mimo32

Bonsoir a tous, J'ai un rapport HJT qui aurait peut etre besoin de menage, et un scan en ligne kaspersky qui m'a trouve qq infections Si quelqu'un peut me donner un petit coup de patte... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:28:04, on 20/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\TODDSrv.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe (file missing) O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 6611 bytes *KASPERSKY ONLINE SCANNER REPORT* Wednesday, February 20, 2008 10:53:53 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 20/02/2008 Kaspersky Anti-Virus database records: 573775 *Scan Settings* Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true *Scan Target* My Computer C:\ D:\ *Scan Statistics* Total number of scanned objects 55125 Number of viruses found 1 Number of infected objects 2 Number of suspicious objects 0 Duration of the scan process 01:24:40 *Infected Object Name* *Virus Name* *Last Action* C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\gabriel midon\Application Data\BitDefender\Desktop\Profiles\asdict.dat Object is locked skipped C:\Documents and Settings\gabriel midon\Application Data\Mozilla\Firefox\Profiles\kxu918iv.default\cert8.db Object is locked skipped C:\Documents and Settings\gabriel midon\Application Data\Mozilla\Firefox\Profiles\kxu918iv.default\formhistory.dat Object is locked skipped C:\Documents and Settings\gabriel midon\Application Data\Mozilla\Firefox\Profiles\kxu918iv.default\history.dat Object is locked skipped C:\Documents and Settings\gabriel midon\Application Data\Mozilla\Firefox\Profiles\kxu918iv.default\key3.db Object is locked skipped C:\Documents and Settings\gabriel midon\Application Data\Mozilla\Firefox\Profiles\kxu918iv.default\parent.lock Object is locked skipped C:\Documents and Settings\gabriel midon\Application Data\Mozilla\Firefox\Profiles\kxu918iv.default\search.sqlite Object is locked skipped C:\Documents and Settings\gabriel midon\Application Data\Mozilla\Firefox\Profiles\kxu918iv.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\gabriel midon\Cookies\index.dat Object is locked skipped C:\Documents and Settings\gabriel midon\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\gabriel midon\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\gabriel midon\Local Settings\Application Data\Mozilla\Firefox\Profiles\kxu918iv.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\gabriel midon\Local Settings\Application Data\Mozilla\Firefox\Profiles\kxu918iv.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\gabriel midon\Local Settings\Application Data\Mozilla\Firefox\Profiles\kxu918iv.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\gabriel midon\Local Settings\Application Data\Mozilla\Firefox\Profiles\kxu918iv.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\gabriel midon\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\gabriel midon\Local Settings\Historique\History.IE5\MSHist012008022020080221\index.dat Object is locked skipped C:\Documents and Settings\gabriel midon\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\gabriel midon\NTUSER.DAT Object is locked skipped C:\Documents and Settings\gabriel midon\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9391\aspdict.dat Object is locked skipped C:\Program Files\BitDefender\BitDefender 2008\dbokf.db Object is locked skipped C:\Program Files\BitDefender\BitDefender 2008\dbokf.db-journal Object is locked skipped C:\System Volume Information\_restore{87174C72-8EDC-44CE-8AE8-F00B847F8A78}\RP29\A0002321.exe/Gain_Trickler.exe Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped C:\System Volume Information\_restore{87174C72-8EDC-44CE-8AE8-F00B847F8A78}\RP29\A0002321.exe Vise: infected - 1 skipped C:\System Volume Information\_restore{87174C72-8EDC-44CE-8AE8-F00B847F8A78}\RP44\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{8B2EE5B0-C7E3-4411-98D8-B1C6F188CDE6}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped C:\WINDOWS\system32\config\OSession.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\tmp00004e10\tmp00000000 Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped *Scan process completed.*

Alors voila ce que me donne le rapport du scan en ligne kaspersky *KASPERSKY ONLINE SCANNER REPORT* Wednesday, February 20, 2008 10:53:53 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 20/02/2008 Kaspersky Anti-Virus database records: 573775 *Scan Settings* Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true *Scan Target* My Computer C:\ D:\ *Scan Statistics* Total number of scanned objects 55125 Number of viruses found 1 Number of infected objects 2 Number of suspicious objects 0 Duration of the scan process 01:24:40 *Infected Object Name* *Virus Name* *Last Action* C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\gabriel midon\Application Data\BitDefender\Desktop\Profiles\asdict.dat Object is locked skipped C:\Documents and Settings\gabriel midon\Application Data\Mozilla\Firefox\Profiles\kxu918iv.default\cert8.db Object is locked skipped C:\Documents and Settings\gabriel midon\Application Data\Mozilla\Firefox\Profiles\kxu918iv.default\formhistory.dat Object is locked skipped C:\Documents and Settings\gabriel midon\Application Data\Mozilla\Firefox\Profiles\kxu918iv.default\history.dat Object is locked skipped C:\Documents and Settings\gabriel midon\Application Data\Mozilla\Firefox\Profiles\kxu918iv.default\key3.db Object is locked skipped C:\Documents and Settings\gabriel midon\Application Data\Mozilla\Firefox\Profiles\kxu918iv.default\parent.lock Object is locked skipped C:\Documents and Settings\gabriel midon\Application Data\Mozilla\Firefox\Profiles\kxu918iv.default\search.sqlite Object is locked skipped C:\Documents and Settings\gabriel midon\Application Data\Mozilla\Firefox\Profiles\kxu918iv.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\gabriel midon\Cookies\index.dat Object is locked skipped C:\Documents and Settings\gabriel midon\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\gabriel midon\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\gabriel midon\Local Settings\Application Data\Mozilla\Firefox\Profiles\kxu918iv.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\gabriel midon\Local Settings\Application Data\Mozilla\Firefox\Profiles\kxu918iv.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\gabriel midon\Local Settings\Application Data\Mozilla\Firefox\Profiles\kxu918iv.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\gabriel midon\Local Settings\Application Data\Mozilla\Firefox\Profiles\kxu918iv.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\gabriel midon\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\gabriel midon\Local Settings\Historique\History.IE5\MSHist012008022020080221\index.dat Object is locked skipped C:\Documents and Settings\gabriel midon\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\gabriel midon\NTUSER.DAT Object is locked skipped C:\Documents and Settings\gabriel midon\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9391\aspdict.dat Object is locked skipped C:\Program Files\BitDefender\BitDefender 2008\dbokf.db Object is locked skipped C:\Program Files\BitDefender\BitDefender 2008\dbokf.db-journal Object is locked skipped C:\System Volume Information\_restore{87174C72-8EDC-44CE-8AE8-F00B847F8A78}\RP29\A0002321.exe/Gain_Trickler.exe Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped C:\System Volume Information\_restore{87174C72-8EDC-44CE-8AE8-F00B847F8A78}\RP29\A0002321.exe Vise: infected - 1 skipped C:\System Volume Information\_restore{87174C72-8EDC-44CE-8AE8-F00B847F8A78}\RP44\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{8B2EE5B0-C7E3-4411-98D8-B1C6F188CDE6}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped C:\WINDOWS\system32\config\OSession.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\tmp00004e10\tmp00000000 Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped *Scan process completed.*

Merci de ton aide pear voici mon rapport HJT ( AVG AS n'a pas trouvé l'ad aware gator que bit defender avait trouvé sans pouvoir l'eliminer) :P Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:28:04, on 20/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\TODDSrv.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe (file missing) O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 6611 bytes

merci robert, mais ça n'a pas marché, spybot ne l'a pas trouvé et en mode sans echec c'est impossible de lancer spybot et bit defender peut etre en supprimant un ou plusieurs point de restauration???? mais je ne sais pas comment faire...

Bonjour a tous, mon portable a attrapé un "ad aware gator" sur un point de restauration du systeme et bit defender n'arrive pas le traiter si qq peut m'aider... merci