02-18 09:03 . 2008-02-18 09:04 36,338,329 --a------ C:\WINDOWS\VPTNFILE.109 2008-02-18 09:03 . 2008-02-18 09:04 36,338,329 --a------ C:\WINDOWS\LPT$VPN.109 2008-02-13 09:19 . 2008-02-13 09:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-02-12 14:49 . 2008-02-12 14:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-12 14:48 . 2008-02-12 14:48 <REP> d-------- C:\Program Files\Yahoo! 2008-02-12 12:26 . 2008-02-12 12:26 <REP> d-------- C:\Program Files\Trend Micro 2008-02-12 08:34 . 2008-02-20 08:38 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-12 08:34 . 2008-02-12 10:20 37,888 --a------ C:\WINDOWS\system32\rar.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-19 12:36 --------- d-----w C:\Program Files\Morgan 2008-02-18 11:44 86,094 ----a-w C:\WINDOWS\BPMNT.dll 2008-02-18 11:44 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll 2008-02-18 08:04 71,749 ----a-w C:\WINDOWS\hcextoutput.dll 2008-02-18 08:04 267,845 ----a-w C:\WINDOWS\tsc.exe 2003-07-31 09:53 147,456 ----a-w C:\WINDOWS\inf\EL2K_XP.sys 2003-07-31 09:50 448,768 ----a-w C:\WINDOWS\inf\EL2K_N64.sys 2003-07-31 09:43 147,456 ----a-w C:\WINDOWS\inf\EL2K_2K.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2003-04-24 13:00 13312] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 16:18 1670144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 15:28 790528] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 08:42 585728] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 20:10 335872] "Norton Ghost 9.0"="C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-08-02 17:36 1122304] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2003-04-24 13:00 13312] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Date Manager.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Date Manager.lnk backup=C:\WINDOWS\pss\Date Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^GStartup.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\GStartup.lnk backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^PrecisionTime.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\PrecisionTime.lnk backup=C:\WINDOWS\pss\PrecisionTime.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Service Manager.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Service Manager.lnk backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^CSDB^Menu Démarrer^Programmes^Démarrage^eMule Plus.lnk] path=C:\Documents and Settings\CSDB\Menu Démarrer\Programmes\Démarrage\eMule Plus.lnk backup=C:\WINDOWS\pss\eMule Plus.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\04188b12] C:\WINDOWS\System32\ravrhxqi.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] --a------ 2004-12-14 02:12 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] --a------ 2004-09-02 22:57 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer] C:\Program Files\Internet Optimizer\optimize.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIA2006] --a------ 2005-11-09 10:35 3063808 C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard] --a------ 2003-02-13 00:01 155648 C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe R0 PQV2i;PQV2i;C:\WINDOWS\System32\drivers\PQV2i.sys [2004-08-02 17:04] R0 PrecSim;PrecSim;C:\WINDOWS\System32\DRIVERS\precsim.sys [2002-04-25 23:00] R1 PQIMount;PQIMount;C:\WINDOWS\System32\drivers\PQIMount.sys [2004-08-02 17:23] R2 imageWARE Service Manager;Canon Service Manager;"C:\Program Files\Canon\iW DM\Program\CanoMgrSrvc.exe" [2005-03-29 14:47] R2 IMSvr;Document Manager FTS Database Access Service;C:\Program Files\Canon\iW DM\Program\IMSvr.exe [2006-01-26 18:13] R2 MSSQL$CANONIWDM;MSSQL$CANONIWDM;C:\Program Files\Microsoft SQL Server\MSSQL$CANONIWDM\Binn\sqlservr.exe [2002-12-17 17:55] R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 16:29] S3 SQLAgent$CANONIWDM;SQLAgent$CANONIWDM;C:\Program Files\Microsoft SQL Server\MSSQL$CANONIWDM\Binn\sqlagent.EXE [2002-12-17 17:23] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-21 10:11:54 Windows 5.1.2600 Service Pack 1 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.1106] -> C:\Program Files\Secure Surfing Engine\sselsp.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\System32\msdtc.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Canon\iW DM\Program\CanoSrvcMgr.exe C:\WINDOWS\System32\ImgVolSrv.exe C:\Program Files\Canon\iW DM\Program\SqlAccSrv.exe C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\WgaTray.exe . ************************************************************************** . Temps d'accomplissement: 2008-02-21 10:13:44 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-21 09:13:41 ComboFix2.txt 2008-02-21 07:51:59 . 2008-02-13 02:01:47 --- E O F --- Ewido ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: Adware.NewDotNet Path: C:\System Volume Information\_restore{9D20D876-772C-4258-8D02-65AD87D98CC9}\RP3\A0000225.EXE Risk: Medium

C'est beaucoup mieux maintenant Un grand merci pour ton aide Angelique Si tu as besoin d'aide dans le domaine du vin, fait moi signe (chacun son truc!) Encore merci Pat Rapport SDFIX : SDFix: Version 1.144 Run by CSDB on 21/02/2008 at 08:24 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services: Name: ntload Path: c:\windows\system32\dllcache\win32\winlogon.exe ntload - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Checking Files: Trojan Files Found: C:\WINDOWS\SYSTEM32\SCHOST.DLL - Deleted C:\WINDOWS\SYSTEM32\WIN32.DLL - Deleted C:\POS24F7.TMP - Deleted C:\WINDOWS\system32\dllcache\win32\cygcrypt-0.dll - Deleted C:\WINDOWS\system32\dllcache\win32\cygwin1.dll - Deleted C:\WINDOWS\system32\dllcache\win32\hide.EXE - Deleted C:\WINDOWS\system32\dllcache\win32\hide.RB0 - Deleted C:\WINDOWS\system32\dllcache\win32\libeay32.dll - Deleted C:\WINDOWS\system32\dllcache\win32\pshut.bat - Deleted C:\WINDOWS\system32\dllcache\win32\psshutdown.exe - Deleted C:\WINDOWS\system32\dllcache\win32\run.bat - Deleted C:\WINDOWS\system32\dllcache\win32\servudaemon.ini - Deleted C:\WINDOWS\system32\dllcache\win32\ServUStartUpLog.txt - Deleted C:\WINDOWS\system32\dllcache\win32\ssleay32.dll - Deleted C:\WINDOWS\system32\dllcache\win32\TzoLibr.dll - Deleted C:\WINDOWS\system32\dllcache\win32\welcome.txt - Deleted C:\WINDOWS\system32\dllcache\win32\winlogon.exe - Deleted C:\WINDOWS\system32\dllcache\win32\xdcc.config - Deleted C:\WINDOWS\system32\NTSpool.exe - Deleted C:\WINDOWS\system32\WinSpooler.exe - Deleted Folder C:\WINDOWS\system32\dllcache\win32 - Removed Removing Temp Files... ADS Check: Final Check: catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-21 08:31:41 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40] scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}] "DisplayName"="Alcohol 120%" scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: Authorized Application Key Export: Remaining Files: File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Thu 25 Apr 2002 8,704 A..H. --- "C:\Program Files\CDRWIN5\burnRPAI.exe" Wed 13 Feb 2008 19,382 ..SH. --- "C:\WINDOWS\system32\ucbhklvi.dllbox" Thu 21 Feb 2008 44,560 ..SH. --- "C:\WINDOWS\system32\zdhycgwh.dllbox" Mon 11 Apr 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Thu 14 Nov 2002 48,640 A..H. --- "C:\sauve\danielle\CMA\~WRL3349.tmp" Tue 7 Jan 2003 124,928 A..H. --- "C:\sauve\eric\mes dossiers\Courriers 3 Pr‚sidents\~WRL1327.tmp" Tue 7 Jan 2003 125,440 A..H. --- "C:\sauve\eric\mes dossiers\Courriers 3 Pr‚sidents\~WRL1444.tmp" Wed 7 Jan 2004 87,040 A..H. --- "C:\sauve\danielle\Mes dossiers\Congres 2004\Nø2 Congres 2004\~WRL0002.tmp" Fri 20 Apr 2001 393,216 A..H. --- "C:\sauve\danielle\Mes dossiers\cotisation\COURRIERS DIVERS COTISATIONS\~WRL3530.tmp" Thu 8 Jan 2004 166,400 A..H. --- "C:\sauve\danielle\Mes dossiers\Congres 2004\Nø2 Congres 2004\Exposants\~WRL1429.tmp" Wed 28 May 2003 35,328 A..H. --- "C:\sauve\eric\mes dossiers\drfalsace\drfalsace\CAPEB r‚gion\67\~WRL3670.tmp" Fri 21 Feb 2003 90,624 A..H. --- "C:\sauve\eric\mes dossiers\corporations\corporations\peintre\Corpo Peintres\Entse MUllER\~WRL0493.tmp" Fri 21 Feb 2003 89,600 A..H. --- "C:\sauve\eric\mes dossiers\corporations\corporations\peintre\Corpo Peintres\Entse MUllER\~WRL2188.tmp" Finished! Rapport combofix: ComboFix 08-02-20.2 - CSDB 2008-02-21 8:36:50.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.675 [GMT 1:00] Endroit: C:\Documents and Settings\CSDB\Bureau\Combo-Fix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\System32\pmnlk.dll C:\WINDOWS\system32\zdhycgwh.dll C:\Program Files\internet optimizer C:\Program Files\newdotnet C:\Program Files\newdotnet\nncore.dll C:\WINDOWS\cookies.ini C:\WINDOWS\NDNuninstall6_38.exe C:\WINDOWS\NDNuninstall7_22.exe C:\WINDOWS\NDNuninstall7_44.exe C:\WINDOWS\NDNuninstall7_48.exe C:\WINDOWS\system32\_000007_.tmp.dll C:\WINDOWS\system32\cgkjqosc.dll C:\WINDOWS\system32\cjeftmkt.dll C:\WINDOWS\system32\cptekwjs.dll C:\WINDOWS\system32\cqxuquxc.ini C:\WINDOWS\system32\ctwpeolm.ini C:\WINDOWS\system32\dbqxtfot.dll C:\WINDOWS\system32\dhojllpo.ini C:\WINDOWS\system32\eyffdbei.dll C:\WINDOWS\system32\fboihugi.dll C:\WINDOWS\system32\fxojtgol.dll C:\WINDOWS\system32\hggfecb.dll C:\WINDOWS\system32\iagxhwvk.ini C:\WINDOWS\system32\iaunepva.dll C:\WINDOWS\system32\ifyydaht.ini C:\WINDOWS\system32\iguhiobf.ini C:\WINDOWS\system32\iradvqrb.ini C:\WINDOWS\system32\jloysypg.dll C:\WINDOWS\system32\klkkj.ini C:\WINDOWS\system32\klkkj.ini2 C:\WINDOWS\system32\klnmp.ini C:\WINDOWS\system32\klnmp.ini2 C:\WINDOWS\system32\kvwhxgai.dll C:\WINDOWS\system32\mloepwtc.dll C:\WINDOWS\system32\pmjmjwns.dll C:\WINDOWS\system32\pmnlk.dll C:\WINDOWS\system32\qqstv.ini C:\WINDOWS\system32\qqstv.ini2 C:\WINDOWS\system32\rcmxsbed.ini C:\WINDOWS\system32\spoolvc.dll C:\WINDOWS\system32\thadyyfi.dll C:\WINDOWS\system32\tmlklwvo.dll C:\WINDOWS\system32\toftxqbd.ini C:\WINDOWS\system32\ttstv.ini C:\WINDOWS\system32\ttstv.ini2 C:\WINDOWS\system32\ucbhklvi.dllbox C:\WINDOWS\system32\uigseqrc.ini C:\WINDOWS\system32\uoiyisdm.dll C:\WINDOWS\system32\vidbbaow.ini C:\WINDOWS\system32\windows C:\WINDOWS\system32\winmgnt.dll C:\WINDOWS\system32\wjfticsh.dll C:\WINDOWS\system32\xxbqvkmh.dll C:\WINDOWS\system32\yxrcbyhd.dll C:\WINDOWS\system32\zdhycgwh.dll C:\WINDOWS\system32\zdhycgwh.dllbox . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_NNSERV -------\NNServ ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-21 to 2008-02-21 )))))))))))))))))))))))))))))))))))) . 2008-02-21 08:22 . 2008-02-21 08:22 <REP> d-------- C:\WINDOWS\ERUNT 2008-02-21 08:19 . 2008-02-21 08:34 <REP> d-------- C:\SDFix 2008-02-20 08:34 . 2008-02-21 08:16 <REP> d-------- C:\Hijackthis 2008-02-19 15:30 . 2007-02-19 16:16 1,238,179 ---hs---- C:\WINDOWS\system32\leygvsdn.ini 2008-02-19 13:49 . 2008-02-19 15:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-02-18 12:44 . 2008-02-18 12:44 <REP> d-------- C:\WINDOWS\AU_Temp 2008-02-18 09:03 . 2008-02-18 09:04 36,338,329 --a------ C:\WINDOWS\VPTNFILE.109 2008-02-18 09:03 . 2008-02-18 09:04 36,338,329 --a------ C:\WINDOWS\LPT$VPN.109 2008-02-14 13:44 . 2008-02-14 13:44 294 ---hs---- C:\WINDOWS\system32\wkwhlbjs.ini 2008-02-13 10:34 . 2008-02-13 13:38 354 ---hs---- C:\WINDOWS\system32\iqxhrvar.ini 2008-02-13 10:31 . 2008-02-13 10:31 163,904 --a------ C:\WINDOWS\system32\ucbhklvi.dll.vir 2008-02-13 09:19 . 2008-02-13 09:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-02-12 14:49 . 2008-02-12 14:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-12 14:48 . 2008-02-12 14:48 <REP> d-------- C:\Program Files\Yahoo! 2008-02-12 14:06 . 2008-02-12 14:06 163,904 --a------ C:\WINDOWS\system32\ziftvpuq.dll.vir 2008-02-12 12:26 . 2008-02-12 12:26 <REP> d-------- C:\Program Files\Trend Micro 2008-02-12 10:58 . 2008-02-12 10:58 53 --a------ C:\WINDOWS\system32\winmgnt.dll.bkup 2008-02-12 08:34 . 2008-02-20 08:38 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-12 08:34 . 2008-02-12 10:20 37,888 --a------ C:\WINDOWS\system32\rar.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-19 12:37 --------- d-----w C:\Program Files\Save 2008-02-19 12:36 --------- d-----w C:\Program Files\Morgan 2008-02-18 11:44 86,094 ----a-w C:\WINDOWS\BPMNT.dll 2008-02-18 11:44 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll 2008-02-18 08:04 71,749 ----a-w C:\WINDOWS\hcextoutput.dll 2008-02-18 08:04 267,845 ----a-w C:\WINDOWS\tsc.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8}] C:\WINDOWS\nem220.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2450411B-97DB-4595-865B-E23B0D6273A5}] C:\WINDOWS\System32\vtstt.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30192F8D-0958-44E6-B54D-331FD39AC959}] C:\WINDOWS\Downloaded Program Files\webdlg32.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587d47c7-deca-4e55-a849-ec54a608192c}] C:\WINDOWS\System32\taapcrei.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8993F53C-4EF5-4B37-9DBD-E5DD7684709C}] C:\WINDOWS\System32\vtsqq.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FEDA48D9-F52E-4469-B97F-8F36EB3CB317}] C:\WINDOWS\System32\jkklk.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2003-04-24 13:00 13312] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 16:18 1670144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 15:28 790528] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 08:42 585728] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 20:10 335872] "Norton Ghost 9.0"="C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-08-02 17:36 1122304] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2003-04-24 13:00 13312] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Date Manager.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Date Manager.lnk backup=C:\WINDOWS\pss\Date Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^GStartup.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\GStartup.lnk backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^PrecisionTime.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\PrecisionTime.lnk backup=C:\WINDOWS\pss\PrecisionTime.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Service Manager.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Service Manager.lnk backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^CSDB^Menu Démarrer^Programmes^Démarrage^eMule Plus.lnk] path=C:\Documents and Settings\CSDB\Menu Démarrer\Programmes\Démarrage\eMule Plus.lnk backup=C:\WINDOWS\pss\eMule Plus.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\04188b12] C:\WINDOWS\System32\ravrhxqi.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] --a------ 2004-12-14 02:12 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] --a------ 2004-09-02 22:57 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer] C:\Program Files\Internet Optimizer\optimize.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup] C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIA2006] --a------ 2005-11-09 10:35 3063808 C:\Program Files\Steganos Internet Anonym 2006\SIA2006.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard] --a------ 2003-02-13 00:01 155648 C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave] C:\Program Files\Save\Save.exe R0 PQV2i;PQV2i;C:\WINDOWS\System32\drivers\PQV2i.sys [2004-08-02 17:04] R0 PrecSim;PrecSim;C:\WINDOWS\System32\DRIVERS\precsim.sys [2002-04-25 23:00] R1 PQIMount;PQIMount;C:\WINDOWS\System32\drivers\PQIMount.sys [2004-08-02 17:23] R2 imageWARE Service Manager;Canon Service Manager;"C:\Program Files\Canon\iW DM\Program\CanoMgrSrvc.exe" [2005-03-29 14:47] R2 IMSvr;Document Manager FTS Database Access Service;C:\Program Files\Canon\iW DM\Program\IMSvr.exe [2006-01-26 18:13] R2 MSSQL$CANONIWDM;MSSQL$CANONIWDM;C:\Program Files\Microsoft SQL Server\MSSQL$CANONIWDM\Binn\sqlservr.exe [2002-12-17 17:55] R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 16:29] S3 cel90xbe;cel90xbe;C:\DOCUME~1\CSDB\LOCALS~1\Temp\cel90xbe.sys [] S3 SQLAgent$CANONIWDM;SQLAgent$CANONIWDM;C:\Program Files\Microsoft SQL Server\MSSQL$CANONIWDM\Binn\sqlagent.EXE [2002-12-17 17:23] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-21 08:50:28 Windows 5.1.2600 Service Pack 1 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.1106] -> C:\Program Files\Secure Surfing Engine\sselsp.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\System32\msdtc.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Canon\iW DM\Program\CanoSrvcMgr.exe C:\WINDOWS\System32\ImgVolSrv.exe C:\Program Files\Canon\iW DM\Program\SqlAccSrv.exe C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\WgaTray.exe C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe . ************************************************************************** . Temps d'accomplissement: 2008-02-21 8:51:58 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-21 07:51:55 . 2008-02-13 02:01:47 --- E O F ---

Merci pour les tuyaux, je m'y mets dès demain matin (PC Bureau) Pat

Help please Je fait surtout remonter Pat

Mon serveur est méchamment infecté - lenteur, croix rouge sur le disque - fichiers TMP sur la racine et dans Mes Documents Pas moyen d'éradiquer ce satané virus 2 jours de perdu J'ai donc suivi la procédure : Pré-Nettoyage d'un PC infecté, procédure pré-HijackThis Voilà mon rapport HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 08:39:41, on 20/02/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Canon\iW DM\Program\CanoMgrSrvc.exe C:\Program Files\Canon\iW DM\Program\CanoSrvcMgr.exe C:\Program Files\Canon\iW DM\Program\IMSvr.exe C:\Program Files\Microsoft SQL Server\MSSQL$CANONIWDM\Binn\sqlservr.exe C:\WINDOWS\System32\ImgVolSrv.exe C:\Program Files\Canon\iW DM\Program\SqlAccSrv.exe C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\WgaTray.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\WINDOWS\System32\wuauclt.exe C:\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - _{30192F8D-0958-44E6-B54D-331FD39AC959} - (no file) R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\Downloaded Program Files\webdlg32.dll (file missing) O3 - Toolbar: Steganos Internet Anonyme - {00000000-5736-4205-0008-f7ed0776fb27} - c:\program files\steganos internet anonym 2006\sia2006iep.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe O4 - HKLM\..\Run: [04188b12] rundll32.exe "C:\WINDOWS\System32\debsxmcr.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971C...bridge-c283.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4312C4B0-2004-4B23-95B3-46049FC3935A}: NameServer = 80.10.246.2,80.10.246.129 O17 - HKLM\System\CS1\Services\Tcpip\..\{4312C4B0-2004-4B23-95B3-46049FC3935A}: NameServer = 80.10.246.2,80.10.246.129 O17 - HKLM\System\CS2\Services\Tcpip\..\{4312C4B0-2004-4B23-95B3-46049FC3935A}: NameServer = 80.10.246.2,80.10.246.129 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: Canon Service Manager (imageWARE Service Manager) - Unknown owner - C:\Program Files\Canon\iW DM\Program\CanoMgrSrvc.exe O23 - Service: Document Manager FTS Database Access Service (IMSvr) - CANON INC. - C:\Program Files\Canon\iW DM\Program\IMSvr.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe" "C:\Program Files\NewDotNet\nncore.dll" ServiceStart (file missing) O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: NTLOAD - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe Merci d'avance... Pat