PC reboot au démarrage

[Scratch]

Bonjour,

Depuis quelques mois déja, il arrive que mon pc reboot quand je le démarre.

Avant, ca ne le faisait qu'une fois de temps en temps, je faisais avec, mais c'est maintenant quasi systématique à chaque fois que je l'allume, il reboot au moins une fois, si ce n'est deux avant de se lancer pour de bon.

Il me laisse le temps d'ouvrir ma session, voire desfois meme de lancer internet quelques secondes mais pas plus...

J'ai fait pas mal de scans antivirus avec avast, des scans en ligne aussi, anti spyware... jamais rien d'alarmant donc mon dernier recours est de vous faire passer un rapport hijackthis, je ne sais pas du tout analyser ca^^

 

Logfile of HijackThis v1.99.1

Scan saved at 18:04:17, on 14/06/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\CACHEM~1\CachemanXP.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\DRIVERS\WtSrv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\TheTurtle\TheTurtle.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Vista Start Menu\VistaStartMenu.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Thoosje Vista Sidebar v1.7.8\thoosje's sidebar.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\eMule\emule.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SoftwareDistribution\Download\Install\Windows-KB890830-V1.30-delta.exe

c:\39bc02276635f4da7726\mrtstub.exe

C:\WINDOWS\system32\MRT.exe

C:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/redirect/startpage/adsl/fra

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Startup: Sidebar .lnk = C:\Program Files\Thoosje Vista Sidebar v1.7.8\thoosje's sidebar.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.5.0) -

O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_...gamesloader.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

 

Derniere chose, en regardant dans msconfig les programmes se lancant au demarrage, j'ai vu un dumprep 0-k qui me paraissait un peu louche. En me renseignant dessus, j'ai vu que c'etait un programme windows qui ne servait pas a grand chose mais qui pouvait desfois provoquer des reboot, je l'ai donc enlever du demarrage mais est ce que ca pourrait quand meme toujours venir de lui?

 

En tout cas merci d'avance de votre aide^^

[regis56]

Salut !

 

Fais ceci :

 

-Redémarrer en mode sans échec :

(En mode sans échec : seul les processus systèmes sont lancés il est donc plus facile de supprimer ce qui est infecté.)

Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé,

Il y a un écran noir qui apparaît rapidement, appuyer sur la touche [F8] ou [F5] jusqu'à l'affichage du menu des options avancées de Windows. Sélectionner "Mode sans échec"et appuyer sur [Entrée].

NB:Si problème aller voir ici: http://service1.symantec.com/support/inter...020905112131924

 

Clique sur démarrer/executer/

Copie/colle

Rentre le chemin indiqué en rouge c:\39bc02276635f4da7726\

Le dossier va s'ouvrir

Supprime le fichier indiqué en gras si présent:

mrtstub.exe(clique droit /supprimer)

 

Vide la corbeille et redémarre

 

Ensuite fais un scan en ligne ici stp :

http://www.kaspersky.com/virusscanner

tuto d'aide ici

http://www.malekal.com/scan_Av_en_ligne.html

 

A plus.

[Scratch]

Salut,

J'ai fait comme tu m'as dit, redemarrage en mode sans echec pour supprimer mrtstub.exe sauf que quand j'ai fait executer il n'a pas trouvé le dossier (pourtant pas d'erreur possible, j'ai copié collé la ligne que tu m'as donnée donc...)

Est ce que le dossier aurait disparu entre temps? (sachant que j'ai rien fait ca me parait bizarre) Ou bien je peux pas y accéder pour je sais pas trop quelle raison...

 

Bref sinon j'ai fait le scan en ligne de kaspersky dont voila le rapport :

 

Scan Statistics

Total number of scanned objects 151345

Number of viruses found 2

Number of infected objects 3 / 0

Number of suspicious objects 0

Duration of the scan process 01:26:45

 

Infected Object Name Virus Name Last Action

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\e0cxhgt6.default\cert8.db Object is locked skipped

C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\e0cxhgt6.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped

C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\e0cxhgt6.default\history.dat Object is locked skipped

C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\e0cxhgt6.default\key3.db Object is locked skipped

C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\e0cxhgt6.default\parent.lock Object is locked skipped

C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\e0cxhgt6.default\search.sqlite Object is locked skipped

C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\e0cxhgt6.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\Compaq_Propriétaire\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\e0cxhgt6.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\e0cxhgt6.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\e0cxhgt6.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\e0cxhgt6.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\Perflib_Perfdata_a1c.dat Object is locked skipped

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\~DFACBE.tmp Object is locked skipped

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Compaq_Propriétaire\ntuser.dat Object is locked skipped

C:\Documents and Settings\Compaq_Propriétaire\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped

C:\Program Files\eMule\Incoming\Vista Start Menu Se Crack\Vista Start Menu SE ALL VERSIONS CRACK plus keygen.exe/crack1.exe Infected: Trojan.Win32.StartPage.aog skipped

C:\Program Files\eMule\Incoming\Vista Start Menu Se Crack\Vista Start Menu SE ALL VERSIONS CRACK plus keygen.exe/crack.exe Infected: Trojan-Downloader.Win32.Small.ehb skipped

C:\Program Files\eMule\Incoming\Vista Start Menu Se Crack\Vista Start Menu SE ALL VERSIONS CRACK plus keygen.exe ZIP: infected - 2 skipped

C:\Program Files\Thoosje Vista Sidebar v1.7.8\thoosje's sidebar.log Object is locked skipped

C:\System Volume Information\catalog.wci�000002.ps1 Object is locked skipped

C:\System Volume Information\catalog.wci�000002.ps2 Object is locked skipped

C:\System Volume Information\catalog.wci�010013.ci Object is locked skipped

C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped

C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped

C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped

C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped

C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP257\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SB Insta.evt Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_518.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

 

Pas forcément évident à voir vu comme ca sans le tableau désolé^^ Enfin ce que j'en retient c'est que les deux virus qu'il a trouvé sont dans des fichiers que je n'ai jamais ouvert donc le problème ne doit pas venir de là.

Et tout le reste je sais pas du tout ce que c'est, il appelle pas ca virus mais si c'est dans le rapport c'est que ca lui pose quand meme probleme alors c'est grave qu'il y en ai autant?

 

Voila si t'as une idée ou un diagnostic je prends volontiers

Merci

[regis56]

SAlut !

 

Fait ceci stp :

 

Télécharge la dernière version de Killbox -> http://www.downloads.subratam.org/KillBox.zip

Place le programme dans le répertoire qui te plaît (pas d'installation Windows)

 

- redémarre l'ordinateur en mode sans échec

 

- lance Pocket Killbox

--- choisis l'option Delete on Reboot

--- copie la liste ci-dessous, des fichiers à supprimer (Ctrl-C) et File / Paste from Clipboard

C:\Program Files\eMule\Incoming\Vista Start Menu Se Crack\Vista Start Menu SE ALL VERSIONS CRACK plus keygen.exe

c:\39bc02276635f4da7726\mrtstub.exe

* les boutons "Single File" et "All Files" deviennent actifs mais "Single File" est activé par défaut.

Il faut alors impérativement activer (cliquer sur) "All Files", impérativement, sinon seul le premier de la liste sera supprimé.

--- vérifie que tous les fichiers sont enregistrés, par la liste déroulante "Full Path of File to Delete"

--- /!\ ATTENTION si un ou des fichiers ".dll" sont présents dans la liste les mettrent en début de liste , et coche "Unregister .dll Before Deleting".

--- clique sur la croix blanche sur fond rouge (Delete File) :

 

- "File will be Removed on Reboot, Do you want to reboot now?", réponds OUI si tu es prêt à procéder

 

Si Pocket KillBox ne fait pas redémarrer le PC, redémarre le toi même.

 

Tu pourras trouver un tutorial complet et détaillé par Jesses : http://perso.wanadoo.fr/jesses/Docs/Logiciels/KillBox.htm

 

Ensuite fais ceci :

 

Télécharge SpySweeper - Télécharge SpySweeper - Aide SpySweeper

- Clic sur sur le lien "Free Trial" pour le télécharger tout à droite

- Installe le et démare le

- Il va te demander de télécharger la dernière définition, accepte

- Ensuite, clic sur le bouton Options à gauche

- Clic sur l'onglet Options

- Assure toi que les options suivantes sont cochées :

o Windows Registery

o Memory Object

o Cookies

o System Restore Folder

o Plus bas :

o Sweep all users accounts

o Sweep for rootkis

 

-- Redémarre en mode sans échec, si tu sais pas comment on fait lis ceci

- Démarre SpySweeper

- Clic sur "Sweep Now" à gauche

- Clic sur le bouton "Start"

- Quand le scan est terminé, clic sur le bouton "Next"

- Assure toi que tout est coché et clic sur le bouton "Next"

- Lorsque tous les éléments trouvés ont été supprimés

- Clic sur "Session Log" en haut à droite, copie tous les élements du log.

- Ferme les fenêtres et colle tout le log ici ainsi qu'un log HijackThis

 

 

Aide : N'hésite pas à consulter l'Aide de SpySweeper

 

A plus.

[Scratch]

Bonjour,

Désolée pour mon retard, je n'étais pas chez moi ces derniers jours.

J'ai fait ce que tu m'as demandé.

Voila donc le log de spysweeper :

 

18:38: Removal process completed. Elapsed time 00:00:51

18:38: Quarantining All Traces: adviva cookie

18:38: Quarantining All Traces: tribalfusion cookie

18:38: Quarantining All Traces: specificclick.com cookie

18:38: Quarantining All Traces: 247realmedia cookie

18:38: Quarantining All Traces: trafficmp cookie

18:38: Quarantining All Traces: fe.lea.lycos.com cookie

18:38: Quarantining All Traces: redsheriff cookies

18:38: Quarantining All Traces: yieldmanager cookie

18:38: Quarantining All Traces: zedo cookie

18:38: Quarantining All Traces: tradedoubler cookie

18:38: Quarantining All Traces: metriweb.be cookie

18:38: Quarantining All Traces: statcounter cookie

18:38: Quarantining All Traces: advertising cookie

18:38: Quarantining All Traces: mediaplex cookie

18:38: Quarantining All Traces: tacoda cookie

18:38: Quarantining All Traces: revenue.net cookie

18:38: Quarantining All Traces: casalemedia cookie

18:38: Quarantining All Traces: weborama cookie

18:38: Quarantining All Traces: overture cookie

18:37: Quarantining All Traces: comclick cookie

18:37: Quarantining All Traces: adtech cookie

18:37: Quarantining All Traces: xiti cookie

18:37: Quarantining All Traces: serving-sys cookie

18:37: Quarantining All Traces: 2o7.net cookie

18:37: Quarantining All Traces: bs.serving-sys cookie

18:37: Quarantining All Traces: bluestreak cookie

18:37: Quarantining All Traces: atlas dmt cookie

18:37: Removal process initiated

18:32: Traces Found: 100

18:32: Custom Sweep has completed. Elapsed time 02:51:04

18:32: File Sweep Complete, Elapsed Time: 02:48:41

17:39: Warning: TCompressedFile.GetStreams(1): Stream read error

17:39: Warning: Scan aborted for compressed file c:\telechargements\coursge\coursge.zip as it contains more than 10 layers.

17:19: Warning: SweepDirectories: Cannot find directory "i:". This directory was not added to the list of paths to be scanned.

17:19: Warning: SweepDirectories: Cannot find directory "h:". This directory was not added to the list of paths to be scanned.

17:19: Warning: SweepDirectories: Cannot find directory "g:". This directory was not added to the list of paths to be scanned.

17:19: Warning: SweepDirectories: Cannot find directory "f:". This directory was not added to the list of paths to be scanned.

17:19: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.

15:44: Starting File Sweep

15:44: Cookie Sweep Complete, Elapsed Time: 00:00:02

15:44: cookies.txt (ID = 1958)

15:44: cookies.txt (ID = 2354)

15:44: cookies.txt (ID = 2177)

15:44: Found Spy Cookie: adviva cookie

15:44: cookies.txt (ID = 3589)

15:44: Found Spy Cookie: tribalfusion cookie

15:44: cookies.txt (ID = 3399)

15:44: cookies.txt (ID = 3399)

15:44: cookies.txt (ID = 3399)

15:44: cookies.txt (ID = 3399)

15:44: Found Spy Cookie: specificclick.com cookie

15:44: cookies.txt (ID = 1953)

15:44: Found Spy Cookie: 247realmedia cookie

15:44: cookies.txt (ID = 1958)

15:44: cookies.txt (ID = 1957)

15:44: cookies.txt (ID = 3581)

15:44: cookies.txt (ID = 3581)

15:44: cookies.txt (ID = 3581)

15:44: cookies.txt (ID = 3581)

15:44: cookies.txt (ID = 3581)

15:44: cookies.txt (ID = 3581)

15:44: cookies.txt (ID = 3581)

15:44: Found Spy Cookie: trafficmp cookie

15:44: cookies.txt (ID = 3447)

15:44: cookies.txt (ID = 2660)

15:44: Found Spy Cookie: fe.lea.lycos.com cookie

15:44: cookies.txt (ID = 2845)

15:44: cookies.txt (ID = 2845)

15:44: Found Spy Cookie: redsheriff cookies

15:44: cookies.txt (ID = 3575)

15:44: cookies.txt (ID = 3575)

15:44: cookies.txt (ID = 3575)

15:44: cookies.txt (ID = 3575)

15:44: cookies.txt (ID = 2450)

15:44: cookies.txt (ID = 2450)

15:44: cookies.txt (ID = 2450)

15:44: cookies.txt (ID = 2330)

15:44: cookies.txt (ID = 3343)

15:44: cookies.txt (ID = 3343)

15:44: cookies.txt (ID = 3343)

15:44: cookies.txt (ID = 3343)

15:44: cookies.txt (ID = 3343)

15:44: cookies.txt (ID = 2253)

15:44: cookies.txt (ID = 3257)

15:44: cookies.txt (ID = 3751)

15:44: cookies.txt (ID = 3751)

15:44: cookies.txt (ID = 3751)

15:44: cookies.txt (ID = 3751)

15:44: Found Spy Cookie: yieldmanager cookie

15:44: cookies.txt (ID = 6442)

15:44: cookies.txt (ID = 3105)

15:44: cookies.txt (ID = 3105)

15:43: cookies.txt (ID = 2314)

15:43: cookies.txt (ID = 2175)

15:43: cookies.txt (ID = 2175)

15:43: cookies.txt (ID = 2175)

15:43: cookies.txt (ID = 2175)

15:43: cookies.txt (ID = 2155)

15:43: cookies.txt (ID = 2155)

15:43: cookies.txt (ID = 3717)

15:43: cookies.txt (ID = 3658)

15:43: cookies.txt (ID = 3658)

15:43: cookies.txt (ID = 3658)

15:43: cookies.txt (ID = 3658)

15:43: cookies.txt (ID = 3762)

15:43: cookies.txt (ID = 3762)

15:43: Found Spy Cookie: zedo cookie

15:43: cookies.txt (ID = 3575)

15:43: Found Spy Cookie: tradedoubler cookie

15:43: cookies.txt (ID = 2992)

15:43: Found Spy Cookie: metriweb.be cookie

15:43: cookies.txt (ID = 3658)

15:43: cookies.txt (ID = 3658)

15:43: cookies.txt (ID = 3447)

15:43: cookies.txt (ID = 3447)

15:43: cookies.txt (ID = 3447)

15:43: cookies.txt (ID = 3447)

15:43: Found Spy Cookie: statcounter cookie

15:43: cookies.txt (ID = 2175)

15:43: cookies.txt (ID = 2175)

15:43: cookies.txt (ID = 2175)

15:43: Found Spy Cookie: advertising cookie

15:43: cookies.txt (ID = 6442)

15:43: Found Spy Cookie: mediaplex cookie

15:43: cookies.txt (ID = 6444)

15:43: cookies.txt (ID = 6444)

15:43: Found Spy Cookie: tacoda cookie

15:43: cookies.txt (ID = 3257)

15:43: Found Spy Cookie: revenue.net cookie

15:43: cookies.txt (ID = 2354)

15:43: Found Spy Cookie: casalemedia cookie

15:43: cookies.txt (ID = 2314)

15:43: cookies.txt (ID = 2155)

15:43: cookies.txt (ID = 2155)

15:43: cookies.txt (ID = 1958)

15:43: cookies.txt (ID = 2253)

15:43: cookies.txt (ID = 3343)

15:43: cookies.txt (ID = 3343)

15:43: cookies.txt (ID = 3343)

15:43: cookies.txt (ID = 3343)

15:43: cookies.txt (ID = 2330)

15:43: cookies.txt (ID = 3343)

15:43: cookies.txt (ID = 3717)

15:43: compaq_propriétaire@xiti[1].txt (ID = 3717)

15:43: compaq_propriétaire@weborama[1].txt (ID = 3658)

15:43: Found Spy Cookie: weborama cookie

15:43: compaq_propriétaire@serving-sys[1].txt (ID = 3343)

15:43: compaq_propriétaire@overture[1].txt (ID = 3105)

15:43: Found Spy Cookie: overture cookie

15:43: compaq_propriétaire@fl01.ct2.comclick[1].txt (ID = 2450)

15:43: Found Spy Cookie: comclick cookie

15:43: compaq_propriétaire@bs.serving-sys[1].txt (ID = 2330)

15:43: compaq_propriétaire@adtech[2].txt (ID = 2155)

15:43: Found Spy Cookie: adtech cookie

15:43: compaq_propriétaire@2o7[2].txt (ID = 1957)

15:43: christine@xiti[1].txt (ID = 3717)

15:43: Found Spy Cookie: xiti cookie

15:43: christine@serving-sys[2].txt (ID = 3343)

15:43: Found Spy Cookie: serving-sys cookie

15:43: christine@msnportal.112.2o7[1].txt (ID = 1958)

15:43: Found Spy Cookie: 2o7.net cookie

15:43: christine@bs.serving-sys[2].txt (ID = 2330)

15:43: Found Spy Cookie: bs.serving-sys cookie

15:43: christine@bluestreak[1].txt (ID = 2314)

15:43: Found Spy Cookie: bluestreak cookie

15:43: christine@atdmt[2].txt (ID = 2253)

15:43: Found Spy Cookie: atlas dmt cookie

15:43: Starting Cookie Sweep

15:43: Registry Sweep Complete, Elapsed Time:00:01:42

15:43: Memory Sweep Complete, Elapsed Time: 00:00:00

15:43: Starting Registry Sweep

15:42: Starting Memory Sweep

15:41: Sweep initiated using definitions version 934

15:41: Spy Sweeper 5.5.1.3354 started

15:41: | Start of Session, mercredi 20 juin 2007 |

***************

15:41: Program Version 5.5.1.3354 Using Spyware Definitions 934

15:40: Spy Sweeper 5.5.1.3354 started

15:40: | Start of Session, mercredi 20 juin 2007 |

***************

15:26: ApplicationMinimized - EXIT

15:26: ApplicationMinimized - ENTER

Keylogger: Off

E-mail Attachment: On

15:24: Informational: ShieldEmail: Start monitoring port 25 for mail activities

15:24: Informational: ShieldEmail: Start monitoring port 110 for mail activities

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: Off

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

File System Shield: On

Execution Shield: On

System Services Shield: On

IE Hijack Shield: On

IE Tracking Cookies Shield: Off

15:24: Shield States

15:24: License Check Status (0): Success

15:24: Spyware Definitions: 923

15:23: Spy Sweeper 5.5.1.3354 started

15:23: Spy Sweeper 5.5.1.3354 started

15:23: | Start of Session, mercredi 20 juin 2007 |

***************

Keylogger: Off

15:35: Informational: ShieldEmail: Start monitoring port 25 for mail activities

E-mail Attachment: On

15:35: Informational: ShieldEmail: Start monitoring port 110 for mail activities

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: Off

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

File System Shield: On

Execution Shield: On

System Services Shield: On

IE Hijack Shield: On

IE Tracking Cookies Shield: Off

15:35: Shield States

15:35: License Check Status (0): Success

15:35: Spyware Definitions: 934

15:34: Spy Sweeper 5.5.1.3354 started

15:34: Spy Sweeper 5.5.1.3354 started

15:34: | Start of Session, mercredi 20 juin 2007 |

 

Et celui de hijackthis :

 

Logfile of HijackThis v1.99.1

Scan saved at 18:45:13, on 20/06/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\CACHEM~1\CachemanXP.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\system32\DRIVERS\WtSrv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\TheTurtle\TheTurtle.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Vista Start Menu\VistaStartMenu.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Thoosje Vista Sidebar v1.7.8\thoosje's sidebar.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/redirect/startpage/adsl/fra

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Startup: Sidebar .lnk = C:\Program Files\Thoosje Vista Sidebar v1.7.8\thoosje's sidebar.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.5.0) -

O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_...gamesloader.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

 

Merci !

[regis56]

SAlut !

 

Fais ceci stp :

 

Faire un Scan avec cet antivirus en ligne (sous Internet Explorer) :

http://www.bitdefender.com/scan8/ie.html

Cliquer sur "I Agree" et scanner tout le PC.

Penser à accepter l'ActiveX bloqué par la barre anti-popup du SP2 (elle clignotera en haut).

Copier/coller le rapport entier sur le forum.

 

A plus.