Problème au démarrage [RESOLU]

tiamat69fr · le 14 juin 2007

Re,

Le log spy sweeper :

22:18: Removal process completed. Elapsed time 00:00:11

22:18: Quarantining All Traces: webhancer

22:18: Quarantining All Traces: ist sidefind

22:18: Quarantining All Traces: ist surf accuracy

22:18: Quarantining All Traces: xiti cookie

22:18: Quarantining All Traces: cydoor

22:18: Removal process initiated

22:18: Traces Found: 13

22:18: Custom Sweep has completed. Elapsed time 00:50:00

22:18: File Sweep Complete, Elapsed Time: 00:48:13

21:58: Warning: SweepDirectories: Cannot find directory "k:". This directory was not added to the list of paths to be scanned.

21:58: Warning: SweepDirectories: Cannot find directory "j:". This directory was not added to the list of paths to be scanned.

21:58: Warning: SweepDirectories: Cannot find directory "i:". This directory was not added to the list of paths to be scanned.

21:58: Warning: SweepDirectories: Cannot find directory "h:". This directory was not added to the list of paths to be scanned.

21:58: Warning: SweepDirectories: Cannot find directory "g:". This directory was not added to the list of paths to be scanned.

21:58: Warning: SweepDirectories: Cannot find directory "f:". This directory was not added to the list of paths to be scanned.

21:58: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.

21:58: Warning: SweepDirectories: Cannot find directory "d:". This directory was not added to the list of paths to be scanned.

21:57: 682791a6-4b41-47e4-bb26-1a9e29 (ID = 188794)

21:57: Found Adware: webhancer

21:48: swpxa52u.dll (ID = 462590)

21:45: df2b7f4a-3439-45aa-b07e-37fd0e (ID = 158779)

21:45: Found Adware: ist sidefind

21:40: 1160911966.exe (ID = 462837)

21:36: 092e2ec4-d77b-4930-bbbf-0fda68 (ID = 162775)

21:36: Found Adware: ist surf accuracy

21:29: Starting File Sweep

21:29: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned.

21:29: Cookie Sweep Complete, Elapsed Time: 00:00:00

21:29: ft@xiti[1].txt (ID = 3717)

21:29: Found Spy Cookie: xiti cookie

21:29: Starting Cookie Sweep

21:29: Registry Sweep Complete, Elapsed Time:00:00:26

21:29: HKLM\software\classes\typelib\{81f04ef2-a31e-41ce-a72e-69dc8a290c79}\ (ID = 1988624)

21:29: HKLM\software\classes\clsid\{060fdc78-71c0-4766-b430-5db4dfc29f90}\ (ID = 1987854)

21:29: HKLM\software\classes\swpxau.clsdll\ (ID = 1987762)

21:29: HKCR\typelib\{81f04ef2-a31e-41ce-a72e-69dc8a290c79}\ (ID = 1987396)

21:29: HKCR\clsid\{060fdc78-71c0-4766-b430-5db4dfc29f90}\ (ID = 1986626)

21:29: HKCR\swpxau.clsdll\ (ID = 1986534)

21:29: HKLM\software\microsoft\windows\currentversion\shell extensions\approved\ || {51d8eab2-a055-487f-bbe0-dfb79dd0e76d} (ID = 1838857)

21:29: Found Adware: cydoor

21:29: Starting Registry Sweep

21:29: Memory Sweep Complete, Elapsed Time: 00:01:08

21:28: Starting Memory Sweep

21:28: Sweep initiated using definitions version 930

21:28: Spy Sweeper 5.3.2.2361 started

21:28: | Start of Session, jeudi 14 juin 2007 |

***************

21:27: Program Version 5.3.2.2361 Using Spyware Definitions 930

21:27: Spy Sweeper 5.3.2.2361 started

21:27: | Start of Session, jeudi 14 juin 2007 |

***************

21:15: ApplicationMinimized - EXIT

21:15: ApplicationMinimized - ENTER

21:15: Your definitions are up to date.

21:14: Your spyware definitions have been updated.

Keylogger: Off

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: Off

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

Spy Installation Shield: On

Memory Shield: Off

IE Hijack Shield: On

IE Tracking Cookies Shield: Off

21:13: Shield States

21:13: Spyware Definitions: 866

21:13: Spy Sweeper 5.3.2.2361 started

21:13: | Start of Session, jeudi 14 juin 2007 |

***************

21:21: ApplicationMinimized - EXIT

21:21: ApplicationMinimized - ENTER

21:21: ApplicationMinimized - EXIT

21:21: ApplicationMinimized - ENTER

21:21: None

21:21: Traces Found: 0

21:21: Memory Sweep Complete, Elapsed Time: 00:01:03

21:21: Sweep Canceled

21:20: Starting Memory Sweep

21:20: Start Custom Sweep

21:20: Sweep initiated using definitions version 930

21:19: The Internet Communication shield has blocked access to: WWW.COMETSYSTEMS.COM

21:19: The Internet Communication shield has blocked access to: WWW.COMETCURSOR.COM

21:19: The Internet Communication shield has blocked access to: WWW.CASHSURFERS.COM

21:19: The Internet Communication shield has blocked access to: WWW.BRILLIANTDIGITAL.COM

21:19: The Internet Communication shield has blocked access to: WWW.BONZI.COM

21:18: Access to Hosts file blocked for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE

21:18: The Internet Communication shield has blocked access to: LOP.COM

21:17: The Internet Communication shield has blocked access to: IMG.LOP.COM

Keylogger: Off

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: Off

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

Spy Installation Shield: On

Memory Shield: Off

IE Hijack Shield: On

IE Tracking Cookies Shield: Off

21:16: Shield States

21:16: Spyware Definitions: 930

21:16: Spy Sweeper 5.3.2.2361 started

21:16: | Start of Session, jeudi 14 juin 2007 |

***************

Le log hijackthis :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 22:25:40, on 14/06/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avast4\aswUpdSv.exe

C:\Program Files\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\NTR global\NTRconnect\NTRconnect.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Raxco\PerfectDisk\PDSched.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Avast4\ashWebSv.exe

C:\PROGRA~1\Avast4\ashDisp.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

C:\Program Files\MSN Messenger\usnsvc.exe

Z:\Temp\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [G6FTP Server Tray Monitor] "C:\Program Files\Gene6 FTP Server\G6FTPTray.exe"

O4 - HKCU\..\Run: [NoSpam] "C:\Program Files\StofWare\NoSpam\NoSpam.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - Startup: PeerGuardian.lnk = C:\Program Files\PeerGuardian2\pg2.exe

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1181667480984

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149494919515

O16 - DPF: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} (Upload Class) - http://photos.wanadoo.fr/al/presentation/p...ivex/Ephoto.cab

O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://express.foto.com/activeX/newUploadFotoCom.CAB

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://tours.trafic.ville.wanadoo.fr/Commo...sCamControl.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O17 - HKLM\System\CCS\Services\Tcpip\..\{831A0816-5169-4B01-83C5-FA84CE6DB289}: NameServer = 80.10.246.2,80.10.246.129

O17 - HKLM\System\CCS\Services\Tcpip\..\{8F8CC37F-87A6-4DAA-8E76-A0DBAD50AD31}: NameServer = 80.10.246.1,80.10.246.139

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Gene6 FTP Server (G6FTPServer) - Gene6 - C:\Program Files\Gene6 FTP Server\G6FTPSERVER.EXE

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe

O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe

O23 - Service: NTRconnect (ntrconnect) - Unknown owner - C:\Program Files\NTR global\NTRconnect\NTRconnect.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe

O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--

End of file - 9925 bytes

A plus

regis56 · le 15 juin 2007

Salut !

Voici ce que tu vas faire stp :

Télécharge la dernière version de Killbox -> http://www.downloads.subratam.org/KillBox.zip

Place le programme dans le répertoire qui te plaît (pas d'installation Windows)

- redémarre l'ordinateur en mode sans échec

- lance Pocket Killbox

--- choisis l'option Delete on Reboot

--- copie la liste ci-dessous, des fichiers à supprimer (Ctrl-C) et File / Paste from Clipboard

C:\WINDOWS\system32\swpxa52u.dll

C:\WINDOWS\system32\1160911966.exe

* les boutons "Single File" et "All Files" deviennent actifs mais "Single File" est activé par défaut.

Il faut alors impérativement activer (cliquer sur) "All Files", impérativement, sinon seul le premier de la liste sera supprimé.

--- vérifie que tous les fichiers sont enregistrés, par la liste déroulante "Full Path of File to Delete"

--- /!\ ATTENTION si un ou des fichiers ".dll" sont présents dans la liste les mettrent en début de liste , et coche "Unregister .dll Before Deleting".

--- clique sur la croix blanche sur fond rouge (Delete File) :

- "File will be Removed on Reboot, Do you want to reboot now?", réponds OUI si tu es prêt à procéder

Si Pocket KillBox ne fait pas redémarrer le PC, redémarre le toi même.

Tu pourras trouver un tutorial complet et détaillé par Jesses : http://perso.wanadoo.fr/jesses/Docs/Logiciels/KillBox.htm

Ensuite fais un scan en ligne ici stp :

http://www.kaspersky.com/virusscanner

tuto d'aide ici

http://www.malekal.com/scan_Av_en_ligne.html

A plus.

tiamat69fr · le 15 juin 2007

Le log Kaspersky, mais juste avant, petit truc : avec killbox, je n'ai trouvé aucun des deux fichiers que tu m'indiques (en mode sans échec).

Le log, donc :

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Friday, June 15, 2007 7:20:10 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.93.0

Kaspersky Anti-Virus database last update: 15/06/2007

Kaspersky Anti-Virus database records: 347238

-------------------------------------------------------------------------------

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

Scan Target - Folders:

C:\

Z:\

Scan Statistics:

Total number of scanned objects: 86225

Number of viruses found: 4

Number of infected objects: 10

Number of suspicious objects: 2

Duration of the scan process: 01:04:57

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12102006-181507.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Deskwizz2.zip/sk02.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Deskwizz2.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\ft\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\ft\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\ft\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\ft\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\ft\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\ft\ntuser.dat Object is locked skipped

C:\Documents and Settings\ft\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{4740446C-0CD0-476F-B0FC-1830CE68D738}\RP13\A0002586.exe/Gain_Trickler.exe Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped

C:\System Volume Information\_restore{4740446C-0CD0-476F-B0FC-1830CE68D738}\RP13\A0002586.exe Vise: infected - 1 skipped

C:\System Volume Information\_restore{4740446C-0CD0-476F-B0FC-1830CE68D738}\RP16\A0004366.dll Infected: not-a-virus:AdWare.Win32.VB.y skipped

C:\System Volume Information\_restore{4740446C-0CD0-476F-B0FC-1830CE68D738}\RP16\A0004367.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.BHO.ba skipped

C:\System Volume Information\_restore{4740446C-0CD0-476F-B0FC-1830CE68D738}\RP16\A0004367.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.VB.y skipped

C:\System Volume Information\_restore{4740446C-0CD0-476F-B0FC-1830CE68D738}\RP16\A0004367.exe/stream Infected: not-a-virus:AdWare.Win32.VB.y skipped

C:\System Volume Information\_restore{4740446C-0CD0-476F-B0FC-1830CE68D738}\RP16\A0004367.exe NSIS: infected - 3 skipped

C:\System Volume Information\_restore{4740446C-0CD0-476F-B0FC-1830CE68D738}\RP16\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_750.dat Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Z:\Mes Programmes\Video\Rippackv3beta161.exe/data/divx5/0/DivXPro502GAINBundle.exe/Gain_Trickler.exe Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped

Z:\Mes Programmes\Video\Rippackv3beta161.exe/data/divx5/0/DivXPro502GAINBundle.exe Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped

Z:\Mes Programmes\Video\Rippackv3beta161.exe CAB: infected - 2 skipped

Z:\OldPart\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Z:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

regis56 · le 15 juin 2007

Salut !

Je ne te demande pas de les trouver il faut juste les copiers dans la zone prévu a cet effet.

Le programme les trouvera si ils existent.

Recommence l'opération avec cette liste stp :

- lance Pocket Killbox

--- choisis l'option Delete on Reboot

--- copie la liste ci-dessous, des fichiers à supprimer (Ctrl-C) et File / Paste from Clipboard

C:\WINDOWS\system32\swpxa52u.dll

C:\WINDOWS\system32\1160911966.exe

Z:\Mes Programmes\Video\Rippackv3beta161.exe/data/divx5/0/DivXPro502GAINBundle.exe

Z:\Mes Programmes\Video\Rippackv3beta161.exe

* les boutons "Single File" et "All Files" deviennent actifs mais "Single File" est activé par défaut.

Il faut alors impérativement activer (cliquer sur) "All Files", impérativement, sinon seul le premier de la liste sera supprimé.

--- vérifie que tous les fichiers sont enregistrés, par la liste déroulante "Full Path of File to Delete"

--- /!\ ATTENTION si un ou des fichiers ".dll" sont présents dans la liste les mettrent en début de liste , et coche "Unregister .dll Before Deleting".

--- clique sur la croix blanche sur fond rouge (Delete File) :

- "File will be Removed on Reboot, Do you want to reboot now?", réponds OUI si tu es prêt à procéder

Si Pocket KillBox ne fait pas redémarrer le PC, redémarre le toi même.

Ensuite fais ca :

-Créer un point de restauration et supprimer les anciens !: (aide visuelle http://assiste.free.fr/p/comment/comment_a...stauration.html )

Cliquer avec le bouton droit sur l'icône Poste de travail, puis cliquer sur Propriétés.

Cliquer sur l'onglet «Restauration du système».

Sélectionner «Désactiver la Restauration du système» ou «Désactiver la Restauration du système sur tous les lecteurs»

Cliquer sur Appliquer.

Comme le dit le message, ceci supprimera tous les points de restauration existants. Pour faire cela, cliquer sur Oui.

Cliquer sur OK, redémarrer le PC. Faire l'opération inverse, et réactiver la restauration:un nouveau point sera automatiquement créé.

Refais un scan Kaspersky stp

A plus.

tiamat69fr · le 16 juin 2007

Bon, j'ai réussi (apparemment) avec killbox.

Le log kaspersky :

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Saturday, June 16, 2007 9:30:59 AM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.93.0

Kaspersky Anti-Virus database last update: 16/06/2007

Kaspersky Anti-Virus database records: 347398

-------------------------------------------------------------------------------

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

Scan Target - Folders:

C:\

Z:\

Scan Statistics:

Total number of scanned objects: 82086

Number of viruses found: 1

Number of infected objects: 0

Number of suspicious objects: 2

Duration of the scan process: 01:06:22

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12102006-181507.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Deskwizz2.zip/sk02.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Deskwizz2.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\ft\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\ft\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\ft\Local Settings\Application Data\Microsoft\Messenger\ljournaud@wanadoo.fr\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

C:\Documents and Settings\ft\Local Settings\Application Data\Microsoft\Messenger\ljournaud@wanadoo.fr\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\ft\Local Settings\Application Data\Microsoft\Messenger\ljournaud@wanadoo.fr\SharingMetadata\Working\database_3A04_7C24_47B_E175\dfsr.db Object is locked skipped

C:\Documents and Settings\ft\Local Settings\Application Data\Microsoft\Messenger\ljournaud@wanadoo.fr\SharingMetadata\Working\database_3A04_7C24_47B_E175\fsr.log Object is locked skipped

C:\Documents and Settings\ft\Local Settings\Application Data\Microsoft\Messenger\ljournaud@wanadoo.fr\SharingMetadata\Working\database_3A04_7C24_47B_E175\fsrtmp.log Object is locked skipped

C:\Documents and Settings\ft\Local Settings\Application Data\Microsoft\Messenger\ljournaud@wanadoo.fr\SharingMetadata\Working\database_3A04_7C24_47B_E175\tmp.edb Object is locked skipped

C:\Documents and Settings\ft\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\ft\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\ft\Local Settings\Application Data\Microsoft\Windows Live Contacts\ljournaud@wanadoo.fr\real\members.stg Object is locked skipped

C:\Documents and Settings\ft\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\ft\Local Settings\Historique\History.IE5\MSHist012007061620070617\index.dat Object is locked skipped

C:\Documents and Settings\ft\Local Settings\Temp\~DFD063.tmp Object is locked skipped

C:\Documents and Settings\ft\Local Settings\Temp\~DFEC09.tmp Object is locked skipped

C:\Documents and Settings\ft\Local Settings\Temp\~DFEF0A.tmp Object is locked skipped