papydani

Bonjour, Merci beaucoup pour votre aide. Concernant Google, j'ai simplement désinstallé Google Desktop et tout est rentré dans l’ordre. Encore merci, et bonne journée.

Bonsoir, Voici les rapports AdwCleaner et Mbam (Une précision les fenêtres sécurité s'ouvrent à chaque fois que je lance un programme, ou qu’un service se lance, par exemple du démarre de l'ordi jusqu'a l'ouverture du bureau, cette fenêtre s'ouvre sans arrêt toujours avec le même message.) Merci Rapport 1 # AdwCleaner v1.402 - Rapport créé le 13/12/2011 à 18:34:28 # Mis à jour le 11/12/11 à 19h par Xplode # Système d'exploitation : Windows Vista Home Basic Service Pack 2 (32 bits) # Nom d'utilisateur : admin - PC-DE-ADMIN (Administrateur) # Exécuté depuis : C:\Users\admin\Downloads\adwcleaner.exe # Option [Recherche] ***** [services] ***** ***** [Fichiers / Dossiers] ***** Dossier Présent : C:\ProgramData\SweetIM Dossier Présent : C:\Users\admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} Dossier Présent : C:\Program Files\Babylon Dossier Présent : C:\Program Files\myBabylon_English Dossier Présent : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ueaepc3c.default\SweetIMToolbarData ***** [Registre] ***** [*] Clé Présente : HKLM\SOFTWARE\Classes\Toolbar3.XBTBPos00 [*] Clé Présente : HKLM\SOFTWARE\Classes\Toolbar3.XBTBPos00.1 Clé Présente : HKLM\SOFTWARE\Software Clé Présente : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils Clé Présente : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator Clé Présente : HKLM\SOFTWARE\Classes\sim-packages Clé Présente : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook Clé Présente : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1 Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} Clé Présente : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4 Clé Présente : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 Clé Présente : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212 Clé Présente : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} Clé Présente : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} Clé Présente : HKLM\SOFTWARE\Classes\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A} Clé Présente : HKLM\SOFTWARE\Classes\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF} Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3} Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1} Valeur Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] Valeur Présente : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}] Valeur Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] ***** [Navigateurs] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Le registre ne contient aucune entrée illégitime. -\\ Mozilla Firefox v8.0.1 (fr) Profil : ueaepc3c.default Fichier : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ueaepc3c.default\prefs.js [OK] Le fichier ne contient aucune entrée illégitime. ************************* AdwCleaner[R1].txt - [3385 octets] - [13/12/2011 18:34:28] ########## EOF - C:\AdwCleaner[R1].txt - [3513 octets] ########## Rapport 2 # AdwCleaner v1.402 - Rapport créé le 13/12/2011 à 18:39:13 # Mis à jour le 11/12/11 à 19h par Xplode # Système d'exploitation : Windows Vista Home Basic Service Pack 2 (32 bits) # Nom d'utilisateur : admin - PC-DE-ADMIN (Administrateur) # Exécuté depuis : C:\Users\admin\Downloads\adwcleaner.exe # Option [suppression] ***** [services] ***** ***** [Fichiers / Dossiers] ***** Dossier Supprimé : C:\ProgramData\SweetIM Dossier Supprimé : C:\Users\admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} Dossier Supprimé : C:\Program Files\Babylon Dossier Supprimé : C:\Program Files\myBabylon_English Dossier Supprimé : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ueaepc3c.default\SweetIMToolbarData ***** [Registre] ***** [*] Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.XBTBPos00 [*] Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.XBTBPos00.1 Clé Supprimée : HKLM\SOFTWARE\Software Clé Supprimée : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils Clé Supprimée : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator Clé Supprimée : HKLM\SOFTWARE\Classes\sim-packages Clé Supprimée : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook Clé Supprimée : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1 Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} Clé Supprimée : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4 Clé Supprimée : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 Clé Supprimée : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212 Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF} Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1} Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}] Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] ***** [Navigateurs] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Le registre ne contient aucune entrée illégitime. -\\ Mozilla Firefox v8.0.1 (fr) Profil : ueaepc3c.default Fichier : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ueaepc3c.default\prefs.js [OK] Le fichier ne contient aucune entrée illégitime. ************************* AdwCleaner[R1].txt - [3514 octets] - [13/12/2011 18:34:28] AdwCleaner[s1].txt - [3476 octets] - [13/12/2011 18:39:13] ************************* Dossier Temporaire : 129 dossier(s)et 30 fichier(s) supprimés ########## EOF - C:\AdwCleaner[s1].txt - [3698 octets] ########## Rapport 3 Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Version de la base de données: 8365 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 13/12/2011 20:41:11 mbam-log-2011-12-13 (20-41-11).txt Type d'examen: Examen complet (C:\|E:\|) Elément(s) analysé(s): 363794 Temps écoulé: 1 heure(s), 33 minute(s), 35 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

Bonsoir, J'ai désinstallé Ad-aware et j'ai enlevé Hijackthis. et voici le lien pour le rapport ZhpDiag Lien CJoint.com 3Lmr0SHfY25 Merci

Bonjour à tous, j'ai récupéré l'ordinateur portable de ma fille, qui été infecté par un trojan "Bundespolizei" j'ai réussi à détruire ce trojan, mais il y a une fenêtre sécurité qui s'ouvre sans arrêt "C:\Progra~1~\google\google~2\GEOC62~1.dll n'est pas conçu pour s’exécuter sous Windows ou il contient une erreur. Installez à nouveau le programme à l'aide du support d'installation d'origine ou bien contactez votre administrateur système ou le fournisseur du logiciel pour obtenir du support." et je n'arrive pas à le nettoyer. Merci de bien vouloir m'aider. Voici mon fichier HijackThis. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:52:59, on 12/12/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\WTablet\Pen_TabletUser.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\RtHDVCpl.exe C:\Program Files\QuickTime\qttask.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\igfxtray.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Hotmail, Messenger, Actualité, Sport, People, Femmes - MSN France R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Hotmail, Messenger, Actualité, Sport, People, Femmes - MSN France R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Productivity 2.2 - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - (no file) O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: (no name) - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - (no file) O3 - Toolbar: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file) O3 - Toolbar: (no name) - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - (no file) O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [WinCast] F:\CDSetup\setup.exe -lfra O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [EPSON Stylus DX6000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\Windows\TEMP\E_SE726.tmp" /EF "HKCU" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user') O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O8 - Extra context menu item: Rechercher sur le Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - eBay - Achetez et vendez vos objets neufs ou d'occasion. Enchères, prix fixe, petites annonces - Et vous, vous achetez comment ? (file missing) O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - Amazon.fr : livres, DVD, jeux vidéo, CD, lecteurs MP3, ordinateurs, appareils photo, logiciels et plus encore ! (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} (PhotoboxPhotowaysUploader5 Control) - http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100316145115 O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://express.foto.com/ImageUploader5.cab O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} (Stm Class) - https://mpsnare.iesnare.com/StmOCX.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - Page temporarily unavailable O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - file:///C:/Users/admin/AppData/Local/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v6.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldfr-fr.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{64706E86-B67C-4CA2-9C0A-DA8A5350A704}: NameServer = 192.168.1.1 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (BthServ) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @C:\Program Files\NOS\bin\getPlus_Helper.dll,-101 (getPlusHelper) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\TVServer\HAUPPA~1.EXE O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: hpqcxs08 - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Service HP CUE DeviceDiscovery (hpqddsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: HP Network Devices Support (HPSLPSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Net Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 27347 bytes

Bonjour Apollo, Il semble que tout soit rentré dans l'ordre. Merci beaucoup pour ton aide. A bientôt.http://forum.zebulon.fr/public/style_emoticons/default/icon_Super.gif

Bonsoir, Effectivement l'ordi va beaucoup mieux, merci. J'ai scanné l'ordi avec Eset online scanner, aucun virus n'a été trouvé. Je n'ai pas eu de fichier log eset. Merci beaucoup @+

Bonsoir, J'ai fait les manips que tu m'a indiqué, voici le rapport de mbam Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Version de la base de données: 6717 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 29/05/2011 23:20:41 mbam-log-2011-05-29 (23-20-41).txt Type d'examen: Examen complet (C:\|E:\|) Elément(s) analysé(s): 196404 Temps écoulé: 1 heure(s), 29 minute(s), 53 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 176 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\0cfa4087_d9eecb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\0ecae716_9615cc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\1016b530_4112cc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\109450e4_1cb0cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\10efa6c7_6fffcb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\12558dfe_5fe9cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\14aab16f_03f5cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\14b6a9d8_9d10cc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\1651deb7_1f0bcc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\1685debf_3ddecb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\16bba2d3_0b07cc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\1a14708f_0af5cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\1ca755a9_2db6cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\1e723a13_80b1cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\203f2d63_b0eccb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\22432379_05eacb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\7ef5abb5_8c1bcc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\82861289_1ef9cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\8318a1dc_cfebcb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\84d08b88_0ceacb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\86f37111_73aecb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\885f14f2_f1bbcb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\8c5b0b22_f6b3cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\904743c0_bdadcb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\9283664d_94b1cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\3e14e725_ca08cc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\406b93d2_f6accb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\40efd14d_c2f3cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\4442aa2d_9fcbcb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\4a517e1f_4ed7cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\4cacaa02_f113cc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\4cadd419_a009cc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\5cbe31ed_adfacb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\5e571563_f1cccb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\606090b7_b1b8cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\6061d2f8_35e3cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\62bab7f5_2100cc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\643d511d_be04cc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\648a818a_9402cc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\66c0f027_77fecb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\6cf8791f_8bfecb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\6d23dd18_42e6cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\b6e81ae8_d9f2cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\bec17632_8ff7cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\c44c6d5f_f004cc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\c4a0786c_edbecb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\c4ce5151_5902cc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\c4eb8610_7bb1cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\ca14230a_2cffcb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\cac0417e_34f4cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\cc6d2717_8af3cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\ce2796ad_0b01cc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\e4f95d2f_f8f1cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\e6055993_1404cc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\e83c1ee6_eceecb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\ec7fc23a_1dd1cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\ecfa6c7e_7805cc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\ee4304fc_63e2cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\f0902b41_64fecb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\f2072f3e_c9e8cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\f2ad2edc_3d1ccc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\f4776a97_cdb0cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\f49798d8_79fccb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\f4c6387a_acd1cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\f6057ac3_e4f5cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\f8d73760_a0e8cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\f8f40d4d_ce1bcc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\fba42329_410ecc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\fcd0d6d8_8f02cc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\226c659a_390bcc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\26f2eecc_65b2cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\2830d1c4_5bdecb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\2a89e9ff_da05cc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\2c503ab5_83edcb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\2cae2c5e_57dacb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\2cee1bbc_8d1bcc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\2e6394dc_19b7cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\2e8c98c1_1b1bcc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\32515025_6fcfcb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\32e27c4f_3616cc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\34f4380a_4cc4cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\36405ce6_3adfcb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\36d782d7_b80ccc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\3a8b7bd4_8cf4cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\3ccf97f5_e0d1cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\6ed418b9_8cfacb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\7eebea83_b1adcb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\92e4c98d_11d0cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\b529718e_21b3cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\d04e9f00_1ed8cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\e43e04e4_34d4cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\71bd26ca_89cbcb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\7606341b_c708cc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\76aff630_b4f9cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\78779aea_d1ebcb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\7886bfca_14c2cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\7a72fa58_26eacb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\7c434576_7eb1cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\7c43e7ff_2db3cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\7ebfef42_c7ebcb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\d0f39b8f_04fdcb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\d492d424_4ff1cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\d4b48292_7afbcb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\d66bc218_ea1bcc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\d6b8b1bb_58f1cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\d6bfd160_eefdcb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\d858b4f4_7fe2cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\da89d095_4ec4cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\dcc2dfb1_18c6cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\de1de6bf_1016cc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\96402615_f2b0cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\9a591c49_5f06cc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\9c76d9e5_bc1bcc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\9efea5e8_e01bcc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\a052a96b_2d16cc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\a25428b4_c0fdcb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\a601f6f7_89efcb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\a627a264_10fdcb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\a629b61d_add2cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\a842c139_b21ccc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\ae870c07_231bcc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\b0d32295_72fccb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\b2859d66_bdf2cb01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\miph\local settings\application data\assembly\dl3\VPPJZHTC.GOH\9NNCEL5M.4MM\d6530632\b2932418_aa05cc01\networker.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP243\A0076447.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP243\A0076454.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP243\A0076461.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP243\A0076484.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP243\A0076491.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP243\A0076500.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP243\A0076507.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP244\A0076515.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP244\A0076522.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP244\A0076529.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP244\A0076536.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP244\A0076543.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP244\A0076550.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP244\A0076559.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP245\A0076761.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP245\A0076785.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP245\A0076794.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP245\A0076805.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP247\A0076829.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP247\A0076865.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP247\A0076888.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP247\A0076896.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP247\A0076904.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP247\A0076912.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP247\A0076880.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP247\A0076920.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP247\A0076928.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP248\A0076962.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP248\A0076970.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP248\A0076977.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP248\A0077002.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP248\A0077109.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP248\A0077117.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP248\A0077141.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP248\A0077152.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP248\A0077273.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP248\A0077296.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP248\A0077324.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP249\A0077380.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP250\A0077747.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP251\A0078063.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP259\A0080102.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP263\A0088100.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP264\A0088680.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP264\A0089679.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP264\A0089686.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP267\A0090041.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP270\A0093047.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP273\A0093131.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP273\A0093143.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP274\A0093174.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{fcb0659d-fed4-422b-9e95-e71880b11424}\RP274\A0093181.exe (Trojan.Agent) -> Quarantined and deleted successfully. --- Merci beaucoup @+

bonjour Apollo, Merci de bien vouloir t'occuper de mon souci. Je crois que j'ai été plus vite que la musique, aprés avoir scanné et nettoyé avec Ad-Remover, j'ai désinstallé le logiciel avant d'envoyer les rapports qui se sont supprimés. J'ai réinstalle Ad-Remover et voici les rapports qui n'ont plus rien a voir avec les premiers surtout le rapport scan qui faisait un peu plus de 4 mo ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 13:59:27 le 28/05/2011, Mode normal Microsoft Windows XP Professionnel Service Pack 3 (X86) miph@JEUX-9B36EA67D5 ( ) ============== RECHERCHE ============== ============== SCAN ADDITIONNEL ============== **** Internet Explorer Version [8.0.6001.18702] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://google.fr/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKLM_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}) HKCU_Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (x) HKLM_ElevationPolicy\{4536918A-95A8-498F-B542-CB906C561A43} - C:\Program Files\Google\Update\GoogleUpdate.exe (x) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (?) BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s) C:\Program Files\Ad-Remover\Backup: 0 Fichier(s) C:\Ad-Report-SCAN[1].txt - 28/05/2011 13:59:33 (1519 Octet(s)) Fin à: 14:00:05, 28/05/2011 ============== E.O.F ============== ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 14:02:51 le 28/05/2011, Mode normal Microsoft Windows XP Professionnel Service Pack 3 (X86) miph@JEUX-9B36EA67D5 ( ) ============== ACTION(S) ============== (!) -- Fichiers temporaires supprimés. ============== SCAN ADDITIONNEL ============== **** Internet Explorer Version [8.0.6001.18702] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKLM_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}) HKCU_Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (x) HKLM_ElevationPolicy\{4536918A-95A8-498F-B542-CB906C561A43} - C:\Program Files\Google\Update\GoogleUpdate.exe (x) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (?) BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s) C:\Program Files\Ad-Remover\Backup: 14 Fichier(s) C:\Ad-Report-CLEAN[1].txt - 28/05/2011 14:02:55 (481 Octet(s)) C:\Ad-Report-SCAN[1].txt - 28/05/2011 13:59:33 (2074 Octet(s)) Fin à: 14:03:31, 28/05/2011 ============== E.O.F ============== Merci beaucoup @+

Bonjour à tous, J'ai quelques soucis avec des fenêtres publicitaires qui s'ouvrent intempestivement, ou qui m'ouvrent internet explorer alors que je ne me suis pas connecté. Quelqu'un pourrai t il m'aider à résoudre ce problème. Merci beaucoup voici le rapport hijackThis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:16:33, on 27/05/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\BackupIP\service.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Installer\lnetworker.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [installer] C:\Program Files\Installer\lnetworker.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Backup IP Network (sdmBackupIP) - Unknown owner - C:\WINDOWS\BackupIP\service.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 7026 bytes

J'ai effectué les dernieres recommandations. Plus de fenêtres intempestives CID ? Le PC se comporte merveilleusement bien grace à ton aide qui m'a été trés précieuse. Je te remercie beaucoup.

RAPPORT KASPERSKY ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Tuesday, March 04, 2008 1:34:34 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 4/03/2008 Kaspersky Anti-Virus database records: 595210 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ Scan Statistics: Total number of scanned objects: 93134 Number of viruses found: 5 Number of infected objects: 50 Number of suspicious objects: 0 Duration of the scan process: 02:00:00 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-03012008-233522.log Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_888.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\serge esteban\Cookies\index.dat Object is locked skipped C:\Documents and Settings\serge esteban\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\serge esteban\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\serge esteban\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{0D2E5FA7-0AED-48E0-A0E6-65B2EF178397} Object is locked skipped C:\Documents and Settings\serge esteban\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\serge esteban\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\serge esteban\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\serge esteban\ntuser.dat Object is locked skipped C:\Documents and Settings\serge esteban\ntuser.dat.LOG Object is locked skipped C:\OEMCUST\TOOLS\WIN32\PSKILL.EXE Infected: not-a-virus:NetTool.Win32.PsKill.a skipped C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_387.trc Object is locked skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP587\A0435075.exe Infected: Trojan.Win32.Inject.sq skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501318.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501323.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501328.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501338.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501358.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501362.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501365.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501369.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501375.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501380.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501387.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501391.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501393.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501394.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501402.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501403.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501417.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501419.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501425.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501430.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501460.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501470.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501473.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501478.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501479.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501485.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501487.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501492.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501496.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501501.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501527.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501529.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501531.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501544.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501548.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501551.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501553.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP610\A0504095.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.NaviPromo.bw skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP610\A0504095.exe/stream Infected: not-a-virus:AdWare.Win32.NaviPromo.bw skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP610\A0504095.exe NSIS: infected - 2 skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP610\A0504126.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP613\A0504428.EXE Infected: not-a-virus:NetTool.Win32.PsKill.a skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP614\A0505265.EXE Infected: not-a-virus:NetTool.Win32.PsKill.a skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP614\A0506132.EXE Infected: not-a-virus:NetTool.Win32.PsKill.a skipped C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP616\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{8AF99C9F-FFDD-4010-A8DB-D11ED513B1BF}.crmlog Object is locked skipped C:\WINDOWS\RESTORE.INS/C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE Infected: not-a-virus:NetTool.Win32.PsKill.a skipped C:\WINDOWS\RESTORE.INS ARJ: infected - 1 skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system\RESTORE.INS/C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE Infected: not-a-virus:NetTool.Win32.PsKill.a skipped C:\WINDOWS\system\RESTORE.INS ARJ: infected - 1 skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_990.dat Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.

Rapport HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:43:20, on 04/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\QTTask.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\WINDOWS\system32\netdde.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\snmp.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\System32\dllhost.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\serge esteban\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1147193716437 O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.0.cab O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neff...ffyLauncher.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activ...nfosFinder2.CAB O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe (file missing) O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 6947 bytes

Bonjour, Voici le rapport lopxpmh Rapport lopxpMH2 version 2.0 fait à 10:13:32,10 le 04/03/2008 C:\Documents and Settings\serge esteban\Bureau ****************************************** ## Répertoires Application Data Le volume dans le lecteur C s'appelle HDD Le numéro de série du volume est 58DB-2F9F Répertoire de C:\Documents and Settings\All Users\Application Data 11/03/2006 17:21 <REP> . 11/03/2006 17:21 <REP> .. 23/03/2007 13:11 <REP> Adobe 26/12/2007 19:56 <REP> Apple Computer 03/03/2008 17:22 <REP> Avira 05/12/2007 21:14 <REP> Corel 22/04/2007 20:58 <REP> Disney Imagineering 23/03/2007 12:59 <REP> Google 26/12/2007 18:33 <REP> Kodak 11/03/2006 17:21 <REP> Microsoft 01/06/2007 22:38 <REP> Microsoft Help 17/03/2006 13:49 <REP> MSN6 11/03/2006 17:21 <REP> QuickTime 11/03/2006 17:21 <REP> SBSI 14/11/2007 14:46 <REP> Spybot - Search & Destroy 23/12/2007 20:55 <REP> STORE LESS JUGS SURF 23/03/2007 16:16 <REP> Symantec 15/03/2006 08:49 <REP> Windows Genuine Advantage 11/11/2006 18:24 <REP> Windows Live Toolbar 03/03/2008 17:26 305 addr_file.html 30/09/2002 11:55 62 desktop.ini 11/03/2006 09:48 376 hpzinstall.log 15/12/2007 21:04 0 LauncherAccess.dt 4 fichier(s) 743 octets 19 Rép(s) 109 421 584 384 octets libres Le volume dans le lecteur C s'appelle HDD Le numéro de série du volume est 58DB-2F9F Répertoire de C:\Documents and Settings\Default User\Application Data 11/03/2006 17:21 <REP> . 11/03/2006 17:21 <REP> .. 11/03/2006 08:47 <REP> Identities 11/03/2006 17:21 <REP> Microsoft 11/03/2006 08:47 <REP> Real 30/09/2002 11:55 62 desktop.ini 1 fichier(s) 62 octets 5 Rép(s) 109 421 572 096 octets libres Le volume dans le lecteur C s'appelle HDD Le numéro de série du volume est 58DB-2F9F Répertoire de C:\Documents and Settings\Default User\Local Settings\Application Data 11/03/2006 17:21 <REP> . 11/03/2006 17:21 <REP> .. 11/03/2006 08:47 <REP> Microsoft 11/03/2006 08:47 <REP> Powercinema 11/03/2006 08:47 2 652 636 IconCache.db 1 fichier(s) 2 652 636 octets 4 Rép(s) 109 421 572 096 octets libres Le volume dans le lecteur C s'appelle HDD Le numéro de série du volume est 58DB-2F9F Répertoire de C:\Documents and Settings\LocalService\Application Data 11/03/2006 17:21 <REP> . 11/03/2006 17:21 <REP> .. 11/03/2006 17:21 <REP> Microsoft 0 fichier(s) 0 octets 3 Rép(s) 109 421 572 096 octets libres Le volume dans le lecteur C s'appelle HDD Le numéro de série du volume est 58DB-2F9F Répertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data 11/03/2006 17:21 <REP> . 11/03/2006 17:21 <REP> .. 11/03/2006 17:21 <REP> Microsoft 0 fichier(s) 0 octets 3 Rép(s) 109 421 572 096 octets libres Le volume dans le lecteur C s'appelle HDD Le numéro de série du volume est 58DB-2F9F Répertoire de C:\Documents and Settings\NetworkService\Application Data 11/03/2006 17:21 <REP> . 11/03/2006 17:21 <REP> .. 11/03/2006 17:21 <REP> Microsoft 23/03/2007 16:30 <REP> Symantec 0 fichier(s) 0 octets 4 Rép(s) 109 421 572 096 octets libres Le volume dans le lecteur C s'appelle HDD Le numéro de série du volume est 58DB-2F9F Répertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data 11/03/2006 17:21 <REP> . 11/03/2006 17:21 <REP> .. 11/03/2006 17:21 <REP> Microsoft 0 fichier(s) 0 octets 3 Rép(s) 109 421 568 000 octets libres Le volume dans le lecteur C s'appelle HDD Le numéro de série du volume est 58DB-2F9F Répertoire de C:\Documents and Settings\Propriétaire Le volume dans le lecteur C s'appelle HDD Le numéro de série du volume est 58DB-2F9F Répertoire de C:\Documents and Settings\serge esteban\Application Data 11/03/2006 08:49 <REP> . 11/03/2006 08:49 <REP> .. 13/03/2006 22:24 <REP> Adobe 02/04/2006 15:22 <REP> AdobeUM 17/07/2007 12:57 <REP> Atari 05/12/2007 21:18 <REP> Corel 25/07/2007 17:21 <REP> cs 15/09/2006 14:38 <REP> CyberLink 23/03/2007 13:06 <REP> Google 21/04/2006 20:57 <REP> Help 11/03/2006 08:49 <REP> Identities 14/03/2006 18:05 <REP> Lavasoft 15/03/2006 21:06 <REP> Leadertech 11/03/2006 09:10 <REP> Macromedia 11/03/2006 08:49 <REP> Microsoft 09/06/2006 13:44 <REP> Microsoft Web Folders 14/03/2007 18:07 <REP> Mozilla 17/03/2006 13:49 <REP> MSN6 11/03/2006 08:49 <REP> Real 20/06/2006 13:58 <REP> serge esteban 12/04/2007 20:20 <REP> Shareaza 10/04/2006 18:00 <REP> Sonic 08/05/2007 12:58 <REP> Sun 05/11/2007 11:32 <REP> SurfAccuracy 23/03/2007 16:17 <REP> Symantec 11/03/2006 08:49 62 desktop.ini 1 fichier(s) 62 octets 25 Rép(s) 109 421 568 000 octets libres Le volume dans le lecteur C s'appelle HDD Le numéro de série du volume est 58DB-2F9F Répertoire de C:\Documents and Settings\serge esteban\Local Settings\Application Data 11/03/2006 08:49 <REP> . 11/03/2006 08:49 <REP> .. 02/04/2006 15:22 <REP> Adobe 26/12/2007 19:50 <REP> Apple Computer 10/11/2007 12:41 <REP> Best_Security_Tips 20/03/2006 08:54 <REP> Google 20/04/2006 22:02 <REP> Help 11/03/2006 10:46 <REP> Identities 26/12/2007 20:25 <REP> KodakGallery 11/03/2006 08:49 <REP> Microsoft 01/06/2007 22:44 <REP> Microsoft Help 02/09/2007 13:20 <REP> MicroVision Applications 14/03/2007 18:08 <REP> Mozilla 13/08/2007 11:53 <REP> My Games 11/03/2006 09:37 <REP> Panda Software 11/03/2006 08:49 <REP> Powercinema 12/04/2007 20:20 <REP> Shareaza 13/09/2007 17:51 <REP> Steam 02/06/2007 08:35 <REP> Temporary Projects 20/03/2006 11:45 35 328 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 20/03/2006 11:21 71 272 GDIPFONTCACHEV1.DAT 11/03/2006 08:49 664 182 IconCache.db 3 fichier(s) 770 782 octets 19 Rép(s) 109 421 568 000 octets libres Le volume dans le lecteur C s'appelle HDD Le numéro de série du volume est 58DB-2F9F Répertoire de C:\WINDOWS\system32\config\systemprofile\Application Data 11/03/2006 17:21 <REP> . 11/03/2006 17:21 <REP> .. 11/03/2006 08:48 <REP> Identities 11/03/2006 17:21 <REP> Microsoft 11/03/2006 08:48 <REP> Real 30/09/2002 12:08 62 desktop.ini 1 fichier(s) 62 octets 5 Rép(s) 109 421 568 000 octets libres Le volume dans le lecteur C s'appelle HDD Le numéro de série du volume est 58DB-2F9F Répertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data 11/03/2006 17:21 <REP> . 11/03/2006 17:21 <REP> .. 11/03/2006 08:28 <REP> Microsoft 11/03/2006 08:48 <REP> Powercinema 11/03/2006 08:48 2 652 636 IconCache.db 1 fichier(s) 2 652 636 octets 4 Rép(s) 109 421 563 904 octets libres ****************************************** Recherche des taches planifiées dans C:\WINDOWS\tasks C:\WINDOWS\Tasks\MP MP inexploitable ****************************************** ## Répertoires de C:\Program Files Le volume dans le lecteur C s'appelle HDD Le numéro de série du volume est 58DB-2F9F Répertoire de C:\Program Files 03/03/2008 17:22 <REP> . 03/03/2008 17:22 <REP> .. 07/01/2008 13:54 <REP> Alwil Software 19/02/2008 10:50 <REP> Ankama Games 17/07/2007 12:41 <REP> Atari 03/03/2008 17:22 <REP> Avira 13/08/2007 17:21 <REP> CCleaner 05/11/2007 11:33 <REP> Common Files 11/03/2006 17:21 <REP> CyberLink 22/04/2007 20:58 <REP> Disney Imagineering 18/12/2007 22:47 <REP> Dofus 14/03/2006 17:57 <REP> Elaborate Bytes 01/03/2008 21:09 <REP> Fichiers communs 16/02/2008 18:19 <REP> GlobalWaveBait 02/03/2008 20:34 <REP> Google 11/03/2006 09:53 <REP> Hewlett-Packard 13/02/2008 07:16 <REP> Insider 02/03/2008 20:37 <REP> Internet Explorer 16/03/2006 19:40 <REP> Inventel 25/11/2007 15:36 <REP> Java 13/08/2007 15:44 <REP> Kazaa 26/12/2007 19:45 <REP> Kodak 23/03/2007 13:01 <REP> Lavasoft 27/07/2006 21:43 <REP> Logitech 05/11/2007 11:50 <REP> Magic Workstation 14/03/2007 23:25 <REP> Messenger 10/05/2007 20:16 <REP> Microsoft CAPICOM 2.1.0.2 09/06/2006 13:44 <REP> microsoft frontpage 07/01/2008 17:49 <REP> Microsoft Games 03/06/2007 10:03 <REP> Microsoft Office 03/06/2007 02:43 <REP> Microsoft SQL Server 03/06/2007 10:03 <REP> Microsoft Visual Studio 8 11/03/2006 17:23 <REP> Microsoft Works 01/06/2007 23:22 <REP> Microsoft.NET 01/07/2006 07:06 <REP> Movie Maker 02/03/2008 20:36 <REP> Mozilla Firefox 11/03/2006 17:23 <REP> MSN 11/11/2006 18:21 <REP> MSN Apps 11/03/2006 17:21 <REP> MSN Gaming Zone 02/03/2008 20:33 <REP> MSN Messenger 01/11/2007 10:03 <REP> MSXML 4.0 03/06/2007 02:18 <REP> MSXML 6.0 22/04/2007 20:55 <REP> n3w 02/03/2008 20:33 <REP> Navilog1 11/04/2007 18:53 <REP> Neffy 01/07/2006 07:00 <REP> NetMeeting 01/03/2008 21:10 <REP> Outerinfo 14/06/2007 02:05 <REP> Outlook Express 11/03/2006 09:14 <REP> Panda Software 29/03/2006 19:49 <REP> Play at Joe's 26/12/2007 20:05 <REP> QuickTime 11/03/2006 17:21 <REP> Real 04/11/2007 09:20 <REP> Samsung 11/03/2006 17:23 <REP> Services en ligne 12/04/2007 20:20 <REP> Shareaza 13/08/2007 15:52 <REP> Slayers Online 11/03/2006 17:21 <REP> Sonic 07/01/2008 14:08 <REP> S?mantec 12/11/2007 14:24 <REP> Temporary 04/02/2007 14:47 <REP> Tetrix XP 09/01/2008 20:39 <REP> Valve 04/03/2008 10:04 <REP> Wanadoo 12/11/2007 14:20 <REP> WinAble 02/03/2008 20:34 <REP> Windows Defender 03/03/2008 18:56 <REP> Windows Live Safety Center 02/03/2008 20:33 <REP> Windows Live Toolbar 16/04/2007 16:56 <REP> Windows Media Connect 2 16/04/2007 16:56 <REP> Windows Media Player 01/07/2006 07:00 <REP> Windows NT 22/03/2007 12:37 <REP> WinRAR 11/03/2006 17:21 <REP> xerox 29/05/2007 17:56 <REP> Xvid 02/03/2008 20:36 <REP> Yahoo! 0 fichier(s) 0 octets 73 Rép(s) 109 421 547 520 octets libres ****************************************** ## Popups autorisées * Internet Explorer ! REG.EXE VERSION 3.0 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow *.gallery.microsoft.com/ REG_BINARY *.windowsmedia.com REG_BINARY host-domain-lookup.com REG_SZ mysearchnow.com REG_SZ particuliers.edf.fr REG_BINARY forum.zebulon.fr REG_BINARY www.clubic.com REG_BINARY * Mozilla Firefox (1 autorisé 2 interdit) ---------- C:\DOCUMENTS AND SETTINGS\SERGE ESTEBAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\XY6Y72F6.DEFAULT\HOSTPERM.1 host popup 1 www.infos-du-net.com ****************************************** ## Registre * [HKEY_CURRENT_USER\\Software\Microsoft\Internet Explorer\Main] Search Bar REG_SZ http://www.wanadoo.fr/go/page_recherche/ ****************************************** ## Zones de sécurité * HKCU Domains (4) * P3P History (5) ****************************************** ## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif" *************** Fin du rapport ****************

Les choses se sont améliorées sérieusement. Voici les rapports ewido et HJT __________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\WR Risk: Medium Name: Adware.Companion Path: C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP610\A0503935.exe Risk: Medium Name: Trojan.Small Path: C:\WINDOWS\system32\wapisvsu32.exe Risk: High HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:41:48, on 03/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Apps\Powercinema\PCMService.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\QTTask.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\netdde.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\snmp.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\System32\dllhost.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE K:\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [first the] C:\DOCUME~1\SERGEE~1\APPLIC~1\GLOBAL~1\wipestorechin.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1147193716437 O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.0.cab O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neff...ffyLauncher.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activ...nfosFinder2.CAB O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe (file missing) O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 7027 bytes

voici les derniers resultats C:\DOCUME~1\SERGEE~1\APPLIC~1\GLOBAL~1 moved successfully. [Custom Input] < EmptyTemp > File delete failed. C:\DOCUME~1\SERGEE~1\LOCALS~1\Temp\~DF79DE.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_594.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_9d8.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. OTMoveIt2 v1.0.20 log created on 03032008_165703 AntiVir PersonalEdition Classic Report file date: lundi 3 mars 2008 17:31 Scanning for 1131710 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: SN202259320001 Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 16:26:51 ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 24/02/2008 16:26:51 ANTIVIR3.VDF : 7.0.2.225 154112 Bytes 03/03/2008 16:26:51 AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 03/03/2008 16:26:52 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 03/03/2008 16:26:52 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: F:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: lundi 3 mars 2008 17:31 Starting search for hidden objects. '56500' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'Watch.exe' - '1' Module(s) have been scanned Scan process 'dllhost.exe' - '1' Module(s) have been scanned Scan process 'dllhost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sqlwriter.exe' - '1' Module(s) have been scanned Scan process 'sqlbrowser.exe' - '1' Module(s) have been scanned Scan process 'snmp.exe' - '1' Module(s) have been scanned Scan process 'slserv.exe' - '1' Module(s) have been scanned Scan process 'locator.exe' - '1' Module(s) have been scanned Scan process 'sqlservr.exe' - '1' Module(s) have been scanned Scan process 'msdtc.exe' - '1' Module(s) have been scanned Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'netdde.exe' - '1' Module(s) have been scanned Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned Scan process 'PollingModule.exe' - '1' Module(s) have been scanned Scan process 'Inactivity.exe' - '1' Module(s) have been scanned Scan process 'Toaster.exe' - '1' Module(s) have been scanned Scan process 'ComComp.exe' - '1' Module(s) have been scanned Scan process 'EspaceWanadoo.exe' - '1' Module(s) have been scanned Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'MSASCui.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'LogiTray.exe' - '1' Module(s) have been scanned Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned Scan process 'QTTask.exe' - '1' Module(s) have been scanned Scan process 'realsched.exe' - '1' Module(s) have been scanned Scan process 'PCMService.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 51 processes with 51 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'F:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '22' files ). Starting the file scan: Begin scan in 'C:\' <HDD> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\EverestPoker2.zip [DETECTION] Contains suspicious code GEN/PwdZIP [iNFO] The file was moved to '48312c01.qua'! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\EverestPoker3.zip [DETECTION] Contains suspicious code GEN/PwdZIP [iNFO] The file was moved to '48312c0d.qua'! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LocusSoftwareBestsellerAntivirus57.zip [DETECTION] Contains suspicious code GEN/PwdZIP [iNFO] The file was moved to '482f2c0a.qua'! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LocusSoftwareBestsellerAntivirus58.zip [DETECTION] Contains suspicious code GEN/PwdZIP [iNFO] The file was moved to '482f2c0b.qua'! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip [DETECTION] Contains suspicious code GEN/PwdZIP [iNFO] The file was moved to '48352c09.qua'! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip [DETECTION] Contains suspicious code GEN/PwdZIP [iNFO] The file was moved to '48352c0a.qua'! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpywareSecure14.zip [DETECTION] Contains suspicious code GEN/PwdZIP [iNFO] The file was moved to '48452c0d.qua'! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpywareSecure9.zip [DETECTION] Contains suspicious code GEN/PwdZIP [iNFO] The file was moved to '48452c0e.qua'! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl.zip [DETECTION] Contains suspicious code GEN/PwdZIP [iNFO] The file was moved to '483a2c08.qua'! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip [DETECTION] Contains suspicious code GEN/PwdZIP [iNFO] The file was moved to '48462c00.qua'! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle1.zip [DETECTION] Contains suspicious code GEN/PwdZIP [iNFO] The file was moved to '48462c01.qua'! C:\Documents and Settings\serge esteban\Application Data\SurfAccuracy\SAccU.exe [DETECTION] Is the Trojan horse TR/Agent.33792.B [iNFO] The file was moved to '482f2c02.qua'! C:\Documents and Settings\serge esteban\Mes documents\Downloads\(C0NFUSED) java samsung e950 (full) (Full).zip [0] Archive type: ZIP --> Setup.exe [DETECTION] Is the Trojan horse TR/Dldr.IstBar.30498 [iNFO] The file was moved to '47fc2c58.qua'! C:\Documents and Settings\serge esteban\Mes documents\Serge ESTEBAN\setup.exe [DETECTION] Is the Trojan horse TR/Dropper.Gen [iNFO] The file was moved to '48402d45.qua'! C:\Program Files\Navilog1\Backupnavi\ohycraa.exe [DETECTION] Is the Trojan horse TR/Dropper.Gen [iNFO] The file was moved to '4845314f.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP563\A0373210.exe [DETECTION] Is the Trojan horse TR/Dropper.Gen [iNFO] The file was moved to '47ff3181.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP567\A0382275.exe [DETECTION] Is the Trojan horse TR/Dropper.Gen [iNFO] The file was moved to '47ff318a.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP578\A0415486.exe [DETECTION] Is the Trojan horse TR/Obfusgen.A.5406 [iNFO] The file was moved to '480031ac.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP578\A0415488.exe [DETECTION] Is the Trojan horse TR/Small.247808 [iNFO] The file was moved to '49a0b4f5.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP593\A0463136.exe [DETECTION] Is the Trojan horse TR/Dropper.Gen [iNFO] The file was moved to '480031e3.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501320.dll [DETECTION] Is the Trojan horse TR/Vundo.DRT [iNFO] The file was moved to '480131f6.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501327.dll [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [iNFO] The file was moved to '49a1b4af.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501330.dll [DETECTION] Is the Trojan horse TR/Spy.Vundo.79937 [iNFO] The file was moved to '480131f7.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501333.dll [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [iNFO] The file was moved to '49a1b4a0.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501335.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '480131f8.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501336.dll [DETECTION] Is the Trojan horse TR/Vundo.DRR [iNFO] The file was moved to '49a1b4a1.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501346.dll [DETECTION] Is the Trojan horse TR/Vundo.DVA.1 [iNFO] The file was moved to '480131fa.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501352.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '49a1b4a3.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501355.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '480131f9.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501357.dll [DETECTION] Is the Trojan horse TR/Vundo.DRT [iNFO] The file was moved to '49a1b4a2.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501360.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '480131fb.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501361.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '49a1b4a4.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501366.dll [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [iNFO] The file was moved to '480131fc.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501367.dll [DETECTION] Is the Trojan horse TR/Vundo.DRT [iNFO] The file was moved to '49a1b4a5.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501370.dll [DETECTION] Is the Trojan horse TR/Vundo.DRT [iNFO] The file was moved to '480131fe.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501377.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '480131fd.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501392.dll [DETECTION] Is the Trojan horse TR/Vundo.BT [iNFO] The file was moved to '49a1b4a6.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501398.dll [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [iNFO] The file was moved to '480131ff.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501399.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '49a1b4a7.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501400.dll [DETECTION] Is the Trojan horse TR/Vundo.DRT [iNFO] The file was moved to '480131f0.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501405.dll [DETECTION] Is the Trojan horse TR/Virtumonde.C [iNFO] The file was moved to '49a1b4a9.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501406.dll [DETECTION] Is the Trojan horse TR/Vundo.DRT [iNFO] The file was moved to '49a1b758.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501407.dll [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [iNFO] The file was moved to '48013201.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501408.dll [DETECTION] Is the Trojan horse TR/Vundo.DRT [iNFO] The file was moved to '49a1b75a.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501409.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '48013203.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501410.dll [DETECTION] Is the Trojan horse TR/Vundo.DRT [iNFO] The file was moved to '480131f2.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501414.dll [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [iNFO] The file was moved to '49a1b4ab.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501416.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '480131f4.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501421.dll [DETECTION] Is the Trojan horse TR/Vundo.DRT [iNFO] The file was moved to '49a1b4ad.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501428.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '49a1b75c.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501431.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '48013205.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501432.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '49a1b75e.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501435.dll [DETECTION] Is the Trojan horse TR/Vundo.dvc.3 [iNFO] The file was moved to '48013200.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501437.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '49a1b759.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501438.dll [DETECTION] Is the Trojan horse TR/Vundo.dvc.3 [iNFO] The file was moved to '48013202.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501441.dll [DETECTION] Is the Trojan horse TR/Vundo.DUP [iNFO] The file was moved to '49a1b75b.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501443.dll [DETECTION] Is the Trojan horse TR/Vundo.dvc.3 [iNFO] The file was moved to '48013207.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501444.dll [DETECTION] Is the Trojan horse TR/Vundo.DRT [iNFO] The file was moved to '49a1b750.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501446.dll [DETECTION] Is the Trojan horse TR/Vundo.DRT [iNFO] The file was moved to '48013209.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501447.dll [DETECTION] Is the Trojan horse TR/Virtumonde.C [iNFO] The file was moved to '49a1b752.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501448.dll [DETECTION] Is the Trojan horse TR/Vundo.DUP [iNFO] The file was moved to '48013204.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501449.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '49a1b75d.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501450.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '48013206.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501453.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '49a1b75f.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501454.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4801320b.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501457.dll [DETECTION] Is the Trojan horse TR/Vundo.dvc.3 [iNFO] The file was moved to '49a1b754.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501462.dll [DETECTION] Is the Trojan horse TR/Vundo.DRT [iNFO] The file was moved to '4801320d.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501466.dll [DETECTION] Is the Trojan horse TR/Vundo.DUP [iNFO] The file was moved to '48013238.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501469.dll [DETECTION] Is the Trojan horse TR/Vundo.DUP [iNFO] The file was moved to '49a1b761.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501476.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4801323a.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501477.dll [DETECTION] Is the Trojan horse TR/Vundo.DRT [iNFO] The file was moved to '49a1b763.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501480.dll [DETECTION] Is the Trojan horse TR/Vundo.DRK [iNFO] The file was moved to '49a1b756.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501483.dll [DETECTION] Is the Trojan horse TR/Vundo.DRT [iNFO] The file was moved to '4801320f.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501490.dll [DETECTION] Is the Trojan horse TR/Vundo.DRT [iNFO] The file was moved to '49a1b748.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501493.dll [DETECTION] Is the Trojan horse TR/Vundo.DUP [iNFO] The file was moved to '4801323c.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501494.dll [DETECTION] Is the Trojan horse TR/Vundo.DUP [iNFO] The file was moved to '49a1b765.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501497.dll [DETECTION] Is the Trojan horse TR/Vundo.DRT [iNFO] The file was moved to '4801323e.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501504.dll [DETECTION] Is the Trojan horse TR/Vundo.DUP [iNFO] The file was moved to '49a1b767.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501508.dll [DETECTION] Is the Trojan horse TR/Vundo.DQE [iNFO] The file was moved to '48013211.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501510.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '49a1b74a.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501512.dll [DETECTION] Is the Trojan horse TR/Vundo.DUO [iNFO] The file was moved to '48013213.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501513.dll [DETECTION] Is the Trojan horse TR/Vundo.DRT [iNFO] The file was moved to '49a1b74c.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501517.dll [DETECTION] Is the Trojan horse TR/Vundo.DUO [iNFO] The file was moved to '48013208.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501519.dll [DETECTION] Is the Trojan horse TR/Vundo.DRT [iNFO] The file was moved to '49a1b751.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501520.dll [DETECTION] Is the Trojan horse TR/Vundo.DRR [iNFO] The file was moved to '4801320a.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501523.dll [DETECTION] Is the Trojan horse TR/Vundo.DUP [iNFO] The file was moved to '48013215.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501525.dll [DETECTION] Is the Trojan horse TR/Vundo.DUP [iNFO] The file was moved to '49a1b74e.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501526.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '48013217.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501535.dll [DETECTION] Is the Trojan horse TR/Vundo.DSE [iNFO] The file was moved to '49a1b740.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501537.dll [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [iNFO] The file was moved to '49a1b753.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501547.dll [DETECTION] Is the Trojan horse TR/Vundo.DRT [iNFO] The file was moved to '4801320c.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501552.dll [DETECTION] Is the Trojan horse TR/BHO.aby [iNFO] The file was moved to '49a1b755.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0502677.exe [DETECTION] Is the Trojan horse TR/Agent.33792.B [iNFO] The file was moved to '4801325a.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0502679.exe [DETECTION] Contains detection pattern of the dropper DR/PurityScan.GP.1 [iNFO] The file was moved to '49a1b703.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP600\A0502698.exe [DETECTION] Is the Trojan horse TR/Agent.33792.B [iNFO] The file was moved to '4801325c.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP601\A0502767.exe [DETECTION] Is the Trojan horse TR/Agent.33792.B [iNFO] The file was moved to '4801325f.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP607\A0503744.exe [DETECTION] Is the Trojan horse TR/Agent.142336.B [iNFO] The file was moved to '4801327d.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP607\A0503745.exe [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '49a1b726.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP609\A0503926.exe [DETECTION] Is the Trojan horse TR/Obfusgen.A.5368 [iNFO] The file was moved to '48013284.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP609\A0503927.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [iNFO] The file was moved to '49a1b7dd.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP610\A0504100.exe [DETECTION] Is the Trojan horse TR/Dropper.Gen [iNFO] The file was moved to '48013289.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP613\A0504531.exe [DETECTION] Is the Trojan horse TR/Dropper.Gen [iNFO] The file was moved to '4801329b.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP613\A0505228.exe [DETECTION] Is the Trojan horse TR/Agent.33792.B [iNFO] The file was moved to '480132b2.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP614\A0505368.exe [DETECTION] Is the Trojan horse TR/Dropper.Gen [iNFO] The file was moved to '480132b6.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP614\A0506065.exe [DETECTION] Is the Trojan horse TR/Agent.33792.B [iNFO] The file was moved to '480132cb.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP615\A0506322.exe [DETECTION] Is the Trojan horse TR/Agent.33792.B [iNFO] The file was moved to '480132cf.qua'! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP615\A0506323.exe [DETECTION] Is the Trojan horse TR/Dropper.Gen [iNFO] The file was moved to '480132d0.qua'! C:\_OTMoveIt\MovedFiles3032008_165703\DOCUME~1\SERGEE~1\APPLIC~1\GlobalWaveBait\wipestorechin.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [iNFO] The file was moved to '483c36b7.qua'! C:\_OTMoveIt\MovedFiles3032008_165703\DOCUME~1\SERGEE~1\APPLIC~1\GlobalWaveBait\wlxuuigb.exe [DETECTION] Is the Trojan horse TR/Obfusgen.A.5356 [iNFO] The file was moved to '484436bb.qua'! C:\_OTMoveIt\MovedFiles3032008_165703\DOCUME~1\SERGEE~1\APPLIC~1\GlobalWaveBait\wzviwxaf.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [iNFO] The file was moved to '484236c9.qua'! Begin scan in 'F:\' <RESTDONE> End of the scan: lundi 3 mars 2008 18:33 Used time: 1:01:23 min The scan has been done completely. 6965 Scanning directories 337439 Files were scanned 98 viruses and/or unwanted programs were found 12 Files were classified as suspicious: 0 files were deleted 0 files were repaired 110 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 337341 Files not concerned 7550 Archives were scanned 2 Warnings 0 Notes 56500 Objects were scanned with rootkit scan 0 Hidden objects were found