Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

[xp] virus probleme disques durs locaux

Dernière réponse le 8 sep 2007 à 20:38:55 cortex, le 27 aoû 2007 à 20:22:48

Signaler ce message aux modérateurs

Bonjour et avant tout merci a tous ceux qui font du tres bon boulot sur ce site et ailleurs,
mon probléme est k'il m'est impossible d'acceder a mes disques durs locaux en double clikant, une fenetre s'ouvre en me demandant "voulez vous ouvrir ouvrir avec ". et kan je veux avec le bouton droit de la souris essayer de l'explorer ou l'ouvrir, j'ai des caractére bizzares ke je ne reconnait pas, les fonction "ouvrir" ou explore" ont disparus et sont remplacés par ces caractéres, en plus mon pc (laptop) est tres lents (des fois kan j'actionne ctrl+alt+suppr je suis à 100% et ca dure. de plus, j'avais kaspersky worstation comme antivirus, spybot et ad-aware, et avg antispyware: kaspersky ne veut plus s'exécuter (j'ai du le désinstaller et le remplacer par AVG 7.5), spy bot aussi (impossible de trouver l'executable, ce racourci n'existe pas (même chose j'ai désinstallé et réinstallé).
je demande de l'aide et je réitéres mes remerciements a tous ceux qui liront ce message ou voudront 'aider.

N.B : vous faites un boulot merveilleu*x, merci pour tout.

Configuration: Windows XP
Internet Explorer 7.0

Posez votre question Répondre

jlpjlp, le 28 aoû 2007 à 09:17:55

Essaye de restaurer ton ordi à une heure antérieure à ce plantage

dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME

_________________

sinon fait:

scan avec avg antivirus

puis

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://www.pandasoftware.fr/Activescan/Activescan.html

scan en ligne firefox

http://fr.trendmicro-europe.com/consumer/housecall/housecall_launch.php

____________________________

AVG antispyxare

http://www.01net.com/...

Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

->Relance AVG AS -> "Analyse" ->"Paramètres"

Sous la question "Comment réagir ?" :

-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

Si un fichier est infecté en fin d'analyse

->Clique sur "Appliquer toutes les actions "

->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici

tu peux aussi scan en mode sans echec avec spybot et ad aware (demarrer l'ordi en appuyant plusieurs fois sur f8)

__________________

si ca persiste

colle un rapport hijackthis
http://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

manuel :

http://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."

Répondre à jlpjlp

Be SMILE, le 28 aoû 2007 à 20:03:32

Avant tout merci beaucoup pour ton aide j'apprécies énormément.
en ce qui cncerne la restauration, ca ne donne rien, la date la plus récente, est celle ou j'ai eu des problémes, donc ca n'a rien donné.
et voilà ce ke tu m'a demadé, du moins j'ai fais du mieux ke j'ai pu. et encore milles fois merci (pour information, j'ai un dusque dur externe, et j'utilise daemon tool, d'où le nombre élevé de disques).
AVG ne veut pas se connecter pour une mise à jour, désolé.
je me permet de t'envoyer les scan ke j'ai déjà effectué.
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, June 29, 2007 9:34:36 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 29/06/2007
Enregistrements dans la base antivirus Kaspersky : 355369
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: étendue
Analyser les archives: vrai
Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Statistiques de l'analyse:
Total d'objets analysés: 73582
Nombre de virus trouvés: 1
Nombre d'objets infectés: 2 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 02:46:35

Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\Administrateur\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{DCCEBE7F-4E08-4270-9660-05B242A0B447} L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Media\11.0\WMSDKNSD.XML L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\MSHist012007062820070629\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Temp\hsperfdata_Administrateur\2548 L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Temp\~DF3BF5.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\ntuser.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\NTUSER.DAT.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-03102007-150226.log L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\outatam\ntuser.dat L'objet est verrouillé ignoré
C:\Documents and Settings\outatam\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Anglais-Francais\AF_AFFI.DAT L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Anglais-Francais\AF_affi.IDX L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Anglais-Francais\af_entALL.IDX L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Anglais-Francais\AF_entlis.idx L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Citations\cit_affi.DAT L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Citations\cit_affi.IDX L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Citations\cit_ent1.IDX L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Citations\cit_ent2.IDX L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Conjugaison\CJ_COMPO.DAT L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Conjugaison\CJ_COMPO.IDX L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Conjugaison\cj_ent.IDX L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Conjugaison\CJ_IMPER.DAT L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Conjugaison\CJ_IMPER.IDX L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Conjugaison\cj_info.DAT L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Conjugaison\cj_info.IDX L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Conjugaison\CJ_PART.DAT L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Conjugaison\CJ_PART.IDX L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Conjugaison\CJ_SIMPL.DAT L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Conjugaison\CJ_SIMPL.IDX L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Definition\def_affi.DAT L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Definition\def_affi.IDX L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Definition\def_entALL.IDX L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Definition\def_entlis.Idx L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Francais-Anglais\fa_affi.DAT L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Francais-Anglais\fa_affi.IDX L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Francais-Anglais\fa_entALL.IDX L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Francais-Anglais\fa_entlis.IDX L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Maximots\Maximots.ind L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Style\sty_affi.DAT L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Style\sty_affi.IDX L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Style\sty_entall.IDX L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Style\sty_entlis.IDX L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Synonymes\syn_AFFI.DAT L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Synonymes\syn_AFFI.IDX L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Synonymes\syn_entall.IDX L'objet est verrouillé ignoré
C:\Program Files\Micro Application\12 DICOS Indispensables\Synonymes\syn_entlis.IDX L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{3AA51383-1463-41A3-9108-0CF96EC3B0DC}\RP268\change.log L'objet est verrouillé ignoré
C:\WINDOWS\CSC\00000001 L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\kav1.tmp L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
D:\Program Files\DAP\History\Administrateur\_lasthist.dat L'objet est verrouillé ignoré
D:\Program Files\DAP\Log\DAP_REPORT.LOG L'objet est verrouillé ignoré
D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
D:\System Volume Information\_restore{3AA51383-1463-41A3-9108-0CF96EC3B0DC}\RP268\change.log L'objet est verrouillé ignoré
J:\RECYCLER\S-1-5-21-484763869-436374069-854245398-500\Dj1.rar/setup.exe Infecté : P2P-Worm.Win32.Kapucen.b ignoré
J:\RECYCLER\S-1-5-21-484763869-436374069-854245398-500\Dj1.rar RAR: infecté - 1 ignoré
J:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
J:\System Volume Information\_restore{3AA51383-1463-41A3-9108-0CF96EC3B0DC}\RP268\change.log L'objet est verrouillé ignoré

Analyse terminée.

ET voici le scan de panda online du mois de juillet :
Incident Statut Analyse

Virus:w32/bagle.hx.worm Désinfecté Système d’exploitation
Hacktool:Rootkit/Mitglieder.OM No Désinfecté C:\Documents and Settings\Administrateur\Application Data\hidires\hidr.exe
Hacktool:Rootkit/Mitglieder.OM No Désinfecté C:\Documents and Settings\Administrateur\Application Data\hidires\rosa.sys
Virus:Eicar.Mod Renommé C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\eicar_html.vir
Hacktool:Rootkit/Mitglieder.OM No Désinfecté C:\WINDOWS\exefld\14713707.exe
Hacktool:Rootkit/Mitglieder.OM No Désinfecté C:\WINDOWS\exefld\15250649.exe
Hacktool:Rootkit/Mitglieder.OM No Désinfecté C:\WINDOWS\exefld\195320.exe
Hacktool:Rootkit/Mitglieder.OJ No Désinfecté C:\WINDOWS\exefld\198745.exe
Hacktool:Rootkit/Mitglieder.OJ No Désinfecté C:\WINDOWS\exefld\203732.exe
Hacktool:Rootkit/Mitglieder.OM No Désinfecté C:\WINDOWS\exefld\205074.exe
Hacktool:Rootkit/Mitglieder.OM No Désinfecté C:\WINDOWS\exefld\29533807.exe
Hacktool:Rootkit/Mitglieder.OM No Désinfecté C:\WINDOWS\exefld\29695539.exe
Hacktool:Rootkit/Mitglieder.OM No Désinfecté C:\WINDOWS\exefld\371309574.exe
Hacktool:Rootkit/Mitglieder.OM No Désinfecté C:\WINDOWS\exefld\391402.exe
Hacktool:Rootkit/Mitglieder.OM No Désinfecté C:\WINDOWS\exefld\43976004.exe
Hacktool:Rootkit/Mitglieder.OJ No Désinfecté C:\WINDOWS\exefld\44127732.exe
Virus:Trj/Mitglieder.OV Désinfecté C:\WINDOWS\system32\hldrrr.exe
Virus:Trj/Mitglieder.OV Désinfecté J:\SALIIIIMMMM\BookWorm\Bookworm Deluxe.exe
Virus:Trj/Mitglieder.OV Désinfecté J:\SALIIIIMMMM\EMULE INCOMMING\Bookworm Deluxe.zip[Bookworm Deluxe.exe]
Virus:Eicar.Mod No Désinfecté J:\SALIIIIMMMM\UTILITAIRE\kaspersky\KAV\data1.cab[eicar.html]
Virus:Eicar.Mod No Désinfecté J:\SALIIIIMMMM\UTILITAIRE\kaspersky\KAV\workstation4.5\data1.cab[eicar.html]

ET CELUI DE BITFENDER ON LINE

BitDefender Online Scanner

généré à: Tue, Aug 28, 2007 - 18:41:45

Voie d'analyse: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;

Statistiques

Temps
03:29:41

Fichiers
463930

Directoires
7308
Rapport d'analyse
Secteurs de boot
3

Archives
9715

Paquets programmes
26740

Résultats

Virus identifiés
7

Fichiers infectés
12

Fichiers suspects
0

Avertissements
0

Désinfectés
0

Fichiers effacés
12

Info sur les moteurs

Définition virus
750279

Version des moteurs
AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)

Analyse des plugins
14

Archive des plugins
38

Unpack des plugins
6

E-mail plugins
6

Système plugins
1

Paramètres d'analyse

Première action
Désinfecté

Seconde Action
Supprimé

Heuristique
Oui

Acceptez les avertissements
Oui

Extensions analysées
*;

Excludez les extensions

Analyse d'emails
Oui

Analyse des Archives
Oui

Analyser paquets programmes
Oui

Analyse des fichiers
Oui

Analyse de boot
Oui

Fichier analysé
Statut

C:\Documents and Settings\Administrateur\Application Data\hidires\rosa.sys
Infecté par: Trojan.Rootkit.Agent.NBD

C:\Documents and Settings\Administrateur\Application Data\hidires\rosa.sys
Echec de la désinfection

C:\Documents and Settings\Administrateur\Application Data\hidires\rosa.sys
Supprimé

C:\System Volume Information\_restore{3AA51383-1463-41A3-9108-0CF96EC3B0DC}\RP305\A0095689.dll
Infecté par: Generic.Malware.SIMDWYNVdprn.D9407F4E

C:\System Volume Information\_restore{3AA51383-1463-41A3-9108-0CF96EC3B0DC}\RP305\A0095689.dll
Echec de la désinfection

C:\System Volume Information\_restore{3AA51383-1463-41A3-9108-0CF96EC3B0DC}\RP305\A0095689.dll
Supprimé

C:\System Volume Information\_restore{3AA51383-1463-41A3-9108-0CF96EC3B0DC}\RP305\A0095705.dll
Infecté par: Generic.Malware.SIMDWYNVdprn.D9407F4E

C:\System Volume Information\_restore{3AA51383-1463-41A3-9108-0CF96EC3B0DC}\RP305\A0095705.dll
Echec de la désinfection

C:\System Volume Information\_restore{3AA51383-1463-41A3-9108-0CF96EC3B0DC}\RP305\A0095705.dll
Supprimé

C:\System Volume Information\_restore{3AA51383-1463-41A3-9108-0CF96EC3B0DC}\RP306\A0095721.sys
Infecté par: Trojan.Rootkit.Agent.NBD

C:\System Volume Information\_restore{3AA51383-1463-41A3-9108-0CF96EC3B0DC}\RP306\A0095721.sys
Echec de la désinfection

C:\System Volume Information\_restore{3AA51383-1463-41A3-9108-0CF96EC3B0DC}\RP306\A0095721.sys
Supprimé

D:\fichier J\UTILITAIRE\keyfinder.exe=>(RAR Sfx o)
Détecté avec: Application.Findkeyxp.N

D:\fichier J\UTILITAIRE\keyfinder.exe=>(RAR Sfx o)
Echec de la désinfection

D:\fichier J\UTILITAIRE\keyfinder.exe=>(RAR Sfx o)
Supprimé

D:\fichier J\UTILITAIRE\keyfinder.exe
Echec de la mise à jour

D:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 0)
Infecté par: Backdoor.Netbus.2.1.A

D:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 0)
Echec de la désinfection

D:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 0)
Supprimé

D:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab
Echec de la mise à jour

D:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 6)
Infecté par: Trojan.AOL.PWSteal

D:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 6)
Echec de la désinfection

D:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 6)
Supprimé

D:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab
Echec de la mise à jour

D:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 7)
Infecté par: Backdoor.Netbus.20.B

D:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 7)
Echec de la désinfection

D:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 7)
Supprimé

D:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab
Echec de la mise à jour

D:\Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 0)
Infecté par: Backdoor.Netbus.2.1.A

D:\Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 0)
Echec de la désinfection

D:\Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 0)
Supprimé

D:\Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab
Echec de la mise à jour

D:\Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 6)
Infecté par: Trojan.AOL.PWSteal

D:\Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 6)
Echec de la désinfection

D:\Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 6)
Supprimé

D:\Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab
Echec de la mise à jour

D:\Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 7)
Infecté par: Backdoor.Netbus.20.B

D:\Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 7)
Echec de la désinfection

D:\Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 7)
Supprimé

D:\Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab
Echec de la mise à jour

J:\Documents and Settings\MILES\Local Settings\Temporary Internet Files\Content.IE5\4XM0QZWQ\popup[1].htm
Infecté par: Trojan.Clicker.CM

J:\Documents and Settings\MILES\Local Settings\Temporary Internet Files\Content.IE5\4XM0QZWQ\popup[1].htm
Echec de la désinfection

J:\Documents and Settings\MILES\Local Settings\Temporary Internet Files\Content.IE5\4XM0QZWQ\popup[1].htm
Supprimé

voilà, et merci pour ton aide. et a tres bientot

Configuration: Windows XP
Internet Explorer 7.0

Répondre à Be SMILE

Be SMILE, le 28 aoû 2007 à 20:20:50

Salut,
j'ai fais un scan avec avgspyware sans mise a jour et ca donne ca /
+ Créé à: 19:14:04 28/08/2007

+ Résultat de l'analyse:

C:\Documents and Settings\Administrateur\Cookies\administrateur@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Aucune action entreprise.
C:\Documents and Settings\Administrateur\Cookies\administrateur@smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
J:\Documents and Settings\MILES\Cookies\miles@toplist[1].txt -> TrackingCookie.Toplist : Aucune action entreprise.
C:\Documents and Settings\Administrateur\Cookies\administrateur@weborama[2].txt -> TrackingCookie.Weborama : Aucune action entreprise.

Fin du rapport

et voici le rapport de l'analyse de avg internet sécurité /
"" "" "Virus identifié Obfustat.AGV" "F:\Documents and Settings\Administrateur\Application Data\hidires\hidr.exe" "30/07/2007 11:26:16" "hidr.exe" "86 KB"
"" "" "Virus identifié Obfustat.AGV" "F:\Documents and Settings\Administrateur\Local Settings\Temp\~48D.exe" "30/07/2007 11:26:16" "~48D.exe" "86 KB"
"" "" "Virus identifié Obfustat.AHV" "F:\Documents and Settings\Administrateur\Local Settings\Temp\~48E.exe" "30/07/2007 11:26:16" "~48E.exe" "55.53 KB"
"" "" "Virus identifié I-Worm/Bagle.TU" "F:\System Volume Information\_restore{3AA51383-1463-41A3-9108-0CF96EC3B0DC}\RP286\A0090784.exe" "30/07/2007 11:26:17" "A0090784.exe" "83 KB"
"" "" "Virus identifié Obfustat.HP" "F:\System Volume Information\_restore{3AA51383-1463-41A3-9108-0CF96EC3B0DC}\RP287\A0091642.exe" "30/07/2007 11:26:17" "A0091642.exe" "83 KB"
"" "" "Virus identifié Obfustat.HP" "F:\WINDOWS\exefld\14713707.exe" "30/07/2007 11:26:17" "14713707.exe" "83 KB"
"" "" "Virus identifié Obfustat.HP" "F:\WINDOWS\exefld\15250649.exe" "30/07/2007 11:26:17" "15250649.exe" "83 KB"
"" "" "Virus identifié Obfustat.HP" "F:\WINDOWS\exefld\195320.exe" "30/07/2007 11:26:17" "195320.exe" "83 KB"
"" "" "Virus identifié I-Worm/Bagle.TU" "F:\WINDOWS\exefld\198745.exe" "30/07/2007 11:26:17" "198745.exe" "83 KB"
"" "" "Virus identifié I-Worm/Bagle.TU" "F:\WINDOWS\exefld\203732.exe" "30/07/2007 11:26:17" "203732.exe" "83 KB"
"" "" "Virus identifié Obfustat.HP" "F:\WINDOWS\exefld\205074.exe" "30/07/2007 11:26:17" "205074.exe" "83 KB"
"" "" "Virus identifié Obfustat.HP" "F:\WINDOWS\exefld\29218994.exe" "30/07/2007 11:26:17" "29218994.exe" "83 KB"
"" "" "Virus identifié Obfustat.HP" "F:\WINDOWS\exefld\29533807.exe" "30/07/2007 11:26:17" "29533807.exe" "83 KB"
"" "" "Virus identifié Obfustat.HP" "F:\WINDOWS\exefld\29695539.exe" "30/07/2007 11:26:17" "29695539.exe" "83 KB"
"" "" "Virus identifié Obfustat.HP" "F:\WINDOWS\exefld\371309574.exe" "30/07/2007 11:26:17" "371309574.exe" "83 KB"
"" "" "Virus identifié Obfustat.HP" "F:\WINDOWS\exefld\391402.exe" "30/07/2007 11:26:17" "391402.exe" "83 KB"
"" "" "Virus identifié Obfustat.HP" "F:\WINDOWS\exefld\43682432.exe" "30/07/2007 11:26:18" "43682432.exe" "83 KB"
"" "" "Virus identifié Obfustat.HP" "F:\WINDOWS\exefld\43976004.exe" "30/07/2007 11:26:18" "43976004.exe" "83 KB"
"" "" "Virus identifié I-Worm/Bagle.TU" "F:\WINDOWS\exefld\44127732.exe" "30/07/2007 11:26:18" "44127732.exe" "83 KB"
"" "" "Virus identifié Obfustat.AHV" "F:\WINDOWS\system32\wintems.exe" "30/07/2007 11:26:18" "wintems.exe" "55.53 KB"
"" "" "Attention: Extension cachee .exe" "C:\Documents and Settings\Administrateur\Mes documents\My Completed Downloads\Ad-aware_Professional_v6.0_Serial.zip.exe" "26/08/2007 14:15:24" "Ad-aware_Professional_v6.0_Serial.zip.exe" "133.56 KB"
"" "" "TrackingCookie.2o7" "C:\Documents and Settings\Administrateur\Cookies\administrateur@2o7[2].txt" "28/08/2007 01:28:35" "administrateur@2o7[2].txt" "156 octets"
"" "" "TrackingCookie.2o7" "C:\Documents and Settings\Administrateur\Cookies\administrateur@msnportal.112.2o7[1].txt" "28/08/2007 01:28:35" "administrateur@msnportal.112.2o7[1].txt" "124 octets"
"" "" "TrackingCookie.Overture" "C:\Documents and Settings\Administrateur\Cookies\administrateur@overture[1].txt" "28/08/2007 01:28:35" "administrateur@overture[1].txt" "102 octets"
"" "" "TrackingCookie.Overture" "C:\Documents and Settings\Administrateur\Cookies\administrateur@perf.overture[1].txt" "28/08/2007 01:28:35" "administrateur@perf.overture[1].txt" "114 octets"
"" "" "TrackingCookie.Smartadserver" "C:\Documents and Settings\Administrateur\Cookies\administrateur@smartadserver[1].txt" "28/08/2007 01:28:35" "administrateur@smartadserver[1].txt" "395 octets"
"" "" "TrackingCookie.Weborama" "C:\Documents and Settings\Administrateur\Cookies\administrateur@weborama[1].txt" "28/08/2007 01:28:35" "administrateur@weborama[1].txt" "189 octets"
"" "" "TrackingCookie.247realmedia" "C:\Documents and Settings\Administrateur\Cookies\administrateur@247realmedia[1].txt" "27/08/2007 01:29:04" "administrateur@247realmedia[1].txt" "690 octets"
"" "" "TrackingCookie.Adtech" "C:\Documents and Settings\Administrateur\Cookies\administrateur@adtech[2].txt" "27/08/2007 01:29:04" "administrateur@adtech[2].txt" "168 octets"
"" "" "TrackingCookie.Webtrends" "C:\Documents and Settings\Administrateur\Cookies\administrateur@m.webtrends[2].txt" "27/08/2007 01:29:04" "administrateur@m.webtrends[2].txt" "187 octets"
"" "" "TrackingCookie.Revenue" "C:\Documents and Settings\Administrateur\Cookies\administrateur@revenue[2].txt" "27/08/2007 01:29:04" "administrateur@revenue[2].txt" "260 octets"
"" "" "TrackingCookie.Smartadserver" "C:\Documents and Settings\Administrateur\Cookies\administrateur@smartadserver[1].txt" "27/08/2007 01:29:04" "administrateur@smartadserver[1].txt" "394 octets"
"" "" "Cheval de Troie Downloader.Generic5.RMD" "E:\WINDOWS\exefld\84020384.exe" "15/08/2007 10:11:30" "84020384.exe" "174.83 KB"
"" "" "Cheval de Troie Downloader.Generic5.RMD" "E:\System Volume Information\_restore{D13DDD2A-9D4D-4245-93F1-1EC754B9810D}\RP25\A0006257.exe" "16/08/2007 16:32:35" "A0006257.exe" "174.83 KB"
"" "" "Cheval de Troie Agent.DYC" "G:\fichier J\SALIM\CrackDown.exe" "30/07/2007 11:26:18" "CrackDown.exe" "390.5 KB"
"" "" "Cheval de Troie Small.AD" "G:\fichier J\UTILITAIRE\ad aware\AVG\keygen AVG.exe" "30/07/2007 11:26:18" "keygen AVG.exe" "52 KB"
"" "" "Cheval de Troie Generic5.JFE" "G:\fichier J\UTILITAIRE\Nouveau dossier\utilitaire 2007\FSCommand\c5.exe" "30/07/2007 11:26:18" "c5.exe" "115.3 KB"
"" "" "Cheval de Troie Generic5.MBY" "G:\fichier J\UTILITAIRE\Nouveau dossier\utilitaire 2007\FSCommand\c9.exe" "30/07/2007 11:26:18" "c9.exe" "129.49 KB"
"" "" "Cheval de Troie Downloader.Generic5.PIO" "G:\Nouveau dossier\aaw2007.exe" "10/08/2007 09:56:53" "aaw2007.exe" "17.32 MB"
"" "" "TrackingCookie.Adtech" "C:\Documents and Settings\MILES\Cookies\miles@adtech[2].txt" "23/08/2007 10:13:55" "miles@adtech[2].txt" "158 octets"
"" "" "TrackingCookie.2o7" "C:\Documents and Settings\MILES\Cookies\miles@divx.112.2o7[1].txt" "18/08/2007 20:14:54" "miles@divx.112.2o7[1].txt" "113 octets"
"" "" "TrackingCookie.Netflame" "C:\Documents and Settings\MILES\Cookies\miles@ssl-hints.netflame[2].txt" "18/08/2007 20:14:55" "miles@ssl-hints.netflame[2].txt" "157 octets"
"" "" "TrackingCookie.2o7" "C:\Documents and Settings\MILES\Cookies\miles@2o7[2].txt" "08/08/2007 16:22:52" "miles@2o7[2].txt" "128 octets"
"" "" "TrackingCookie.Yieldmanager" "C:\Documents and Settings\MILES\Cookies\miles@ad.yieldmanager[1].txt" "08/08/2007 16:22:53" "miles@ad.yieldmanager[1].txt" "196 octets"
"" "" "TrackingCookie.Atdmt" "C:\Documents and Settings\MILES\Cookies\miles@atdmt[2].txt" "08/08/2007 16:22:53" "miles@atdmt[2].txt" "97 octets"
"" "" "TrackingCookie.Hotlog" "C:\Documents and Settings\MILES\Cookies\miles@hotlog[2].txt" "08/08/2007 16:22:53" "miles@hotlog[2].txt" "71 octets"
"" "" "TrackingCookie.2o7" "C:\Documents and Settings\MILES\Cookies\miles@msnportal.112.2o7[1].txt" "08/08/2007 16:22:53" "miles@msnportal.112.2o7[1].txt" "118 octets"
"" "" "TrackingCookie.Skype" "C:\Documents and Settings\MILES\Cookies\miles@site.skype[1].txt" "08/08/2007 16:22:53" "miles@site.skype[1].txt" "95 octets"
"" "" "TrackingCookie.Skype" "C:\Documents and Settings\MILES\Cookies\miles@skype[2].txt" "08/08/2007 16:22:53" "miles@skype[2].txt" "669 octets"
"" "" "TrackingCookie.Smartadserver" "C:\Documents and Settings\MILES\Cookies\miles@smartadserver[2].txt" "08/08/2007 16:22:53" "miles@smartadserver[2].txt" "270 octets"
"" "" "TrackingCookie.Tradedoubler" "C:\Documents and Settings\MILES\Cookies\miles@tradedoubler[1].txt" "08/08/2007 16:22:53" "miles@tradedoubler[1].txt" "119 octets"
"" "" "TrackingCookie.Adbrite" "C:\Documents and Settings\MILES\Cookies\miles@3.adbrite[2].txt" "26/08/2007 04:42:58" "miles@3.adbrite[2].txt" "84 octets"
"" "" "TrackingCookie.Adbrite" "C:\Documents and Settings\MILES\Cookies\miles@adbrite[2].txt" "26/08/2007 04:42:58" "miles@adbrite[2].txt" "338 octets"
"" "" "TrackingCookie.Adbrite" "C:\Documents and Settings\MILES\Cookies\miles@ads.adbrite[2].txt" "26/08/2007 04:42:58" "miles@ads.adbrite[2].txt" "174 octets"
"" "" "TrackingCookie.Comclick" "C:\Documents and Settings\MILES\Cookies\miles@fl01.ct2.comclick[1].txt" "22/08/2007 10:43:45" "miles@fl01.ct2.comclick[1].txt" "270 octets"
"" "" "TrackingCookie.Webtrends" "C:\Documents and Settings\MILES\Cookies\miles@m.webtrends[2].txt" "22/08/2007 10:43:45" "miles@m.webtrends[2].txt" "181 octets"
"" "" "TrackingCookie.Atdmt" "C:\Documents and Settings\MILES\Cookies\miles@atdmt[2].txt" "09/08/2007 09:43:04" "miles@atdmt[2].txt" "96 octets"
"" "" "TrackingCookie.Webtrends" "C:\Documents and Settings\MILES\Cookies\miles@m.webtrends[1].txt" "09/08/2007 09:43:04" "miles@m.webtrends[1].txt" "213 octets"
"" "" "TrackingCookie.2o7" "C:\Documents and Settings\MILES\Cookies\miles@microsoftwga.112.2o7[1].txt" "09/08/2007 09:43:05" "miles@microsoftwga.112.2o7[1].txt" "121 octets"
"" "" "TrackingCookie.Adtech" "C:\Documents and Settings\MILES\Cookies\miles@adtech[2].txt" "21/08/2007 12:54:49" "miles@adtech[2].txt" "160 octets"
"" "" "TrackingCookie.Estat" "C:\Documents and Settings\MILES\Cookies\miles@estat[1].txt" "21/08/2007 12:54:49" "miles@estat[1].txt" "79 octets"
"" "" "TrackingCookie.Weborama" "C:\Documents and Settings\MILES\Cookies\miles@weborama[2].txt" "21/08/2007 12:54:49" "miles@weborama[2].txt" "75 octets"
"" "" "Attention: Extension cachee .exe" "C:\Documents and Settings\MILES\Mes documents\My Completed Downloads\Rarlab_WinRAR_3.70.zip.exe" "23/08/2007 19:32:53" "Rarlab_WinRAR_3.70.zip.exe" "211.76 KB"
"" "" "TrackingCookie.Comclick" "C:\Documents and Settings\MILES\Cookies\miles@fl01.ct2.comclick[1].txt" "20/08/2007 10:09:41" "miles@fl01.ct2.comclick[1].txt" "270 octets"
"" "" "TrackingCookie.2o7" "C:\Documents and Settings\MILES\Cookies\miles@divx.112.2o7[1].txt" "18/08/2007 09:59:39" "miles@divx.112.2o7[1].txt" "111 octets"
"" "" "TrackingCookie.Estat" "C:\Documents and Settings\MILES\Cookies\miles@estat[1].txt" "18/08/2007 09:59:39" "miles@estat[1].txt" "80 octets"
"" "" "TrackingCookie.Real" "C:\Documents and Settings\MILES\Cookies\miles@real[1].txt" "18/08/2007 09:59:39" "miles@real[1].txt" "89 octets"
"" "" "TrackingCookie.Smartadserver" "C:\Documents and Settings\MILES\Cookies\miles@smartadserver[2].txt" "18/08/2007 09:59:39" "miles@smartadserver[2].txt" "270 octets"
"" "" "TrackingCookie.Specificclick" "C:\Documents and Settings\MILES\Cookies\miles@specificclick[2].txt" "18/08/2007 09:59:39" "miles@specificclick[2].txt" "346 octets"
"" "" "TrackingCookie.Netflame" "C:\Documents and Settings\MILES\Cookies\miles@ssl-hints.netflame[1].txt" "18/08/2007 09:59:39" "miles@ssl-hints.netflame[1].txt" "157 octets"
"" "" "TrackingCookie.Weborama" "C:\Documents and Settings\MILES\Cookies\miles@weborama[1].txt" "18/08/2007 09:59:39" "miles@weborama[1].txt" "258 octets"
"" "" "TrackingCookie.2o7" "C:\Documents and Settings\MILES\Cookies\miles@2o7[1].txt" "11/08/2007 09:56:33" "miles@2o7[1].txt" "246 octets"
"" "" "TrackingCookie.Atdmt" "C:\Documents and Settings\MILES\Cookies\miles@atdmt[2].txt" "11/08/2007 09:56:33" "miles@atdmt[2].txt" "96 octets"
"" "" "TrackingCookie.Webtrends" "C:\Documents and Settings\MILES\Cookies\miles@m.webtrends[2].txt" "11/08/2007 09:56:34" "miles@m.webtrends[2].txt" "228 octets"
"" "" "TrackingCookie.2o7" "C:\Documents and Settings\MILES\Cookies\miles@microsoftwga.112.2o7[1].txt" "11/08/2007 09:56:34" "miles@microsoftwga.112.2o7[1].txt" "121 octets"
"" "" "TrackingCookie.Real" "C:\Documents and Settings\MILES\Cookies\miles@realguide.real[1].txt" "11/08/2007 09:56:34" "miles@realguide.real[1].txt" "85 octets"
"" "" "TrackingCookie.Real" "C:\Documents and Settings\MILES\Cookies\miles@real[2].txt" "11/08/2007 09:56:34" "miles@real[2].txt" "597 octets"
"" "" "TrackingCookie.Smartadserver" "C:\Documents and Settings\MILES\Cookies\miles@smartadserver[2].txt" "11/08/2007 09:56:34" "miles@smartadserver[2].txt" "371 octets"
"" "" "TrackingCookie.Tacoda" "C:\Documents and Settings\MILES\Cookies\miles@tacoda[2].txt" "11/08/2007 09:56:34" "miles@tacoda[2].txt" "496 octets"
"" "" "TrackingCookie.Weborama" "C:\Documents and Settings\MILES\Cookies\miles@weborama[2].txt" "11/08/2007 09:56:34" "miles@weborama[2].txt" "84 octets"
"" "" "TrackingCookie.Estat" "C:\Documents and Settings\MILES\Cookies\miles@estat[1].txt" "25/08/2007 14:22:34" "miles@estat[1].txt" "80 octets"
"" "" "TrackingCookie.Comclick" "C:\Documents and Settings\MILES\Cookies\miles@fl01.ct2.comclick[2].txt" "25/08/2007 14:22:34" "miles@fl01.ct2.comclick[2].txt" "323 octets"
"" "" "TrackingCookie.Smartadserver" "C:\Documents and Settings\MILES\Cookies\miles@smartadserver[1].txt" "25/08/2007 14:22:34" "miles@smartadserver[1].txt" "371 octets"
"" "" "TrackingCookie.Netflame" "C:\Documents and Settings\MILES\Cookies\miles@ssl-hints.netflame[1].txt" "25/08/2007 14:22:34" "miles@ssl-hints.netflame[1].txt" "157 octets"
"" "" "TrackingCookie.Weborama" "C:\Documents and Settings\MILES\Cookies\miles@weborama[2].txt" "25/08/2007 14:22:34" "miles@weborama[2].txt" "169 octets"
"" "" "TrackingCookie.Comclick" "C:\Documents and Settings\MILES\Cookies\miles@fl01.ct2.comclick[2].txt" "14/08/2007 09:55:46" "miles@fl01.ct2.comclick[2].txt" "344 octets"
"" "" "TrackingCookie.Webtrends" "C:\Documents and Settings\MILES\Cookies\miles@m.webtrends[2].txt" "14/08/2007 09:55:47" "miles@m.webtrends[2].txt" "181 octets"
"" "" "TrackingCookie.Real" "C:\Documents and Settings\MILES\Cookies\miles@real[2].txt" "14/08/2007 09:55:47" "miles@real[2].txt" "506 octets"
"" "" "TrackingCookie.Weborama" "C:\Documents and Settings\MILES\Cookies\miles@weborama[1].txt" "14/08/2007 09:55:47" "miles@weborama[1].txt" "84 octets"
"" "" "TrackingCookie.Yadro" "C:\Documents and Settings\MILES\Cookies\miles@yadro[1].txt" "14/08/2007 09:55:47" "miles@yadro[1].txt" "73 octets"
"" "" "TrackingCookie.Atdmt" "C:\Documents and Settings\MILES\Cookies\miles@atdmt[1].txt" "10/08/2007 09:56:57" "miles@atdmt[1].txt" "98 octets"
"" "" "TrackingCookie.Com" "C:\Documents and Settings\MILES\Cookies\miles@com[1].txt" "10/08/2007 09:56:57" "miles@com[1].txt" "89 octets"
"" "" "TrackingCookie.Webtrends" "C:\Documents and Settings\MILES\Cookies\miles@m.webtrends[2].txt" "10/08/2007 09:56:57" "miles@m.webtrends[2].txt" "229 octets"
"" "" "TrackingCookie.2o7" "C:\Documents and Settings\MILES\Cookies\miles@microsoftwga.112.2o7[1].txt" "10/08/2007 09:56:57" "miles@microsoftwga.112.2o7[1].txt" "121 octets"
"" "" "TrackingCookie.Smartadserver" "C:\Documents and Settings\MILES\Cookies\miles@smartadserver[2].txt" "10/08/2007 09:56:57" "miles@smartadserver[2].txt" "373 octets"
"" "" "TrackingCookie.Weborama" "C:\Documents and Settings\MILES\Cookies\miles@weborama[1].txt" "10/08/2007 09:56:57" "miles@weborama[1].txt" "167 octets"
"" "" "TrackingCookie.Ivwbox" "C:\Documents and Settings\MILES\Cookies\miles@ivwbox[2].txt" "15/08/2007 10:11:30" "miles@ivwbox[2].txt" "82 octets"
"" "" "TrackingCookie.Real" "C:\Documents and Settings\MILES\Cookies\miles@real[2].txt" "15/08/2007 10:11:30" "miles@real[2].txt" "89 octets"
"" "" "TrackingCookie.Weborama" "C:\Documents and Settings\MILES\Cookies\miles@weborama[2].txt" "15/08/2007 10:11:30" "miles@weborama[2].txt" "257 octets"
"" "" "TrackingCookie.Serving-sys" "C:\Documents and Settings\MILES\Cookies\miles@bs.serving-sys[2].txt" "24/08/2007 10:28:28" "miles@bs.serving-sys[2].txt" "124 octets"
"" "" "TrackingCookie.2o7" "C:\Documents and Settings\MILES\Cookies\miles@numericable.112.2o7[1].txt" "24/08/2007 10:28:29" "miles@numericable.112.2o7[1].txt" "120 octets"
"" "" "TrackingCookie.Overture" "C:\Documents and Settings\MILES\Cookies\miles@overture[1].txt" "24/08/2007 10:28:29" "miles@overture[1].txt" "151 octets"
"" "" "TrackingCookie.Serving-sys" "C:\Documents and Settings\MILES\Cookies\miles@serving-sys[2].txt" "24/08/2007 10:28:29" "miles@serving-sys[2].txt" "410 octets"
"" "" "TrackingCookie.Weborama" "C:\Documents and Settings\MILES\Cookies\miles@weborama[2].txt" "24/08/2007 10:28:29" "miles@weborama[2].txt" "176 octets"
"" "" "TrackingCookie.Atdmt" "C:\Documents and Settings\MILES\Cookies\miles@atdmt[2].txt" "16/08/2007 16:32:35" "miles@atdmt[2].txt" "96 octets"
"" "" "TrackingCookie.2o7" "C:\Documents and Settings\MILES\Cookies\miles@msnportal.112.2o7[1].txt" "16/08/2007 16:32:35" "miles@msnportal.112.2o7[1].txt" "119 octets"
"" "" "TrackingCookie.Weborama" "C:\Documents and Settings\MILES\Cookies\miles@weborama[1].txt" "16/08/2007 16:32:35" "miles@weborama[1].txt" "84 octets"

esperant que ca pourra t'aider et encore merci

Configuration: Windows XP
Internet Explorer 7.0

Répondre à Be SMILE

jlpjlp, le 28 aoû 2007 à 22:44:06

Desactive la restauration syteme pour purger les virus qui seraient dedans (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis parametre)

______________

Téléchargez ELIBAGLA en bas de cette page:

http://www.zonavirus.com/datos/descargas/95/elibagla.asp

* Clique sur le bouton Descargar Elibagla cela va télécharger le fichier, placez le sur votre bureau.
* Double-cliquez dessus pour l'ouvrir
* Assurez-vous que dans le menu déroulant Unidad, vous avez bien C:\
* Vérifiquez aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée
* Cliquez sur le bouton Explorar pour lancer l'analyse

_________________

lance escan en mode sans echec:

http://www.malekal.com/tutorial_eScan_antivirus_toolkit.php
_________________
lance
AVG ANTI ROOTKIT :

http://www.libellules.ch/dotclear/index.php?2007/03/28/1781-avg-anti-rootkit

________________

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
_________________

Colle le rapport :
Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

· Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
· Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
· Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.

http://kerio.probb.fr/tuto-Clean-h37.html

_______

reactive la restauration systeme

_________
refait un scan avg

__________

si ca persiste

colle un rapport hijackthis
http://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

manuel :

http://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Configuration: Windows XP
Firefox 2.0.0.6

Répondre à jlpjlp

Be SMILE, le 29 aoû 2007 à 13:16:29

Bonjour,
j'ai commencé a faire ce que vous m'avez demander, mais quand j'ai téléchargé ELIBAGLA.exe, le bouclier résident d'AVG, m'annonce que c'est un programme dangereux (Heuristic.Win32.AVKiller) que dois je faie svp.
merci

Configuration: Windows XP
Internet Explorer 7.0

Répondre à Be SMILE

jlpjlp, le 29 aoû 2007 à 14:01:18

Desactive avg le temps du scan

Répondre à jlpjlp

Be SMILE, le 31 aoû 2007 à 17:28:30

Re-salut,
apres m'avoir demander de suivre la procédure, j'ai essayé, mais j'ai rencontré beaucoup de problèmes :
a) ELIBAGLA : ne voulias pas s'exécuter "windows ne peut ouvrir ce fichier".
b) pour demmarrer en mode sans echec, impossible même en mode sans echec (SPDT.sys) meme chose avec mode sans echec avec prise en charge reseau, j'ai du choisir mose débogage, et ca a marché.
c) impossible de coller le rapport complet de toolkit, j'ai du copier le début et la fin avec un autre fichier mwXface.

1) mwXface

[0x00000ef4] 30/08/2007 13:05:56:716 :[msvLclnt.dll]ModuleName = C:\Kaspersky\mwavscan.com
[0x00000ef4] 30/08/2007 13:05:56:716 :[msvLclnt.dll]Registry Key Deleted Properly!!!
[0x00000ef4] 30/08/2007 13:05:59:640 :[msvLclnt.dll]Options Set by External applications mwavscan.com are 9896960 (0x970400):
[0x00000ef4] 30/08/2007 13:05:59:640 :[msvLclnt.dll]Mode :PACKED,ARCHIVED,CA,WARNINGS,MAILPLAIN
[0x00000ef4] 30/08/2007 13:05:59:640 :[msvLclnt.dll]TimeOut : ffffffff
[0x00000ef4] 30/08/2007 13:05:59:640 :[msvLclnt.dll]Priority : NORMAL
[0x00000ef4] 30/08/2007 13:06:00:201 :[msvLclnt.dll]VirusCount = 389807 Latest Date = 2007/08/25
[0x00000e84] 30/08/2007 13:16:56:534 :[msvLclnt.dll]VirusCount = 389807 Latest Date = 2007/08/25
[0x00000ef4] 30/08/2007 13:17:07:650 :[msvLclnt.dll]VirusCount = 389807 Latest Date = 2007/08/25
[0x00000230] 30/08/2007 13:20:38:063 :[msvLclnt.dll]ModuleName = C:\Kaspersky\mwavscan.com
[0x00000230] 30/08/2007 13:20:38:063 :[msvLclnt.dll]Registry Key Deleted Properly!!!
[0x00000230] 30/08/2007 13:20:39:946 :[msvLclnt.dll]Options Set by External applications mwavscan.com are 9896960 (0x970400):
[0x00000230] 30/08/2007 13:20:39:946 :[msvLclnt.dll]Mode :PACKED,ARCHIVED,CA,WARNINGS,MAILPLAIN
[0x00000230] 30/08/2007 13:20:39:946 :[msvLclnt.dll]TimeOut : ffffffff
[0x00000230] 30/08/2007 13:20:39:946 :[msvLclnt.dll]Priority : NORMAL
[0x00000230] 30/08/2007 13:20:40:326 :[msvLclnt.dll]VirusCount = 389807 Latest Date = 2007/08/25
[0x000008dc] 30/08/2007 15:24:35:166 :[msvLclnt.dll]ModuleName = C:\Kaspersky\mwavscan.com
[0x000008dc] 30/08/2007 15:24:35:176 :[msvLclnt.dll]Registry Key Deleted Properly!!!
[0x000008dc] 30/08/2007 15:24:51:300 :[msvLclnt.dll]Options Set by External applications mwavscan.com are 9896960 (0x970400):
[0x000008dc] 30/08/2007 15:24:51:300 :[msvLclnt.dll]Mode :PACKED,ARCHIVED,CA,WARNINGS,MAILPLAIN
[0x000008dc] 30/08/2007 15:24:51:300 :[msvLclnt.dll]TimeOut : ffffffff
[0x000008dc] 30/08/2007 15:24:51:300 :[msvLclnt.dll]Priority : NORMAL
[0x000008dc] 30/08/2007 15:24:52:612 :[msvLclnt.dll]VirusCount = 389807 Latest Date = 2007/08/25
[0x00000a14] 30/08/2007 15:31:00:591 :[msvLclnt.dll][00000001] File C:\AutoRun.inf infected by Trojan.Win32.Agent.abt
[0x00000a14] 30/08/2007 15:31:00:961 :[msvLclnt.dll][00000001] File C:\AutoRun.inf infected by Trojan.Win32.Agent.abt
[0x00000a14] 30/08/2007 15:35:28:907 :[msvLclnt.dll][00000001] File C:\Documents and Settings\Administrateur\Bureau\clean.zip infected by not-a-virus:RiskTool.Win32.PsKill.k
[0x00000a14] 30/08/2007 15:43:52:631 :[msvLclnt.dll][00000001] File C:\Documents and Settings\Administrateur\Mes documents\clean\clean\clean\pskill.exe infected by not-a-virus:RiskTool.Win32.PsKill.k
[0x00000a14] 30/08/2007 15:43:53:031 :[msvLclnt.dll][00000001] File C:\Documents and Settings\Administrateur\Mes documents\clean\clean.zip infected by not-a-virus:RiskTool.Win32.PsKill.k
[0x00000a14] 30/08/2007 16:42:24:180 :[msvLclnt.dll][00000001] File D:\AutoRun.inf infected by Trojan.Win32.Agent.abt
[0x00000a14] 30/08/2007 16:42:24:260 :[msvLclnt.dll][00000001] File D:\AutoRun.inf infected by Trojan.Win32.Agent.abt
[0x00000a14] 30/08/2007 16:51:41:492 :[msvLclnt.dll][00000001] File D:\fichier J\UTILITAIRE\keyfinder.exe infected by not-a-virus:PSWTool.Win32.RAS.a
[0x00000a14] 30/08/2007 17:33:38:992 :[msvLclnt.dll][00000001] File J:\Documents and Settings\MILES\Local Settings\Temporary Internet Files\Content.IE5\8T016FCL\stats[1].htm infected by Trojan-Downloader.VBS.Agent.n
[0x00000a14] 30/08/2007 17:33:39:052 :[msvLclnt.dll][00000001] File J:\Documents and Settings\MILES\Local Settings\Temporary Internet Files\Content.IE5\8T016FCL\stats[1].htm infected by Trojan-Downloader.VBS.Agent.n
[0x00000a14] 30/08/2007 18:38:46:150 :[msvLclnt.dll]VirusCount = 389807 Latest Date = 2007/08/25
[0x000008dc] 30/08/2007 19:03:54:038 :[msvLclnt.dll]VirusCount = 389807 Latest Date = 2007/08/25
[0x0000055c] 31/08/2007 16:04:33:812 :[msvLclnt.dll]ModuleName = C:\Kaspersky\mwavscan.com
[0x0000055c] 31/08/2007 16:04:33:892 :[msvLclnt.dll]Registry Key Deleted Properly!!!
[0x0000055c] 31/08/2007 16:04:45:158 :[msvLclnt.dll]Options Set by External applications mwavscan.com are 9896960 (0x970400):
[0x0000055c] 31/08/2007 16:04:45:158 :[msvLclnt.dll]Mode :PACKED,ARCHIVED,CA,WARNINGS,MAILPLAIN
[0x0000055c] 31/08/2007 16:04:45:158 :[msvLclnt.dll]TimeOut : ffffffff
[0x0000055c] 31/08/2007 16:04:45:158 :[msvLclnt.dll]Priority : NORMAL
[0x0000055c] 31/08/2007 16:04:46:340 :[msvLclnt.dll]VirusCount = 389807 Latest Date = 2007/08/25

et voilà ce que j'ai pu coller (car il est impossible de coller tous le rapport, j'ai cru bon de coller ce ke je crois essentiel, le début et la fin )
Thu Aug 30 13:05:56 2007 => **********************************************************
Thu Aug 30 13:05:56 2007 => eScan AntiVirus Toolkit Utility.
Thu Aug 30 13:05:56 2007 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Thu Aug 30 13:05:56 2007 => **********************************************************
Thu Aug 30 13:05:56 2007 => Version 4.4.7
Thu Aug 30 13:05:56 2007 => Log File: C:\KASPER~1\mwav.log
Thu Aug 30 13:05:56 2007 => Latest Date of files inside MWAV: 25 Aug 2007 14:56:52.
Thu Aug 30 13:05:59 2007 => AV Library Loaded...
Thu Aug 30 13:05:59 2007 => Scanning File C:\KASPER~1\kavss.exe
Thu Aug 30 13:05:59 2007 => Scanning File C:\KASPER~1\Getvlist.exe
Thu Aug 30 13:05:59 2007 => Scanning File C:\KASPER~1\kavss.dll
Thu Aug 30 13:05:59 2007 => Scanning File C:\KASPER~1\kavssdi.dll
Thu Aug 30 13:05:59 2007 => Scanning File C:\KASPER~1\kavssi.dll
Thu Aug 30 13:05:59 2007 => Scanning File C:\KASPER~1\kavvlg.dll
Thu Aug 30 13:05:59 2007 => Scanning File C:\KASPER~1\msvlclnt.dll
Thu Aug 30 13:05:59 2007 => Scanning File C:\KASPER~1\ipc.dll
Thu Aug 30 13:06:00 2007 => Scanning File C:\KASPER~1\main.avi
Thu Aug 30 13:06:00 2007 => Scanning File C:\KASPER~1\virus.avi
Thu Aug 30 13:06:00 2007 => Virus Database Date: 2007/08/25
Thu Aug 30 13:06:00 2007 => Virus Database Count: 389807

Thu Aug 30 13:16:48 2007 => **********************************************************
Thu Aug 30 13:16:48 2007 => eScan AntiVirus Toolkit Utility.
Thu Aug 30 13:16:48 2007 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Thu Aug 30 13:16:48 2007 =>
Thu Aug 30 13:16:48 2007 => Support: support@mwti.net
Thu Aug 30 13:16:48 2007 => Web: http://www.mwti.net
Thu Aug 30 13:16:48 2007 => **********************************************************
Thu Aug 30 13:16:48 2007 => Version 4.4.7
Thu Aug 30 13:16:48 2007 => Log File: C:\KASPER~1\mwav.log
Thu Aug 30 13:16:48 2007 => Latest Date of files inside MWAV: 25 Aug 2007 14:56:52.

Thu Aug 30 13:16:48 2007 => Options Selected by User:
Thu Aug 30 13:16:48 2007 => Memory Check: Enabled
Thu Aug 30 13:16:48 2007 => Registry Check: Enabled
Thu Aug 30 13:16:48 2007 => StartUp Folder Check: Enabled
Thu Aug 30 13:16:48 2007 => System Folder Check: Enabled
Thu Aug 30 13:16:48 2007 => System Area Check: Disabled
Thu Aug 30 13:16:48 2007 => Services Check: Enabled
Thu Aug 30 13:16:48 2007 => Drive Check: Disabled
Thu Aug 30 13:16:48 2007 => All Drive Check :Enabled
Thu Aug 30 13:16:48 2007 => Scanning Type: Scan And Clean
Thu Aug 30 13:16:48 2007 => Folder Check: Disabled

Thu Aug 30 13:16:49 2007 => ***** Scanning Memory Files *****
Thu Aug 30 13:16:49 2007 => Scanning File C:\WINDOWS\system32\services.exe
Thu Aug 30 13:16:49 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
Thu Aug 30 13:16:49 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 13:16:49 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 13:16:49 2007 => Scanning File C:\PROGRA~1\WIFD1F~1\MsMpEng.exe
Thu Aug 30 13:16:49 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 30 13:16:49 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 13:16:49 2007 => Scanning File C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
Thu Aug 30 13:16:49 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 13:16:49 2007 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Thu Aug 30 13:16:49 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGANT~1.5\guard.exe
Thu Aug 30 13:16:49 2007 => Scanning File C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
Thu Aug 30 13:16:49 2007 => Scanning File C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
Thu Aug 30 13:16:50 2007 => Scanning File C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
Thu Aug 30 13:16:50 2007 => Scanning File C:\PROGRA~1\WIDCOMM\LOGICI~1\bin\btwdins.exe
Thu Aug 30 13:16:50 2007 => Scanning File C:\WINDOWS\system32\lkcitdl.exe
Thu Aug 30 13:16:50 2007 => Scanning File C:\WINDOWS\system32\lkads.exe
Thu Aug 30 13:16:50 2007 => Scanning File C:\WINDOWS\system32\lktsrv.exe
Thu Aug 30 13:16:50 2007 => Scanning File C:\PROGRA~1\FICHIE~1\MICROS~1\VS7DEBUG\MDM.EXE
Thu Aug 30 13:16:50 2007 => Scanning File C:\WINDOWS\system32\nisvcloc.exe
Thu Aug 30 13:16:50 2007 => Scanning File C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
Thu Aug 30 13:16:50 2007 => Scanning File C:\WINDOWS\Explorer.EXE
Thu Aug 30 13:16:50 2007 => Scanning File C:\PROGRA~1\ADSLAU~1\ADSLAU~1.EXE
Thu Aug 30 13:16:50 2007 => Scanning File C:\WINDOWS\AGRSMMSG.exe
Thu Aug 30 13:16:51 2007 => Scanning File C:\PROGRA~1\SYNAPT~1\SynTP\SynTPLpr.exe
Thu Aug 30 13:16:51 2007 => Scanning File C:\PROGRA~1\SYNAPT~1\SynTP\SynTPEnh.exe
Thu Aug 30 13:16:51 2007 => Scanning File C:\DAEMON~1\daemon.exe
Thu Aug 30 13:16:51 2007 => Scanning File C:\PROGRA~1\Java\JRE16~2.0_0\bin\jusched.exe
Thu Aug 30 13:16:51 2007 => Scanning File C:\WINDOWS\system32\rundll32.exe
Thu Aug 30 13:16:51 2007 => Scanning File C:\PROGRA~1\WIFD1F~1\MSASCui.exe
Thu Aug 30 13:16:52 2007 => Scanning File C:\PROGRA~1\QUICKT~1\qttask.exe
Thu Aug 30 13:16:52 2007 => Scanning File C:\WINDOWS\system32\ctfmon.exe
Thu Aug 30 13:16:52 2007 => Scanning File C:\PROGRA~1\MESSEN~1\msmsgs.exe
Thu Aug 30 13:16:52 2007 => Scanning File C:\PROGRA~1\MICROA~1\12DICO~1\MEDIAD~1.EXE
Thu Aug 30 13:16:52 2007 => Scanning File C:\PROGRA~1\MICROA~1\12DICO~1\Rac12.EXE
Thu Aug 30 13:16:52 2007 => Scanning File C:\PROGRA~1\SUPERC~1\SUPERC~1.EXE
Thu Aug 30 13:16:53 2007 => Scanning File C:\PROGRA~1\WIDCOMM\LOGICI~1\BTTray.exe
Thu Aug 30 13:16:53 2007 => Scanning File C:\PROGRA~1\Larousse\PETITL~1\bin\HYPERA~1.EXE
Thu Aug 30 13:16:53 2007 => Scanning File C:\PROGRA~1\ADSLAU~1\ADSLAU~1.EXE
Thu Aug 30 13:16:53 2007 => Scanning File C:\PROGRA~1\INTERN~1\iexplore.exe
Thu Aug 30 13:16:53 2007 => Scanning File D:\PROGRA~1\DAP\DAP.EXE
Thu Aug 30 13:16:55 2007 => Scanning File C:\Kaspersky\mwavscan.com
Thu Aug 30 13:16:55 2007 => Scanning File C:\Kaspersky\kavss.exe

Thu Aug 30 13:16:55 2007 => ***** Scanning Registry Files *****

Thu Aug 30 13:16:55 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Thu Aug 30 13:16:55 2007 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***
Thu Aug 30 13:16:55 2007 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Thu Aug 30 13:16:55 2007 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***
Thu Aug 30 13:16:55 2007 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Thu Aug 30 13:16:55 2007 => Scanning File C:\WINDOWS\system32\webcheck.dll
Thu Aug 30 13:16:55 2007 => Scanning File C:\WINDOWS\system32\stobject.dll
Thu Aug 30 13:16:55 2007 => Please Wait Exiting Application...
Thu Aug 30 13:16:55 2007 => Scanning File C:\WINDOWS\system32\WPDShServiceObj.dll

Thu Aug 30 13:16:55 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects

Thu Aug 30 13:16:56 2007 => Total Number of Files Scanned: 48
Thu Aug 30 13:16:56 2007 => Total Number of Virus(es) Found: 0
Thu Aug 30 13:16:56 2007 => Total Number of Disinfected Files: 0
Thu Aug 30 13:16:56 2007 => Total Number of Files Renamed: 0
Thu Aug 30 13:16:56 2007 => Total Number of Deleted Files: 0
Thu Aug 30 13:16:56 2007 => Total Number of Errors: 0
Thu Aug 30 13:16:56 2007 => Time Elapsed: 00:00:06

Thu Aug 30 13:16:56 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Thu Aug 30 13:16:56 2007 => Scanning HKCU\Control Panel\Desktop

Thu Aug 30 13:16:56 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Thu Aug 30 13:16:56 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Thu Aug 30 13:16:56 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Thu Aug 30 13:16:56 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Thu Aug 30 13:16:56 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Thu Aug 30 13:16:56 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Thu Aug 30 13:16:56 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Thu Aug 30 13:16:56 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Thu Aug 30 13:16:56 2007 => Scanning HKCR\txtfile\shell\open\command

Thu Aug 30 13:16:56 2007 => Scanning HKCR\comfile\shell\open\command

Thu Aug 30 13:16:56 2007 => Scanning HKCR\exefile\shell\open\command

Thu Aug 30 13:16:56 2007 => Scanning HKCR\dllfile\shell\open\command

Thu Aug 30 13:16:56 2007 => Scanning HKCR\batfile\shell\open\command

Thu Aug 30 13:16:56 2007 => Scanning HKCR\piffile\shell\open\command

Thu Aug 30 13:16:56 2007 => Scanning HKCR\scrfile\shell\open\command

Thu Aug 30 13:16:56 2007 => Scanning HKCR\scrfile\shell\config\command

Thu Aug 30 13:16:56 2007 => Scanning HKCR\regfile\shell\open\command

Thu Aug 30 13:16:56 2007 => ***** Scanning complete. *****
Thu Aug 30 13:16:56 2007 => Virus Database Date: 2007/08/25
Thu Aug 30 13:16:56 2007 => Virus Database Count: 389807

Thu Aug 30 13:16:56 2007 => Scan Completed.

Thu Aug 30 13:17:07 2007 => Virus Database Date: 2007/08/25
Thu Aug 30 13:17:07 2007 => Virus Database Count: 389807
Thu Aug 30 13:18:56 2007 => AV Library Unloaded (3)...
Thu Aug 30 13:20:38 2007 => **********************************************************
Thu Aug 30 13:20:38 2007 => eScan AntiVirus Toolkit Utility.
Thu Aug 30 13:20:38 2007 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Thu Aug 30 13:20:38 2007 => **********************************************************
Thu Aug 30 13:20:38 2007 => Version 4.4.7
Thu Aug 30 13:20:38 2007 => Log File: C:\KASPER~1\mwav.log
Thu Aug 30 13:20:38 2007 => Latest Date of files inside MWAV: 25 Aug 2007 14:56:52.
Thu Aug 30 13:20:39 2007 => AV Library Loaded...
Thu Aug 30 13:20:39 2007 => Scanning File C:\KASPER~1\kavss.exe
Thu Aug 30 13:20:39 2007 => Scanning File C:\KASPER~1\Getvlist.exe
Thu Aug 30 13:20:40 2007 => Scanning File C:\KASPER~1\kavss.dll
Thu Aug 30 13:20:40 2007 => Scanning File C:\KASPER~1\kavssdi.dll
Thu Aug 30 13:20:40 2007 => Scanning File C:\KASPER~1\kavssi.dll
Thu Aug 30 13:20:40 2007 => Scanning File C:\KASPER~1\kavvlg.dll
Thu Aug 30 13:20:40 2007 => Scanning File C:\KASPER~1\msvlclnt.dll
Thu Aug 30 13:20:40 2007 => Scanning File C:\KASPER~1\ipc.dll
Thu Aug 30 13:20:40 2007 => Scanning File C:\KASPER~1\main.avi
Thu Aug 30 13:20:40 2007 => Scanning File C:\KASPER~1\virus.avi
Thu Aug 30 13:20:40 2007 => Virus Database Date: 2007/08/25
Thu Aug 30 13:20:40 2007 => Virus Database Count: 389807
Thu Aug 30 13:20:43 2007 => AV Library Unloaded (3)...
Thu Aug 30 15:24:19 2007 => **********************************************************
Thu Aug 30 15:24:19 2007 => eScan AntiVirus Toolkit Utility.
Thu Aug 30 15:24:19 2007 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Thu Aug 30 15:24:19 2007 => **********************************************************
Thu Aug 30 15:24:19 2007 => Version 4.4.7
Thu Aug 30 15:24:19 2007 => Log File: C:\KASPER~1\mwav.log
Thu Aug 30 15:24:34 2007 => Latest Date of files inside MWAV: 25 Aug 2007 14:56:52.
Thu Aug 30 15:24:51 2007 => AV Library Loaded...
Thu Aug 30 15:24:51 2007 => Scanning File C:\KASPER~1\kavss.exe
Thu Aug 30 15:24:51 2007 => Scanning File C:\KASPER~1\Getvlist.exe
Thu Aug 30 15:24:51 2007 => Scanning File C:\KASPER~1\kavss.dll
Thu Aug 30 15:24:51 2007 => Scanning File C:\KASPER~1\kavssdi.dll
Thu Aug 30 15:24:51 2007 => Scanning File C:\KASPER~1\kavssi.dll
Thu Aug 30 15:24:51 2007 => Scanning File C:\KASPER~1\kavvlg.dll
Thu Aug 30 15:24:51 2007 => Scanning File C:\KASPER~1\msvlclnt.dll
Thu Aug 30 15:24:51 2007 => Scanning File C:\KASPER~1\ipc.dll
Thu Aug 30 15:24:51 2007 => Scanning File C:\KASPER~1\main.avi
Thu Aug 30 15:24:51 2007 => Scanning File C:\KASPER~1\virus.avi
Thu Aug 30 15:24:52 2007 => Virus Database Date: 2007/08/25
Thu Aug 30 15:24:52 2007 => Virus Database Count: 389807

Thu Aug 30 15:25:28 2007 => **********************************************************
Thu Aug 30 15:25:28 2007 => eScan AntiVirus Toolkit Utility.
Thu Aug 30 15:25:28 2007 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Thu Aug 30 15:25:28 2007 =>
Thu Aug 30 15:25:28 2007 => Support: support@mwti.net
Thu Aug 30 15:25:28 2007 => Web: http://www.mwti.net
Thu Aug 30 15:25:28 2007 => **********************************************************
Thu Aug 30 15:25:28 2007 => Version 4.4.7
Thu Aug 30 15:25:28 2007 => Log File: C:\KASPER~1\mwav.log
Thu Aug 30 15:25:28 2007 => Latest Date of files inside MWAV: 25 Aug 2007 14:56:52.

Thu Aug 30 15:25:28 2007 => Options Selected by User:
Thu Aug 30 15:25:28 2007 => Memory Check: Enabled
Thu Aug 30 15:25:28 2007 => Registry Check: Enabled
Thu Aug 30 15:25:28 2007 => StartUp Folder Check: Enabled
Thu Aug 30 15:25:28 2007 => System Folder Check: Enabled
Thu Aug 30 15:25:28 2007 => System Area Check: Disabled
Thu Aug 30 15:25:28 2007 => Services Check: Enabled
Thu Aug 30 15:25:28 2007 => Drive Check: Disabled
Thu Aug 30 15:25:28 2007 => All Drive Check :Enabled
Thu Aug 30 15:25:28 2007 => Scanning Type: Scan And Clean
Thu Aug 30 15:25:28 2007 => Folder Check: Disabled

Thu Aug 30 15:25:28 2007 => ***** Scanning Memory Files *****
Thu Aug 30 15:25:28 2007 => Scanning File C:\WINDOWS\system32\services.exe
Thu Aug 30 15:25:29 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
Thu Aug 30 15:25:29 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:25:29 2007 => Scanning File C:\PROGRA~1\WIFD1F~1\MsMpEng.exe
Thu Aug 30 15:25:29 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 30 15:25:29 2007 => Scanning File C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
Thu Aug 30 15:25:29 2007 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Thu Aug 30 15:25:29 2007 => Scanning File C:\WINDOWS\Explorer.EXE
Thu Aug 30 15:25:29 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGANT~1.5\guard.exe
Thu Aug 30 15:25:30 2007 => Scanning File C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
Thu Aug 30 15:25:30 2007 => Scanning File C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
Thu Aug 30 15:25:30 2007 => Scanning File C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
Thu Aug 30 15:25:30 2007 => Scanning File C:\PROGRA~1\WIDCOMM\LOGICI~1\bin\btwdins.exe
Thu Aug 30 15:25:30 2007 => Scanning File C:\WINDOWS\system32\lkcitdl.exe
Thu Aug 30 15:25:31 2007 => Scanning File C:\WINDOWS\system32\lkads.exe
Thu Aug 30 15:25:31 2007 => Scanning File C:\WINDOWS\system32\lktsrv.exe
Thu Aug 30 15:25:31 2007 => Scanning File C:\PROGRA~1\FICHIE~1\MICROS~1\VS7DEBUG\MDM.EXE
Thu Aug 30 15:25:31 2007 => Scanning File C:\WINDOWS\system32\nisvcloc.exe
Thu Aug 30 15:25:31 2007 => Scanning File C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
Thu Aug 30 15:25:31 2007 => Scanning File C:\PROGRA~1\ADSLAU~1\ADSLAU~1.EXE
Thu Aug 30 15:25:32 2007 => Scanning File C:\WINDOWS\system32\wuauclt.exe
Thu Aug 30 15:25:32 2007 => Scanning File C:\Kaspersky\mwavscan.com
Thu Aug 30 15:25:32 2007 => Scanning File C:\Kaspersky\kavss.exe

Thu Aug 30 15:25:33 2007 => ***** Scanning Registry Files *****

Thu Aug 30 15:25:33 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Thu Aug 30 15:25:33 2007 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***
Thu Aug 30 15:25:33 2007 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Thu Aug 30 15:25:33 2007 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***
Thu Aug 30 15:25:33 2007 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Thu Aug 30 15:25:33 2007 => Scanning File C:\WINDOWS\system32\webcheck.dll
Thu Aug 30 15:25:33 2007 => Scanning File C:\WINDOWS\system32\stobject.dll
Thu Aug 30 15:25:34 2007 => Scanning File C:\WINDOWS\system32\WPDShServiceObj.dll

Thu Aug 30 15:25:34 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
Thu Aug 30 15:25:34 2007 => {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
Thu Aug 30 15:25:34 2007 => Scanning File C:\PROGRA~1\FICHIE~1\Adobe\Acrobat\ActiveX\ACROIE~1.DLL
Thu Aug 30 15:25:34 2007 => {53707962-6F74-2D53-2644-206D7942484F} = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
Thu Aug 30 15:25:34 2007 => Scanning File C:\PROGRA~1\SPYBOT~1\SDHelper.dll
Thu Aug 30 15:25:35 2007 => {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} = C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
Thu Aug 30 15:25:35 2007 => Scanning File C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

Thu Aug 30 15:25:35 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Thu Aug 30 15:25:35 2007 => Scanning File C:\WINDOWS\Explorer.exe
Thu Aug 30 15:25:35 2007 => Scanning File C:\WINDOWS\system32\userinit.exe

Thu Aug 30 15:25:35 2007 => Scanning HKCU\Control Panel\Desktop
Thu Aug 30 15:25:35 2007 => Scanning File C:\WINDOWS\system32\logon.scr

Thu Aug 30 15:25:35 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Thu Aug 30 15:25:35 2007 => Scanning File C:\WINDOWS\AGRSMMSG.exe
Thu Aug 30 15:25:36 2007 => Scanning File C:\PROGRA~1\FICHIE~1\Sonic\UPDATE~1\sgtray.exe
Thu Aug 30 15:25:36 2007 => Scanning File C:\PROGRA~1\SYNAPT~1\SynTP\SynTPLpr.exe
Thu Aug 30 15:25:36 2007 => Scanning File C:\PROGRA~1\SYNAPT~1\SynTP\SynTPEnh.exe
Thu Aug 30 15:25:37 2007 => Scanning File C:\WINDOWS\system32\Ati2mdxx.exe
Thu Aug 30 15:25:37 2007 => Scanning File C:\DAEMON~1\daemon.exe
Thu Aug 30 15:25:37 2007 => Scanning File C:\PROGRA~1\Java\JRE16~2.0_0\bin\jusched.exe
Thu Aug 30 15:25:38 2007 => Scanning File C:\WINDOWS\system32\rundll32.exe
Thu Aug 30 15:25:38 2007 => Scanning File C:\PROGRA~1\WIFD1F~1\MSASCui.exe
Thu Aug 30 15:25:39 2007 => Scanning File C:\PROGRA~1\QUICKT~1\qttask.exe
Thu Aug 30 15:25:39 2007 => Scanning File C:\PROGRA~1\FICHIE~1\Real\UPDATE~1\REALON~1.EXE
Thu Aug 30 15:25:40 2007 => Scanning File C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE
Thu Aug 30 15:25:40 2007 => ERROR!!! Invalid Entry hldrrr = C:\WINDOWS\system32\hldrrr.exe. Removing it.
Thu Aug 30 15:25:40 2007 => *** File C:\PROGRA~1\Grisoft\AVGANT~1.5\avgas.exe having Size Restriction ***
Thu Aug 30 15:25:40 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGANT~1.5\avgas.exe [**]

Thu Aug 30 15:25:40 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Thu Aug 30 15:25:40 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Thu Aug 30 15:25:40 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Thu Aug 30 15:25:40 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Thu Aug 30 15:25:40 2007 => Scanning File C:\WINDOWS\system32\ctfmon.exe
Thu Aug 30 15:25:40 2007 => Scanning File C:\PROGRA~1\MICROA~1\12DICO~1\LANCEM~1.EXE
Thu Aug 30 15:25:40 2007 => Scanning File C:\PROGRA~1\MESSEN~1\msmsgs.exe
Thu Aug 30 15:25:41 2007 => Scanning File C:\PROGRA~1\SUPERC~1\SUPERC~1.EXE
Thu Aug 30 15:25:42 2007 => ERROR!!! Invalid Entry drvsyskit = C:\Documents and Settings\Administrateur\Application Data\hidires\hidr.exe. Removing it.
Thu Aug 30 15:25:42 2007 => ERROR!!! Invalid Entry german.exe = C:\WINDOWS\system32\wintems.exe. Removing it.

Thu Aug 30 15:25:42 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Thu Aug 30 15:25:42 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Thu Aug 30 15:25:42 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Thu Aug 30 15:25:42 2007 => Scanning HKCR\txtfile\shell\open\command

Thu Aug 30 15:25:42 2007 => Scanning HKCR\comfile\shell\open\command

Thu Aug 30 15:25:42 2007 => Scanning HKCR\exefile\shell\open\command

Thu Aug 30 15:25:42 2007 => Scanning HKCR\dllfile\shell\open\command

Thu Aug 30 15:25:42 2007 => Scanning HKCR\batfile\shell\open\command

Thu Aug 30 15:25:42 2007 => Scanning HKCR\piffile\shell\open\command

Thu Aug 30 15:25:42 2007 => Scanning HKCR\scrfile\shell\open\command

Thu Aug 30 15:25:42 2007 => Scanning HKCR\scrfile\shell\config\command

Thu Aug 30 15:25:42 2007 => Scanning HKCR\regfile\shell\open\command

Thu Aug 30 15:25:42 2007 => ***** Scanning StartUp Folders *****

Thu Aug 30 15:25:42 2007 => ***** Scanning C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage Folder *****
Thu Aug 30 15:25:42 2007 => Scanning Folder: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\*.*
Thu Aug 30 15:25:42 2007 => Scanning File C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\desktop.ini

Thu Aug 30 15:25:42 2007 => ***** Scanning C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Folder *****
Thu Aug 30 15:25:42 2007 => Scanning Folder: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\*.*
Thu Aug 30 15:25:42 2007 => Scanning File C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
Thu Aug 30 15:25:42 2007 => Scanning File C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
Thu Aug 30 15:25:42 2007 => Scanning File C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Hyperappel du Petit Larousse 2007.lnk

Thu Aug 30 15:25:42 2007 => ***** Scanning Service Files *****
Thu Aug 30 15:25:42 2007 => Scanning HKLM\SYSTEM\CurrentControlSet\Services
Thu Aug 30 15:25:42 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ACPI.sys
Thu Aug 30 15:25:42 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
Thu Aug 30 15:25:42 2007 => Scanning File C:\PROGRA~1\ADSLAU~1\ADSLAU~1.EXE
Thu Aug 30 15:25:42 2007 => Scanning File C:\WINDOWS\system32\drivers\aeaudio.sys
Thu Aug 30 15:25:43 2007 => Scanning File C:\WINDOWS\system32\drivers\aec.sys
Thu Aug 30 15:25:43 2007 => Scanning File C:\WINDOWS\System32\drivers\afd.sys
Thu Aug 30 15:25:43 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\AGRSM.sys
Thu Aug 30 15:25:44 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\agp440.sys
Thu Aug 30 15:25:44 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:25:44 2007 => Scanning File C:\WINDOWS\System32\alg.exe
Thu Aug 30 15:25:45 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:25:45 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\arp1394.sys
Thu Aug 30 15:25:45 2007 => Scanning File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Thu Aug 30 15:25:45 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\asyncmac.sys
Thu Aug 30 15:25:45 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\atapi.sys
Thu Aug 30 15:25:45 2007 => Scanning File C:\WINDOWS\system32\Ati2evxx.exe
Thu Aug 30 15:25:46 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Thu Aug 30 15:25:46 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\atmarpc.sys
Thu Aug 30 15:25:46 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 30 15:25:46 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\audstub.sys
Thu Aug 30 15:25:46 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\avgarkt.sys
Thu Aug 30 15:25:46 2007 => Scanning File C:\PROGRA~1\GRISOFT\AVGANT~1.5\GUARD.SYS
Thu Aug 30 15:25:46 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGANT~1.5\guard.exe
Thu Aug 30 15:25:46 2007 => Scanning File C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
Thu Aug 30 15:25:46 2007 => Scanning File C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
Thu Aug 30 15:25:46 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\AvgArCln.sys
Thu Aug 30 15:25:47 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys
Thu Aug 30 15:25:47 2007 => Scanning File C:\WINDOWS\System32\Drivers\avgclean.sys
Thu Aug 30 15:25:47 2007 => Scanning File C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
Thu Aug 30 15:25:47 2007 => Scanning File C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
Thu Aug 30 15:25:47 2007 => Scanning File C:\WINDOWS\System32\Drivers\avgmfx86.sys
Thu Aug 30 15:25:47 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:25:47 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:25:47 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\btport.sys
Thu Aug 30 15:25:50 2007 => Scanning File C:\WINDOWS\system32\drivers\btkrnl.sys
Thu Aug 30 15:25:50 2007 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\BTSERIAL.SYS
Thu Aug 30 15:25:50 2007 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\BTSLBCSP.SYS
Thu Aug 30 15:25:51 2007 => Scanning File C:\PROGRA~1\WIDCOMM\LOGICI~1\bin\btwdins.exe
Thu Aug 30 15:25:51 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\btwdndis.sys
Thu Aug 30 15:25:51 2007 => Scanning File C:\WINDOWS\system32\Drivers\btwusb.sys
Thu Aug 30 15:25:51 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\cdrom.sys
Thu Aug 30 15:25:51 2007 => Scanning File C:\WINDOWS\system32\cisvc.exe
Thu Aug 30 15:25:51 2007 => Scanning File C:\WINDOWS\system32\clipsrv.exe
Thu Aug 30 15:25:51 2007 => Scanning File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Thu Aug 30 15:25:52 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Thu Aug 30 15:25:52 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\compbatt.sys
Thu Aug 30 15:25:52 2007 => Scanning File C:\WINDOWS\system32\dllhost.exe
Thu Aug 30 15:25:52 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:25:52 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:25:52 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:25:52 2007 => ERROR!!! Invalid Entry C:\WINDOWS\system32\directx.exe in SYSTEM\CurrentControlSet\Services\DirectWetb...
Thu Aug 30 15:25:52 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\disk.sys
Thu Aug 30 15:25:53 2007 => Scanning File C:\WINDOWS\System32\dmadmin.exe
Thu Aug 30 15:25:53 2007 => Scanning File C:\WINDOWS\system32\drivers\dmboot.sys
Thu Aug 30 15:25:54 2007 => Scanning File C:\WINDOWS\system32\drivers\dmio.sys
Thu Aug 30 15:25:54 2007 => Scanning File C:\WINDOWS\system32\drivers\dmload.sys
Thu Aug 30 15:25:54 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 30 15:25:54 2007 => Scanning File C:\WINDOWS\system32\drivers\DMusic.sys
Thu Aug 30 15:25:55 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:25:55 2007 => Scanning File C:\WINDOWS\system32\drivers\drmkaud.sys
Thu Aug 30 15:25:55 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 30 15:25:55 2007 => Scanning File C:\WINDOWS\system32\services.exe
Thu Aug 30 15:25:55 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:25:55 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 30 15:25:55 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\fltMgr.sys
Thu Aug 30 15:25:55 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ftdisk.sys
Thu Aug 30 15:25:56 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\msgpc.sys
Thu Aug 30 15:25:56 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 30 15:25:56 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 30 15:25:56 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\hidusb.sys
Thu Aug 30 15:25:56 2007 => Scanning File C:\WINDOWS\system32\Drivers\HTTP.sys
Thu Aug 30 15:25:57 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 30 15:25:57 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Thu Aug 30 15:25:57 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\imapi.sys
Thu Aug 30 15:25:57 2007 => Scanning File C:\WINDOWS\system32\imapi.exe
Thu Aug 30 15:25:57 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\intelide.sys
Thu Aug 30 15:25:57 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\intelppm.sys
Thu Aug 30 15:25:58 2007 => Scanning File C:\WINDOWS\system32\drivers\ioyxsgycimtr.sys
Thu Aug 30 15:25:58 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
Thu Aug 30 15:25:58 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
Thu Aug 30 15:25:58 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ipinip.sys
Thu Aug 30 15:25:58 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ipnat.sys
Thu Aug 30 15:25:58 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ipsec.sys
Thu Aug 30 15:25:58 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\irda.sys
Thu Aug 30 15:25:58 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\irenum.sys
Thu Aug 30 15:25:58 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:25:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\isapnp.sys
Thu Aug 30 15:25:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Thu Aug 30 15:25:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Thu Aug 30 15:25:59 2007 => Scanning File C:\WINDOWS\system32\drivers\kmixer.sys
Thu Aug 30 15:25:59 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:25:59 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:25:59 2007 => Scanning File C:\WINDOWS\system32\lkcitdl.exe
Thu Aug 30 15:25:59 2007 => Scanning File C:\WINDOWS\system32\lkads.exe
Thu Aug 30 15:25:59 2007 => Scanning File C:\WINDOWS\system32\lktsrv.exe
Thu Aug 30 15:25:59 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:25:59 2007 => Scanning File C:\PROGRA~1\FICHIE~1\MICROS~1\VS7DEBUG\MDM.EXE
Thu Aug 30 15:25:59 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:25:59 2007 => Scanning File C:\WINDOWS\system32\mnmsrvc.exe
Thu Aug 30 15:26:00 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mouclass.sys
Thu Aug 30 15:26:00 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mouhid.sys
Thu Aug 30 15:26:00 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Thu Aug 30 15:26:00 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Thu Aug 30 15:26:00 2007 => Scanning File C:\WINDOWS\system32\msdtc.exe
Thu Aug 30 15:26:01 2007 => Scanning File C:\WINDOWS\system32\msiexec.exe
Thu Aug 30 15:26:01 2007 => Scanning File C:\WINDOWS\system32\drivers\MSKSSRV.sys
Thu Aug 30 15:26:01 2007 => Scanning File C:\WINDOWS\system32\drivers\MSPCLOCK.sys
Thu Aug 30 15:26:01 2007 => Scanning File C:\WINDOWS\system32\drivers\MSPQM.sys
Thu Aug 30 15:26:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Thu Aug 30 15:26:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Thu Aug 30 15:26:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Thu Aug 30 15:26:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Thu Aug 30 15:26:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\netbios.sys
Thu Aug 30 15:26:02 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\netbt.sys
Thu Aug 30 15:26:02 2007 => Scanning File C:\WINDOWS\system32\netdde.exe
Thu Aug 30 15:26:02 2007 => Scanning File C:\WINDOWS\system32\netdde.exe
Thu Aug 30 15:26:02 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
Thu Aug 30 15:26:02 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 30 15:26:02 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\nic1394.sys
Thu Aug 30 15:26:02 2007 => ERROR!!! Invalid Entry "J:\nationalm instrument\Shared\Security\nidmsrv.exe" in SYSTEM\CurrentControlSet\Services\NIDomainService...
Thu Aug 30 15:26:02 2007 => ERROR!!! Invalid Entry "J:\nationalm instrument\Shared\License Manager\Bin\lmgrd.exe" in SYSTEM\CurrentControlSet\Services\NILM License Manager...
Thu Aug 30 15:26:02 2007 => Scanning File C:\WINDOWS\system32\nisvcloc.exe
Thu Aug 30 15:26:02 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:26:02 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
Thu Aug 30 15:26:02 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:26:02 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
Thu Aug 30 15:26:03 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
Thu Aug 30 15:26:03 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ohci1394.sys
Thu Aug 30 15:26:03 2007 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS
Thu Aug 30 15:26:03 2007 => Scanning File C:\PROGRA~1\FICHIE~1\MICROS~1\SOURCE~1\OSE.EXE
Thu Aug 30 15:26:03 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\parport.sys
Thu Aug 30 15:26:03 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\pci.sys
Thu Aug 30 15:26:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\pciide.sys
Thu Aug 30 15:26:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\pcmcia.sys
Thu Aug 30 15:26:04 2007 => Scanning File C:\WINDOWS\system32\services.exe
Thu Aug 30 15:26:04 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
Thu Aug 30 15:26:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\raspptp.sys
Thu Aug 30 15:26:04 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
Thu Aug 30 15:26:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\psched.sys
Thu Aug 30 15:26:04 2007 => Scanning File C:\WINDOWS\system32\drivers\psxpad.sys
Thu Aug 30 15:26:04 2007 => Scanning File C:\WINDOWS\system32\Drivers\psxenum.sys
Thu Aug 30 15:26:05 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ptilink.sys
Thu Aug 30 15:26:05 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
Thu Aug 30 15:26:05 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\rasacd.sys
Thu Aug 30 15:26:05 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:26:05 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\rasirda.sys
Thu Aug 30 15:26:05 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Thu Aug 30 15:26:06 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:26:06 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Thu Aug 30 15:26:06 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\raspti.sys
Thu Aug 30 15:26:06 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\rdbss.sys
Thu Aug 30 15:26:06 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
Thu Aug 30 15:26:06 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Thu Aug 30 15:26:06 2007 => Scanning File C:\WINDOWS\system32\sessmgr.exe
Thu Aug 30 15:26:06 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\redbook.sys
Thu Aug 30 15:26:06 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:26:07 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:26:07 2007 => Scanning File C:\WINDOWS\system32\Drivers\RootMdm.sys
Thu Aug 30 15:26:07 2007 => ERROR!!! Invalid Entry \??\C:\Documents and Settings\Administrateur\Application Data\hidires\rosa.sys in SYSTEM\CurrentControlSet\Services\rosa...
Thu Aug 30 15:26:07 2007 => Scanning File C:\WINDOWS\system32\locator.exe
Thu Aug 30 15:26:07 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:26:07 2007 => Scanning File C:\WINDOWS\system32\rsvp.exe
Thu Aug 30 15:26:07 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
Thu Aug 30 15:26:07 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
Thu Aug 30 15:26:07 2007 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Thu Aug 30 15:26:08 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 30 15:26:08 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\secdrv.sys
Thu Aug 30 15:26:08 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 30 15:26:08 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:26:08 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\serenum.sys
Thu Aug 30 15:26:08 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\serial.sys
Thu Aug 30 15:26:08 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:26:08 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 30 15:26:08 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\smcirda.sys
Thu Aug 30 15:26:08 2007 => Scanning File C:\WINDOWS\system32\drivers\smwdm.sys
Thu Aug 30 15:26:09 2007 => Scanning File C:\WINDOWS\system32\drivers\splitter.sys
Thu Aug 30 15:26:09 2007 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Thu Aug 30 15:26:09 2007 => Scanning File C:\WINDOWS\system32\Drivers\sptd.sys
Thu Aug 30 15:26:10 2007 => ERROR!!! ScanFile Fails...
Thu Aug 30 15:26:10 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\sr.sys
Thu Aug 30 15:26:10 2007 => ERROR!!! Invalid Entry system32\ZoneLabs\srescan.sys in SYSTEM\CurrentControlSet\Services\srescan...
Thu Aug 30 15:26:10 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:26:10 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\srv.sys
Thu Aug 30 15:26:10 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:26:10 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:26:10 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\stmatm.sys
Thu Aug 30 15:26:10 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\swenum.sys
Thu Aug 30 15:26:10 2007 => Scanning File C:\WINDOWS\system32\drivers\swmidi.sys
Thu Aug 30 15:26:11 2007 => Scanning File C:\WINDOWS\system32\dllhost.exe
Thu Aug 30 15:26:11 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\SynTP.sys
Thu Aug 30 15:26:11 2007 => Scanning File C:\WINDOWS\system32\drivers\sysaudio.sys
Thu Aug 30 15:26:11 2007 => Scanning File C:\WINDOWS\system32\smlogsvc.exe
Thu Aug 30 15:26:11 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 30 15:26:11 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\torususb.sys
Thu Aug 30 15:26:12 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\tcpip.sys
Thu Aug 30 15:26:12 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\termdd.sys
Thu Aug 30 15:26:12 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 30 15:26:12 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 30 15:26:12 2007 => Scanning File C:\WINDOWS\system32\tlntsvr.exe
Thu Aug 30 15:26:12 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:26:12 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\update.sys
Thu Aug 30 15:26:12 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:26:12 2007 => Scanning File C:\WINDOWS\System32\ups.exe
Thu Aug 30 15:26:12 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Thu Aug 30 15:26:12 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\usbehci.sys
Thu Aug 30 15:26:13 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\usbhub.sys
Thu Aug 30 15:26:13 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\usbprint.sys
Thu Aug 30 15:26:13 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Thu Aug 30 15:26:13 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Thu Aug 30 15:26:13 2007 => Scanning File C:\WINDOWS\System32\drivers\vga.sys
Thu Aug 30 15:26:13 2007 => Scanning File C:\WINDOWS\system32\vsdatant.sys
Thu Aug 30 15:26:13 2007 => ERROR!!! Invalid Entry C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service in SYSTEM\CurrentControlSet\Services\vsmon...
Thu Aug 30 15:26:13 2007 => Scanning File C:\WINDOWS\System32\vssvc.exe
Thu Aug 30 15:26:13 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\w22n51.sys
Thu Aug 30 15:26:14 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 30 15:26:14 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\wanarp.sys
Thu Aug 30 15:26:14 2007 => Scanning File C:\WINDOWS\system32\Drivers\WBSD.SYS
Thu Aug 30 15:26:14 2007 => Scanning File C:\WINDOWS\system32\drivers\wdmaud.sys
Thu Aug 30 15:26:14 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:26:14 2007 => Scanning File C:\PROGRA~1\WIFD1F~1\MsMpEng.exe
Thu Aug 30 15:26:14 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:26:14 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 30 15:26:14 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 30 15:26:14 2007 => Scanning File C:\WINDOWS\system32\wbem\wmiapsrv.exe
Thu Aug 30 15:26:14 2007 => Scanning File C:\PROGRA~1\WINDOW~2\WMPNetwk.exe
Thu Aug 30 15:26:14 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 30 15:26:14 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:26:15 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\WudfPf.sys
Thu Aug 30 15:26:15 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\wudfrd.sys
Thu Aug 30 15:26:15 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 30 15:26:15 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 30 15:26:15 2007 => Scanning File C:\WINDOWS\System32\svchost.exe

Thu Aug 30 15:26:15 2007 => ***** Scanning System32 Folders *****
Thu Aug 30 15:26:15 2007 => Scanning C:\WINDOWS Directory
Thu Aug 30 15:26:15 2007 => Scanning Folder: C:\WINDOWS\*.*
Thu Aug 30 15:26:16 2007 => Scanning File C:\WINDOWS\0.log [**]
Thu Aug 30 15:26:16 2007 => Scanning File C:\WINDOWS\agrsmdel.exe
Thu Aug 30 15:26:16 2007 => Scanning File C:\WINDOWS\AGRSMMSG.exe
Thu Aug 30 15:26:16 2007 => Scanning File C:\WINDOWS\AvxOnline.log
Thu Aug 30 15:26:16 2007 => Scanning File C:\WINDOWS\bdinit.xe
Thu Aug 30 15:26:17 2007 => Scanning File C:\WINDOWS\bdoscandel.exe
Thu Aug 30 15:26:17 2007 => Scanning File C:\WINDOWS\bdoscandellang.ini
Thu Aug 30 15:26:17 2007 => Scanning File C:\WINDOWS\bootstat.dat
Thu Aug 30 15:26:17 2007 => Scanning File C:\WINDOWS\BukhMslm.INI
Thu Aug 30 15:26:17 2007 => Scanning File C:\WINDOWS\Bulles de savon.bmp
Thu Aug 30 15:26:17 2007 => Scanning File C:\WINDOWS\CDCOPS.XCP
Thu Aug 30 15:26:17 2007 => Scanning File C:\WINDOWS\cdplayer.ini
Thu Aug 30 15:26:17 2007 => Scanning File C:\WINDOWS\cfgall.ini
Thu Aug 30 15:26:17 2007 => Scanning File C:\WINDOWS\chipset.log
Thu Aug 30 15:26:17 2007 => Scanning File C:\WINDOWS\clock.avi
Thu Aug 30 15:26:17 2007 => Scanning File C:\WINDOWS\cmsetacl.log
Thu Aug 30 15:26:17 2007 => Scanning File C:\WINDOWS\coinst.log
Thu Aug 30 15:26:18 2007 => Scanning File C:\WINDOWS\comsetup.log
Thu Aug 30 15:26:18 2007 => Scanning File C:\WINDOWS\control.ini [**]
Thu Aug 30 15:26:18 2007 => Scanning File C:\WINDOWS\ConverterCore.INI
Thu Aug 30 15:26:18 2007 => Scanning File C:\WINDOWS\desktop.ini
Thu Aug 30 15:26:18 2007 => Scanning File C:\WINDOWS\DHCPUPG.LOG
Thu Aug 30 15:26:18 2007 => Scanning File C:\WINDOWS\DSLSetup.ini
Thu Aug 30 15:26:18 2007 => Scanning File C:\WINDOWS\DSLTest.exe
Thu Aug 30 15:26:18 2007 => Scanning File C:\WINDOWS\DtcInstall.log
Thu Aug 30 15:26:18 2007 => Scanning File C:\WINDOWS\euV12.ini
Thu Aug 30 15:26:18 2007 => Scanning File C:\WINDOWS\EventSystem.log
Thu Aug 30 15:26:18 2007 => Scanning File C:\WINDOWS\explorer.exe
Thu Aug 30 15:26:18 2007 => Scanning File C:\WINDOWS\explorer.scf
Thu Aug 30 15:26:18 2007 => Scanning File C:\WINDOWS\FaxSetup.log
Thu Aug 30 15:26:18 2007 => Scanning File C:\WINDOWS\GEARInstall.log
Thu Aug 30 15:26:18 2007 => Scanning File C:\WINDOWS\Granit vert.bmp
Thu Aug 30 15:26:18 2007 => Scanning File C:\WINDOWS\hh.exe
Thu Aug 30 15:26:18 2007 => Scanning File C:\WINDOWS\IDNMitigationAPIs.log
Thu Aug 30 15:26:19 2007 => Scanning File C:\WINDOWS\IE4 Error Log.txt
Thu Aug 30 15:26:19 2007 => Scanning File C:\WINDOWS\ie7.log
Thu Aug 30 15:26:19 2007 => Scanning File C:\WINDOWS\ie7_main.log
Thu Aug 30 15:26:19 2007 => Scanning File C:\WINDOWS\iis6.log
Thu Aug 30 15:26:19 2007 => Scanning File C:\WINDOWS\imsins.BAK
Thu Aug 30 15:26:19 2007 => Scanning File C:\WINDOWS\imsins.log
Thu Aug 30 15:26:19 2007 => Scanning File C:\WINDOWS\IsUn040c.exe
Thu Aug 30 15:26:19 2007 => Scanning File C:\WINDOWS\IsUninst.exe
Thu Aug 30 15:26:19 2007 => Scanning File C:\WINDOWS\iun3405.exe
Thu Aug 30 15:26:19 2007 => Scanning File C:\WINDOWS\iun6002.exe
Thu Aug 30 15:26:20 2007 => Scanning File C:\WINDOWS\Jour de pêche.bmp
Thu Aug 30 15:26:20 2007 => Scanning File C:\WINDOWS\KB873339.log
Thu Aug 30 15:26:20 2007 => Scanning File C:\WINDOWS\KB885835.log
Thu Aug 30 15:26:20 2007 => Scanning File C:\WINDOWS\KB885836.log
Thu Aug 30 15:26:20 2007 => Scanning File C:\WINDOWS\KB886185.log
Thu Aug 30 15:26:20 2007 => Scanning File C:\WINDOWS\KB887472.log
Thu Aug 30 15:26:20 2007 => Scanning File C:\WINDOWS\KB888302.log
Thu Aug 30 15:26:20 2007 => Scanning File C:\WINDOWS\KB890859.log
Thu Aug 30 15:26:20 2007 => Scanning File C:\WINDOWS\KB891781.log
Thu Aug 30 15:26:20 2007 => Scanning File C:\WINDOWS\KB892130.log
Thu Aug 30 15:26:20 2007 => Scanning File C:\WINDOWS\KB893756.log
Thu Aug 30 15:26:20 2007 => Scanning File C:\WINDOWS\KB893803v2.log
Thu Aug 30 15:26:20 2007 => Scanning File C:\WINDOWS\KB894391.log
Thu Aug 30 15:26:21 2007 => Scanning File C:\WINDOWS\KB896358.log
Thu Aug 30 15:26:21 2007 => Scanning File C:\WINDOWS\KB896423.log
Thu Aug 30 15:26:21 2007 => Scanning File C:\WINDOWS\KB896424.log
Thu Aug 30 15:26:21 2007 => Scanning File C:\WINDOWS\KB896428.log
Thu Aug 30 15:26:21 2007 => Scanning File C:\WINDOWS\KB898461.log
Thu Aug 30 15:26:21 2007 => Scanning File C:\WINDOWS\KB899587.log
Thu Aug 30 15:26:21 2007 => Scanning File C:\WINDOWS\KB899591.log
Thu Aug 30 15:26:21 2007 => Scanning File C:\WINDOWS\KB900485.log
Thu Aug 30 15:26:21 2007 => Scanning File C:\WINDOWS\KB900725.log
Thu Aug 30 15:26:21 2007 => Scanning File C:\WINDOWS\KB901017.log
Thu Aug 30 15:26:21 2007 => Scanning File C:\WINDOWS\KB901214.log
Thu Aug 30 15:26:21 2007 => Scanning File C:\WINDOWS\KB902344.log
Thu Aug 30 15:26:22 2007 => Scanning File C:\WINDOWS\KB902400.log
Thu Aug 30 15:26:22 2007 => Scanning File C:\WINDOWS\KB904706.log
Thu Aug 30 15:26:22 2007 => Scanning File C:\WINDOWS\KB904942.log
Thu Aug 30 15:26:22 2007 => Scanning File C:\WINDOWS\KB905414.log
Thu Aug 30 15:26:22 2007 => Scanning File C:\WINDOWS\KB905749.log
Thu Aug 30 15:26:22 2007 => Scanning File C:\WINDOWS\KB908519.log
Thu Aug 30 15:26:22 2007 => Scanning File C:\WINDOWS\KB908531.log
Thu Aug 30 15:26:22 2007 => Scanning File C:\WINDOWS\KB910437.log
Thu Aug 30 15:26:22 2007 => Scanning File C:\WINDOWS\KB910998.log
Thu Aug 30 15:26:22 2007 => Scanning File C:\WINDOWS\KB911280.log
Thu Aug 30 15:26:22 2007 => Scanning File C:\WINDOWS\KB911562.log
Thu Aug 30 15:26:22 2007 => Scanning File C:\WINDOWS\KB911564.log
Thu Aug 30 15:26:22 2007 => Scanning File C:\WINDOWS\KB911927.log
Thu Aug 30 15:26:23 2007 => Scanning File C:\WINDOWS\KB912919.log
Thu Aug 30 15:26:23 2007 => Scanning File C:\WINDOWS\KB913580.log
Thu Aug 30 15:26:23 2007 => Scanning File C:\WINDOWS\KB913800.log
Thu Aug 30 15:26:23 2007 => Scanning File C:\WINDOWS\KB914388.log
Thu Aug 30 15:26:23 2007 => Scanning File C:\WINDOWS\KB914389.log
Thu Aug 30 15:26:23 2007 => Scanning File C:\WINDOWS\KB914440.log
Thu Aug 30 15:26:23 2007 => Scanning File C:\WINDOWS\KB915865.log
Thu Aug 30 15:26:23 2007 => Scanning File C:\WINDOWS\KB916595.log
Thu Aug 30 15:26:23 2007 => Scanning File C:\WINDOWS\KB917344.log
Thu Aug 30 15:26:23 2007 => Scanning File C:\WINDOWS\KB917422.log
Thu Aug 30 15:26:23 2007 => Scanning File C:\WINDOWS\KB917734.log
Thu Aug 30 15:26:24 2007 => Scanning File C:\WINDOWS\KB917953.log
Thu Aug 30 15:26:24 2007 => Scanning File C:\WINDOWS\KB918118.log
Thu Aug 30 15:26:24 2007 => Scanning File C:\WINDOWS\KB918439.log
Thu Aug 30 15:26:24 2007 => Scanning File C:\WINDOWS\KB919007.log
Thu Aug 30 15:26:24 2007 => Scanning File C:\WINDOWS\KB920213.log
Thu Aug 30 15:26:24 2007 => Scanning File C:\WINDOWS\KB920670.log
Thu Aug 30 15:26:24 2007 => Scanning File C:\WINDOWS\KB920683.log
Thu Aug 30 15:26:24 2007 => Scanning File C:\WINDOWS\KB920685.log
Thu Aug 30 15:26:24 2007 => Scanning File C:\WINDOWS\KB920872.log
Thu Aug 30 15:26:24 2007 => Scanning File C:\WINDOWS\KB921398.log
Thu Aug 30 15:26:24 2007 => Scanning File C:\WINDOWS\KB921503.log
Thu Aug 30 15:26:25 2007 => Scanning File C:\WINDOWS\KB922582.log
Thu Aug 30 15:26:25 2007 => Scanning File C:\WINDOWS\KB922616.log
Thu Aug 30 15:26:25 2007 => Scanning File C:\WINDOWS\KB922819.log
Thu Aug 30 15:26:25 2007 => Scanning File C:\WINDOWS\KB923191.log
Thu Aug 30 15:26:25 2007 => Scanning File C:\WINDOWS\KB923414.log
Thu Aug 30 15:26:25 2007 => Scanning File C:\WINDOWS\KB923689.log
Thu Aug 30 15:26:25 2007 => Scanning File C:\WINDOWS\KB923694.log
Thu Aug 30 15:26:25 2007 => Scanning File C:\WINDOWS\KB923980.log
Thu Aug 30 15:26:25 2007 => Scanning File C:\WINDOWS\KB924191.log
Thu Aug 30 15:26:25 2007 => Scanning File C:\WINDOWS\KB924270.log
Thu Aug 30 15:26:26 2007 => Scanning File C:\WINDOWS\KB924496.log
Thu Aug 30 15:26:26 2007 => Scanning File C:\WINDOWS\KB924667.log
Thu Aug 30 15:26:26 2007 => Scanning File C:\WINDOWS\KB925398.log
Thu Aug 30 15:26:26 2007 => Scanning File C:\WINDOWS\KB925454.log
Thu Aug 30 15:26:26 2007 => Scanning File C:\WINDOWS\KB925486.log
Thu Aug 30 15:26:26 2007 => Scanning File C:\WINDOWS\KB925902.log
Thu Aug 30 15:26:26 2007 => Scanning File C:\WINDOWS\KB926239.log
Thu Aug 30 15:26:26 2007 => Scanning File C:\WINDOWS\KB926255.log
Thu Aug 30 15:26:26 2007 => Scanning File C:\WINDOWS\KB926436.log
Thu Aug 30 15:26:26 2007 => Scanning File C:\WINDOWS\KB927779.log
Thu Aug 30 15:26:26 2007 => Scanning File C:\WINDOWS\KB927802.log
Thu Aug 30 15:26:27 2007 => Scanning File C:\WINDOWS\KB927891.log
Thu Aug 30 15:26:27 2007 => Scanning File C:\WINDOWS\KB928090-IE7.log
Thu Aug 30 15:26:27 2007 => Scanning File C:\WINDOWS\KB928255.log
Thu Aug 30 15:26:27 2007 => Scanning File C:\WINDOWS\KB928843.log
Thu Aug 30 15:26:27 2007 => Scanning File C:\WINDOWS\KB929123.log
Thu Aug 30 15:26:27 2007 => Scanning File C:\WINDOWS\KB929338.log
Thu Aug 30 15:26:27 2007 => Scanning File C:\WINDOWS\KB929399.log
Thu Aug 30 15:26:27 2007 => Scanning File C:\WINDOWS\KB929969.log
Thu Aug 30 15:26:27 2007 => Scanning File C:\WINDOWS\KB930178.log
Thu Aug 30 15:26:27 2007 => Scanning File C:\WINDOWS\KB930916.log
Thu Aug 30 15:26:28 2007 => Scanning File C:\WINDOWS\KB931261.log
Thu Aug 30 15:26:28 2007 => Scanning File C:\WINDOWS\KB931768-IE7.log
Thu Aug 30 15:26:28 2007 => Scanning File C:\WINDOWS\KB931784.log
Thu Aug 30 15:26:28 2007 => Scanning File C:\WINDOWS\KB931836.log
Thu Aug 30 15:26:28 2007 => Scanning File C:\WINDOWS\KB932168.log
Thu Aug 30 15:26:28 2007 => Scanning File C:\WINDOWS\KB933360.log
Thu Aug 30 15:26:28 2007 => Scanning File C:\WINDOWS\KB933566-IE7.log
Thu Aug 30 15:26:28 2007 => Scanning File C:\WINDOWS\KB935839.log
Thu Aug 30 15:26:28 2007 => Scanning File C:\WINDOWS\KB935840.log
Thu Aug 30 15:26:28 2007 => Scanning File C:\WINDOWS\KB936021.log
Thu Aug 30 15:26:29 2007 => Scanning File C:\WINDOWS\KB936357.log
Thu Aug 30 15:26:29 2007 => Scanning File C:\WINDOWS\KB936782.log
Thu Aug 30 15:26:29 2007 => Scanning File C:\WINDOWS\KB937143-IE7.log
Thu Aug 30 15:26:29 2007 => Scanning File C:\WINDOWS\KB938127-IE7.log
Thu Aug 30 15:26:29 2007 => Scanning File C:\WINDOWS\KB938828.log
Thu Aug 30 15:26:29 2007 => Scanning File C:\WINDOWS\KB938829.log
Thu Aug 30 15:26:29 2007 => Scanning File C:\WINDOWS\KB939683.log
Thu Aug 30 15:26:29 2007 => Scanning File C:\WINDOWS\liveup.ini
Thu Aug 30 15:26:29 2007 => Scanning File C:\WINDOWS\MedCtrOC.log
Thu Aug 30 15:26:30 2007 => Scanning File C:\WINDOWS\MediaDico12Dll.dll
Thu Aug 30 15:26:30 2007 => Scanning File C:\WINDOWS\MediaR12.dll
Thu Aug 30 15:26:30 2007 => Scanning File C:\WINDOWS\MediaR12.ini
Thu Aug 30 15:26:30 2007 => Scanning File C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt
Thu Aug 30 15:26:30 2007 => Scanning File C:\WINDOWS\MSCompPackV1.log
Thu Aug 30 15:26:30 2007 => Scanning File C:\WINDOWS\msdfmap.ini
Thu Aug 30 15:26:30 2007 => Scanning File C:\WINDOWS\msgsocm.log
Thu Aug 30 15:26:30 2007 => Scanning File C:\WINDOWS\msmqinst.log
Thu Aug 30 15:26:31 2007 => Scanning File C:\WINDOWS\msxml4-KB936181-fra.LOG
Thu Aug 30 15:26:31 2007 => Scanning File C:\WINDOWS\msxml6-KB933579-enu-x86.LOG
Thu Aug 30 15:26:31 2007 => Scanning File C:\WINDOWS\Mur de Santa Fe.bmp
Thu Aug 30 15:26:31 2007 => Scanning File C:\WINDOWS\NAVIGMA.INI
Thu Aug 30 15:26:31 2007 => Scanning File C:\WINDOWS\netfxocm.log
Thu Aug 30 15:26:31 2007 => Scanning File C:\WINDOWS\NLSDownlevelMapping.log
Thu Aug 30 15:26:31 2007 => Scanning File C:\WINDOWS\NOTEPAD.EXE
Thu Aug 30 15:26:31 2007 => Scanning File C:\WINDOWS\ntbtlog.txt
Thu Aug 30 15:26:32 2007 => Scanning File C:\WINDOWS\ntdtcsetup.log
Thu Aug 30 15:26:32 2007 => Scanning File C:\WINDOWS\ocgen.log
Thu Aug 30 15:26:32 2007 => Scanning File C:\WINDOWS\ocmsn.log
Thu Aug 30 15:26:32 2007 => Scanning File C:\WINDOWS\ODBC.INI
Thu Aug 30 15:26:32 2007 => Scanning File C:\WINDOWS\ODBCINST.INI
Thu Aug 30 15:26:32 2007 => Scanning File C:\WINDOWS\OEWABLog.txt
Thu Aug 30 15:26:32 2007 => Scanning File C:\WINDOWS\OFCNT.LOG
Thu Aug 30 15:26:32 2007 => Scanning File C:\WINDOWS\opuc.dll
Thu Aug 30 15:26:33 2007 => Scanning File C:\WINDOWS\pavsig.txt
Thu Aug 30 15:26:33 2007 => Scanning File C:\WINDOWS\pdf2word.INI
Thu Aug 30 15:26:33 2007 => Scanning File C:\WINDOWS\Plume.bmp
Thu Aug 30 15:26:33 2007 => Scanning File C:\WINDOWS\popcinfo.dat
Thu Aug 30 15:26:33 2007 => Scanning File C:\WINDOWS\Q282010.log
Thu Aug 30 15:26:33 2007 => Scanning File C:\WINDOWS\RACHook12.dll
Thu Aug 30 15:26:33 2007 => Scanning File C:\WINDOWS\Radio_Fr.ini
Thu Aug 30 15:26:33 2007 => Scanning File C:\WINDOWS\regedit.exe
Thu Aug 30 15:26:33 2007 => Scanning File C:\WINDOWS\REGLOCS.OLD
Thu Aug 30 15:26:33 2007 => Scanning File C:\WINDOWS\regopt.log
Thu Aug 30 15:26:33 2007 => Scanning File C:\WINDOWS\Rhododendron.bmp
Thu Aug 30 15:26:33 2007 => Scanning File C:\WINDOWS\Rivière Sumida.bmp
Thu Aug 30 15:26:33 2007 => Scanning File C:\WINDOWS\robert.ini
Thu Aug 30 15:26:33 2007 => Scanning File C:\WINDOWS\Rosace bleue 16.bmp
Thu Aug 30 15:26:33 2007 => Scanning File C:\WINDOWS\SchedLgU.Txt
Thu Aug 30 15:26:33 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\SchedLgU.Txt
Thu Aug 30 15:26:33 2007 => Scanning File C:\WINDOWS\sessmgr.setup.log
Thu Aug 30 15:26:33 2007 => Scanning File C:\WINDOWS\SET3.tmp
Thu Aug 30 15:26:33 2007 => Scanning File C:\WINDOWS\SET4.tmp
Thu Aug 30 15:26:33 2007 => Scanning File C:\WINDOWS\SET8.tmp
Thu Aug 30 15:26:33 2007 => Scanning File C:\WINDOWS\setupact.log
Thu Aug 30 15:26:34 2007 => Scanning File C:\WINDOWS\setupapi.log
Thu Aug 30 15:26:34 2007 => Scanning File C:\WINDOWS\setupapi.log.0.old
Thu Aug 30 15:26:34 2007 => Scanning File C:\WINDOWS\setupapi.log.1.old
Thu Aug 30 15:26:34 2007 => Scanning File C:\WINDOWS\setupapi.log.2.old
Thu Aug 30 15:26:34 2007 => Scanning File C:\WINDOWS\setuperr.log [**]
Thu Aug 30 15:26:34 2007 =&g

Répondre à Be SMILE

Be SMILE, le 31 aoû 2007 à 18:25:06

Apparament tout n'est pas ressorti dans le message précédent c'est pour cela que je vous envoi la suite . MERCI
+et voici le rapport de hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 17:22:45, on 31/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nisvcloc.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Micro Application\12 DICOS Indispensables\MediaDICO12.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Micro Application\12 DICOS Indispensables\Rac12.EXE
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Larousse\Petit Larousse 2007\bin\Hyperappel.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\freecell.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON Tools\daemon.exe" -lang 1036
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MediaDico] C:\Program Files\Micro Application\12 DICOS Indispensables\LanceMediaDICO12.exe Lancement
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Hyperappel du Petit Larousse 2007.lnk = C:\Program Files\Larousse\Petit Larousse 2007\bin\Hyperappel.exe
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{054C26D5-5C88-4053-9A81-1C3752369502}: NameServer = 208.67.222.222 193.55.10.102
O17 - HKLM\System\CS3\Services\Tcpip\..\{054C26D5-5C88-4053-9A81-1C3752369502}: NameServer = 208.67.222.222 193.55.10.102
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - Unknown owner - J:\nationalm instrument\Shared\Security\nidmsrv.exe (file missing)
O23 - Service: NILM License Manager - Unknown owner - J:\nationalm instrument\Shared\License Manager\Bin\lmgrd.exe (file missing)
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)

+ le rapport de clean
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 30/08/2007 a 20:17:59,17

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de "C:\Documents and Settings\Administrateur\Application Data\hidires\"

*** Suppression des fichiers dans C:\Program Files

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !

Configuration: Windows XP
Internet Explorer 7.0

Répondre à Be SMILE

Be SMILE, le 31 aoû 2007 à 18:28:25

Je vous envoi le rapport de SDFIX
SDFix: Version 1.101

Run by Administrateur on 30/08/2007 at 19:05

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\ADMINI~1\Bureau\sdfix\SDFix

Safe Mode:
Checking Services:

Name:
DirectWetb

ImagePath:
C:\WINDOWS\system32\directx.exe

DirectWetb - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\svchost.ini - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\\Program Files\\Fichiers communs\\KAV Shared Files\\avpupd.exe"="C:\\Program Files\\Fichiers communs\\KAV Shared Files\\avpupd.exe:*:Enabled:AVP Updater"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\WINDOWS\\CSC\\explorer.exe"="C:\\WINDOWS\\CSC\\explorer.exe:*:Enabled:Explorer"
"C:\\Program Files\\Globe7\\Globe7.exe"="C:\\Program Files\\Globe7\\Globe7.exe:*:Enabled:Globe7"
"C:\\Program Files\\Globe7\\Java\\j2re1.4.2_07\\bin\\java.exe"="C:\\Program Files\\Globe7\\Java\\j2re1.4.2_07\\bin\\java.exe:*:Enabled:java"
"D:\\eMule\\emule.exe"="D:\\eMule\\emule.exe:*:Enabled:eMule"
"D:\\DAP.exe"="D:\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\\Program Files\\DAP\\DAP.exe"="D:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
"D:\\Program Files\\Radio Fr Solo\\Radio_Fr_Solo.exe"="D:\\Program Files\\Radio Fr Solo\\Radio_Fr_Solo.exe:*:Enabled:Radio Fr Solo"
"D:\\Program Files\\BitDownload\\BitDownload.exe"="D:\\Program Files\\BitDownload\\BitDownload.exe:*:Enabled:Torrent P2P application"
"C:\\Program Files\\Universalis\\atlas3D 12\\bmmatlas\\Atlas_App.exe"="C:\\Program Files\\Universalis\\atlas3D 12\\bmmatlas\\Atlas_App.exe:*:Enabled:Atlas_App"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"C:\\Documents and Settings\\Administrateur\\Local Settings\\Temp\\Rar$EX00.847\\eMule0.48a\\emule.exe"="C:\\Documents and Settings\\Administrateur\\Local Settings\\Temp\\Rar$EX00.847\\eMule0.48a\\emule.exe:*:Disabled:eMule"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\CSC\\explorer.exe"="C:\\WINDOWS\\CSC\\explorer.exe:*:Enabled:Explorer"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\ADMINI~1\Bureau\sdfix\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Documents and Settings\Administrateur\Application Data\Microsoft\Word\~WRL1086.tmp
C:\Documents and Settings\Administrateur\Bureau\ASSURANCES COURS\~WRL0801.tmp
C:\Documents and Settings\Administrateur\Bureau\ASSURANCES COURS\~WRL2596.tmp
C:\Documents and Settings\Administrateur\Bureau\razik disq dt Comp\~WRL0020.tmp
C:\Documents and Settings\Administrateur\Bureau\razik disq dt Comp\~WRL2783.tmp
C:\Documents and Settings\Administrateur\Bureau\Razik dt compare\~WRL0003.tmp
C:\Documents and Settings\Administrateur\Bureau\Razik dt compare\~WRL1342.tmp
C:\Documents and Settings\Administrateur\Bureau\Razik dt compare\~WRL1550.tmp
C:\Documents and Settings\Administrateur\Bureau\Razik dt compare\~WRL2532.tmp
C:\Documents and Settings\Administrateur\Bureau\Razik dt compare\~WRL3248.tmp
C:\Documents and Settings\Administrateur\Bureau\Razik dt compare\~WRL3321.tmp
C:\Documents and Settings\Administrateur\Bureau\????????? ??????\~WRL0488.tmp
C:\Documents and Settings\Administrateur\Bureau\????????? ??????\~WRL0787.tmp
C:\Documents and Settings\Administrateur\Bureau\????????? ??????\~WRL3301.tmp
C:\Documents and Settings\Administrateur\Mes documents\~WRL0971.tmp
C:\Documents and Settings\Administrateur\Mes documents\~WRL2387.tmp
C:\Documents and Settings\Administrateur\Mes documents\~WRL2514.tmp
C:\Documents and Settings\Administrateur\Mes documents\micha\~WRL0034.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp

Finished

Configuration: Windows XP
Internet Explorer 7.0

Répondre à Be SMILE

jlpjlp, le 5 sep 2007 à 20:54:32

Désactive la restauration système pour purger les virus qui seraient dedans (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)

___________
lance fx bagle

http://securityresponse.symantec.com/avcenter/FxBeagle.exe

__________________
combofix (colle le rapport)

http://mickael.barroux.free.fr/securite/combofix.php

_______
essaye de lancer spybot et avg antispyware
____________

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://www.pandasoftware.fr/Activescan/Activescan.html

scan en ligne firefox

http://fr.trendmicro-europe.com/consumer/housecall/housecall_launch.php

____________

reactive la restauration systeme

--------------
télécharger sur le bureau
Navilog.zip
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

= Double-Clic navilog1.zip
= Extraire tout sur le bureau
= Double-Clic navilog1 qui est sur le bureau
= Appuyer sur une touche jusqu' arriver aux options
= Choisir option 1

un rapport : fixnavi.txt dans C : va se creer
le copier/coller dans ton prochain message.

_______________
recolle hijackthis et dis tes pbs?

Répondre à jlpjlp

Be SMILE, le 8 sep 2007 à 19:49:01

MERCI pour ta disponibilté et je m'excuse pour mon insistance.
j'ai essayé de m'appliquer et voila ce que ca donne

ComboFix 07-09-06.4 - "Administrateur" 2007-09-06 19:04:10.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.111 [GMT 1:00]
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_ROSA
-------\rosa

((((((((((((((((((((((((( Files Created from 2007-08-06 to 2007-09-06 )))))))))))))))))))))))))))))))

2007-09-06 18:01 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-06 03:34 12,417,439 --------- C:\AVG7QT.DAT
2007-09-05 17:48 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-09-05 17:48 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Azureus
2007-09-04 20:17 <REP> d-------- C:\Program Files\Runtime Software
2007-09-02 19:19 <REP> d-------- C:\DOCUME~1\ADMINI~1\Contacts
2007-09-02 08:40 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Magic Academy
2007-08-31 11:12 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-08-30 19:04 <REP> d-------- C:\WINDOWS\ERUNT
2007-08-30 13:07 <REP> d-------- C:\Downloads
2007-08-30 13:07 <REP> d-------- C:\Bases
2007-08-30 13:05 <REP> d-------- C:\Kaspersky toolkit
2007-08-30 12:45 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-08-26 11:58 9,216 --a------ C:\WINDOWS\system32\avgwlntf.dll
2007-08-26 10:35 <REP> d-------- C:\Program Files\MSXML 6.0
2007-08-26 10:28 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-26 09:39 110,592 --a------ C:\WINDOWS\system32\avgfwafu.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-06 12:41 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-02 19:18 --------- d-------- C:\Program Files\MSN Messenger
2007-09-02 09:15 --------- d-------- C:\Program Files\Zylom Games
2007-09-02 08:39 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Zylom
2007-08-29 10:01 --------- d-------- C:\Program Files\Windows Defender
2007-08-29 09:59 --------- d-------- C:\Program Files\SuperCopier2
2007-08-29 09:59 --------- d-------- C:\Program Files\QuickTime
2007-08-29 09:58 --------- d-------- C:\Program Files\ADSL Autoconnect
2007-08-27 19:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-17 18:49 --------- d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-07-16 17:41 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-07-14 19:52 --------- d-------- C:\Program Files\Nouveau dossier
2007-07-11 19:37 30752 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-07-11 19:37 1568 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-07-11 19:37 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\PC Tools
2007-07-11 19:34 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-07-11 19:34 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-07-11 19:18 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-10 10:10 --------- d-------- C:\Program Files\Universalis
2007-06-26 07:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-24 10:48 216064 --------- C:\WINDOWS\iun3405.exe
2007-06-19 14:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 14:22 1037312 --a------ C:\WINDOWS\explorer.exe
--------- C:\Program Files\Hijackthis Version Française

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-06 16:16 C:\WINDOWS\AGRSMMSG.exe]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-15 20:09]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-15 20:08]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 17:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"DAEMON Tools"="C:\DAEMON Tools\daemon.exe" [2006-11-12 11:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"AdslTaskBar"="stmctrl.dll" [2005-09-22 06:45 C:\WINDOWS\system32\stmctrl.dll]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-13 02:02]
"MsgCenterExe"="C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" [2007-05-13 22:28]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-26 12:19]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
"MediaDico"="C:\Program Files\Micro Application\12 DICOS Indispensables\LanceMediaDICO12.exe" [2002-12-24 15:31]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetupo.dll" "%SystemRoot%\System32\syssetup.dll"
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t

C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
BTTray.lnk - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2003-09-12 11:42:00]
Hyperappel du Petit Larousse 2007.lnk - C:\Program Files\Larousse\Petit Larousse 2007\bin\Hyperappel.exe [2007-01-09 14:26:25]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-08-26 11:58 9216 C:\WINDOWS\system32\avgwlntf.dll

[color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
R2 ADSLAutoconnect;ADSLAutoconnect;"C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys
R3 PSXGamepadEnabler;Psx Hid to Gamepad Port Enabler;C:\WINDOWS\system32\drivers\psxpad.sys
R3 PsxPortEnumerator;Psx Port Enumerator;C:\WINDOWS\system32\Drivers\psxenum.sys
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;C:\WINDOWS\system32\Drivers\WBSD.SYS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8aaaff6a-f5aa-11db-b65d-0020e0284046}]
- K:\RavMon.exe -e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{920f5f4d-08aa-11dc-b667-0020e0284046}]

Contents of the 'Scheduled Tasks' folder
"2007-08-31 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-09-06 01:05:15 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-01-31 09:03:06 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-06 19:12:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-06 19:16:56 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-06 19:16

--- E O F ---

[code]
2007-07-08 21:23 15399 --a------ C:\Qoobox\Quarantine\C\ComboFix\FProps.vbs.vir
2007-09-06 19:02 187 --a------ C:\Qoobox\BackEnv\profiles.folder.cf
2007-09-06 19:02 2861 --a------ C:\Qoobox\BackEnv\setpath.bat
2007-09-06 19:03 0 --a------ C:\Qoobox\BackEnv\PROGRAMS.folder.cf
2007-09-06 19:03 0 --a------ C:\Qoobox\BackEnv\START MENU.folder.cf
2007-09-06 19:03 0 --a------ C:\Qoobox\BackEnv\STARTUP.folder.cf
2007-09-06 19:03 0 --a------ C:\Qoobox\BackEnv\TEMPLATES.folder.cf
2007-09-06 19:03 112 --a------ C:\Qoobox\BackEnv\DESKTOP.folder.cf
2007-09-06 19:03 116 --a------ C:\Qoobox\BackEnv\FAVORITES.folder.cf
2007-09-06 19:03 116 --a------ C:\Qoobox\BackEnv\MY PICTURES.folder.cf
2007-09-06 19:03 120 --a------ C:\Qoobox\BackEnv\PERSONAL.folder.cf
2007-09-06 19:03 213 --a------ C:\Qoobox\BackEnv\APPDATA.folder.cf
2007-09-06 19:03 228 --a------ C:\Qoobox\BackEnv\LOCAL SETTINGS.folder.cf
2007-09-06 19:03 236 --a------ C:\Qoobox\BackEnv\CACHE.folder.cf
2007-09-06 19:03 236 --a------ C:\Qoobox\BackEnv\LOCAL APPDATA.folder.cf
2007-09-06 19:07 1174 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_ROSA.reg.cf
2007-09-06 19:07 3002 --a------ C:\Qoobox\Quarantine\Registry_backups\services_rosa.reg.cf
2007-09-06 19:15 419870 --a------ C:\Qoobox\snapshot_2007-09-06_191541.01.cf

Structure du dossier
Le num‚ro de s‚rie du volume est 7890-F2A6
C:\QOOBOX
| snapshot_2007-09-06_191541.01.cf
|
+---BackEnv
| APPDATA.folder.cf
| CACHE.folder.cf
| DESKTOP.folder.cf
| FAVORITES.folder.cf
| LOCAL APPDATA.folder.cf
| LOCAL SETTINGS.folder.cf
| MY PICTURES.folder.cf
| PERSONAL.folder.cf
| profiles.folder.cf
| PROGRAMS.folder.cf
| setpath.bat
| START MENU.folder.cf
| STARTUP.folder.cf
| TEMPLATES.folder.cf
|
\---Quarantine
+---C
| \---ComboFix
| FProps.vbs.vir
|
\---Registry_backups
LEGACY_ROSA.reg.cf
services_rosa.reg.cf

[/code]

BitDefender Online Scanner

Rapport d'analyse généré à: Fri, Sep 07, 2007 - 21:28:05

Voie d'analyse: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;

Statistiques

Temps
02:49:20

Fichiers
475641

Directoires
7398

Secteurs de boot
3

Archives
10251

Paquets programmes
27476

Résultats

Virus identifiés
6

Fichiers infectés
9

Fichiers suspects
0

Avertissements
0

Désinfectés
0

Fichiers effacés
9

Info sur les moteurs

Définition virus
796361

Version des moteurs
AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)

Analyse des plugins
14

Archive des plugins
38

Unpack des plugins
7

E-mail plugins
6

Système plugins
1

Paramètres d'analyse

Première action
Désinfecté

Seconde Action
Supprimé

Heuristique
Oui

Acceptez les avertissements
Oui

Extensions analysées
*;

Excludez les extensions

Analyse d'emails
Oui

Analyse des Archives
Oui

Analyser paquets programmes
Oui

Analyse des fichiers
Oui

Analyse de boot
Oui

Fichier analysé
Statut

D:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 0)
Infecté par: Backdoor.Netbus.2.1.A

D:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 0)
Echec de la désinfection

D:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 0)
Supprimé

D:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab
Echec de la mise à jour

D:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 6)
Infecté par: Trojan.AOL.PWSteal

D:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 6)
Echec de la désinfection

D:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 6)
Supprimé

D:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab
Echec de la mise à jour

D:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 7)
Infecté par: Backdoor.Netbus.20.B

D:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 7)
Echec de la désinfection

D:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 7)
Supprimé

D:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab
Echec de la mise à jour

D:\Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 0)
Infecté par: Backdoor.Netbus.2.1.A

D:\Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 0)
Echec de la désinfection

D:\Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 0)
Supprimé

D:\Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab
Echec de la mise à jour

D:\Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 6)
Infecté par: Trojan.AOL.PWSteal

D:\Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 6)
Echec de la désinfection

D:\Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 6)
Supprimé

D:\Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab
Echec de la mise à jour

D:\Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 7)
Infecté par: Backdoor.Netbus.20.B

D:\Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 7)
Echec de la désinfection

D:\Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 7)
Supprimé

D:\Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab
Echec de la mise à jour

J:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 0)
Infecté par: Backdoor.Netbus.2.1.A

J:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 0)
Echec de la désinfection

J:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 0)
Supprimé

J:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab
Echec de la mise à jour

J:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 6)
Infecté par: Trojan.AOL.PWSteal

J:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 6)
Echec de la désinfection

J:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 6)
Supprimé

J:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab
Echec de la mise à jour

J:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 7)
Infecté par: Backdoor.Netbus.20.B

J:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 7)
Echec de la désinfection

J:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab=>(IShield Module 7)
Supprimé

J:\fichier J\UTILITAIRE\Le Grand Robert Dictionnaire.rar=>Le.grand.Robert\IMAGE.img=>DIVERS/nbpro210.exe=>(CAB Sfx o)=>\data1.cab
Echec de la mise à jour

Search Navipromo version 3.0.0 commencé le 07/09/2007 à 21:39:22,85
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 06.09.2007 a 07h00 by IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11

*** Recherche Programmes installes ***

*** Recherche dossiers dans C:\WINDOWS ***

*** Recherche dossiers dans C:\Program Files ***

*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***

*** Recherche dossiers dans C:\Documents and Settings\Administrateur\Application Data ***

*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
http://www.f-secure.com/blacklight/blacklight_help.html

F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of October, 2007.
Version information: 2.2.1064.

[+] Started on 09/07/07 at 21:39:26.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items .................................................................................................................................................................................................................................................................................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 09/07/07 at 22:17:04 (return code = 0).

*** Recherche avec GenericNaviSearch ***
!!! Tous Ces résultats peuvent révéler des fichiers légitimes !!!
!!! A verifier impérativement avant toute suppression manuelle !!!

* Scan C:\WINDOWS\system32 *

Fichiers trouvés :

Aucun Fichier trouvé !

Fichiers suspects :

Aucun Fichier suspect trouvé !

*** Recherche fichiers ***

*** Recherche cles registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

2)Recherche Heuristique :

3)Recherche Certificats :

Certificat Egroup absent !

*** Analyse Terminé le 07/09/2007 à 22:18:25,79 ***

et voici la qurantaine d'AVG /
TrackingCookie.Weborama C:\Documents and Settings\Administrateur\Cookies\administrateur@weborama[2].txt 08/09/2007 02:38:21 administrateur@weborama[2].txt 181 octets
TrackingCookie.Smartadserver C:\Documents and Settings\Administrateur\Cookies\administrateur@smartadserver[2].txt 08/09/2007 02:38:21 administrateur@smartadserver[2].txt 398 octets
TrackingCookie.Real C:\Documents and Settings\Administrateur\Cookies\administrateur@real[2].txt 08/09/2007 02:38:21 administrateur@real[2].txt 499 octets
TrackingCookie.Weborama C:\Documents and Settings\Administrateur\Cookies\administrateur@weborama[1].txt 06/09/2007 03:34:41 administrateur@weborama[1].txt 168 octets
TrackingCookie.Smartadserver C:\Documents and Settings\Administrateur\Cookies\administrateur@smartadserver[2].txt 06/09/2007 03:34:41 administrateur@smartadserver[2].txt 396 octets
TrackingCookie.Serving-sys C:\Documents and Settings\Administrateur\Cookies\administrateur@serving-sys[2].txt 06/09/2007 03:34:41 administrateur@serving-sys[2].txt 441 octets
TrackingCookie.Serving-sys C:\Documents and Settings\Administrateur\Cookies\administrateur@bs.serving-sys[1].txt 06/09/2007 03:34:41 administrateur@bs.serving-sys[1].txt 111 octets
TrackingCookie.2o7 C:\Documents and Settings\Administrateur\Cookies\administrateur@acronis.122.2o7[1].txt 06/09/2007 03:34:41 administrateur@acronis.122.2o7[1].txt 123 octets
TrackingCookie.2o7 C:\Documents and Settings\Administrateur\Cookies\administrateur@2o7[2].txt 06/09/2007 03:34:41 administrateur@2o7[2].txt 148 octets
Cheval de Troie Generic7.ENJ J:\System Volume Information\_restore{D13DDD2A-9D4D-4245-93F1-1EC754B9810D}\RP7\A0000396.exe 06/09/2007 03:34:41 A0000396.exe 68.5 KB
Cheval de Troie Generic7.ENJ J:\System Volume Information\_restore{D13DDD2A-9D4D-4245-93F1-1EC754B9810D}\RP7\A0000393.exe 06/09/2007 03:34:40 A0000393.exe 68.5 KB
TrackingCookie.Weborama C:\Documents and Settings\Administrateur\Cookies\administrateur@weborama[2].txt 05/09/2007 02:53:33 administrateur@weborama[2].txt 179 octets
TrackingCookie.Tribalfusion C:\Documents and Settings\Administrateur\Cookies\administrateur@tribalfusion[1].txt 05/09/2007 02:53:33 administrateur@tribalfusion[1].txt 165 octets
TrackingCookie.Smartadserver C:\Documents and Settings\Administrateur\Cookies\administrateur@smartadserver[1].txt 05/09/2007 02:53:33 administrateur@smartadserver[1].txt 395 octets
Programme potentiellement nuisible HackTool.crack C:\Documents and Settings\Administrateur\Mes documents\My Completed Downloads\Ares.Galaxy.Turbo.Booster.4.7.6.Patch.by.AT4RE.zip 04/09/2007 14:49:36 Ares.Galaxy.Turbo.Booster.4.7.6.Patch.by.AT4RE.zip 139.47 KB
TrackingCookie.Yadro C:\Documents and Settings\Administrateur\Cookies\administrateur@yadro[1].txt 04/09/2007 02:42:01 administrateur@yadro[1].txt 78 octets
TrackingCookie.Weborama C:\Documents and Settings\Administrateur\Cookies\administrateur@weborama[1].txt 04/09/2007 02:42:01 administrateur@weborama[1].txt 91 octets
TrackingCookie.Smartadserver C:\Documents and Settings\Administrateur\Cookies\administrateur@smartadserver[1].txt 04/09/2007 02:42:01 administrateur@smartadserver[1].txt 397 octets
TrackingCookie.Serving-sys C:\Documents and Settings\Administrateur\Cookies\administrateur@serving-sys[2].txt 04/09/2007 02:42:01 administrateur@serving-sys[2].txt 439 octets
TrackingCookie.Overture C:\Documents and Settings\Administrateur\Cookies\administrateur@overture[1].txt 04/09/2007 02:42:00 administrateur@overture[1].txt 103 octets
TrackingCookie.Comclick C:\Documents and Settings\Administrateur\Cookies\administrateur@fl01.ct2.comclick[2].txt 04/09/2007 02:42:00 administrateur@fl01.ct2.comclick[2].txt 337 octets
TrackingCookie.Serving-sys C:\Documents and Settings\Administrateur\Cookies\administrateur@bs.serving-sys[2].txt 04/09/2007 02:42:00 administrateur@bs.serving-sys[2].txt 141 octets
TrackingCookie.Adtech C:\Documents and Settings\Administrateur\Cookies\administrateur@adtech[2].txt 04/09/2007 02:42:00 administrateur@adtech[2].txt 172 octets
TrackingCookie.Yadro C:\Documents and Settings\Administrateur\Cookies\administrateur@yadro[1].txt 03/09/2007 02:38:56 administrateur@yadro[1].txt 78 octets
TrackingCookie.Smartadserver C:\Documents and Settings\Administrateur\Cookies\administrateur@smartadserver[2].txt 03/09/2007 02:38:56 administrateur@smartadserver[2].txt 398 octets
TrackingCookie.Overture C:\Documents and Settings\Administrateur\Cookies\administrateur@overture[1].txt 03/09/2007 02:38:56 administrateur@overture[1].txt 543 octets
TrackingCookie.2o7 C:\Documents and Settings\Administrateur\Cookies\administrateur@2o7[2].txt 03/09/2007 02:38:55 administrateur@2o7[2].txt 1.1 KB
TrackingCookie.Real C:\Documents and Settings\Administrateur\Cookies\administrateur@real[2].txt 02/09/2007 02:37:21 administrateur@real[2].txt 186 octets
TrackingCookie.2o7 C:\Documents and Settings\Administrateur\Cookies\administrateur@microsoftwlmessengermkt.112.2o7[1].txt 02/09/2007 02:37:21 administrateur@microsoftwlmessengermkt.112.2o7[1].txt 137 octets
TrackingCookie.Netflame C:\Documents and Settings\Administrateur\Cookies\administrateur@ssl-hints.netflame[2].txt 30/08/2007 22:47:44 administrateur@ssl-hints.netflame[2].txt 325 octets
TrackingCookie.2o7 C:\Documents and Settings\Administrateur\Cookies\administrateur@msnportal.112.2o7[1].txt 30/08/2007 22:47:44 administrateur@msnportal.112.2o7[1].txt 125 octets
TrackingCookie.Webtrends C:\Documents and Settings\Administrateur\Cookies\administrateur@m.webtrends[1].txt 30/08/2007 22:47:44 administrateur@m.webtrends[1].txt 219 octets
Heuristic.Win32.AVKiller C:\RECYCLER\S-1-5-21-484763869-436374069-854245398-500\Dc3.exe 30/08/2007 22:47:44 Dc3.exe 43 KB
Heuristic.Win32.AVKiller C:\RECYCLER\S-1-5-21-484763869-436374069-854245398-500\Dc2.exe 30/08/2007 22:47:43 Dc2.exe 43 KB
Heuristic.Win32.AVKiller C:\RECYCLER\S-1-5-21-484763869-436374069-854245398-500\Dc1.exe 30/08/2007 22:47:43 Dc1.exe 43 KB
Heuristic.Win32.AVKiller C:\Documents and Settings\Administrateur\Mes documents\My Completed Downloads\EliBaglA.exe 30/08/2007 22:47:43 EliBaglA.exe 43 KB
Heuristic.Win32.AVKiller C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\4AU2PSNQ\EliBaglA[1].exe 29/08/2007 11:08:44 EliBaglA[1].exe 43 KB
TrackingCookie.Weborama C:\Documents and Settings\Administrateur\Cookies\administrateur@weborama[1].txt 29/08/2007 02:41:24 administrateur@weborama[1].txt 91 octets
TrackingCookie.Smartadserver C:\Documents and Settings\Administrateur\Cookies\administrateur@smartadserver[1].txt 29/08/2007 02:41:24 administrateur@smartadserver[1].txt 398 octets
TrackingCookie.Comclick C:\Documents and Settings\Administrateur\Cookies\administrateur@fl01.ct2.comclick[1].txt 29/08/2007 02:41:23 administrateur@fl01.ct2.comclick[1].txt 287 octets
TrackingCookie.Weborama C:\Documents and Settings\Administrateur\Cookies\administrateur@weborama[1].txt 28/08/2007 01:28:35 administrateur@weborama[1].txt 189 octets
TrackingCookie.Smartadserver C:\Documents and Settings\Administrateur\Cookies\administrateur@smartadserver[1].txt 28/08/2007 01:28:35 administrateur@smartadserver[1].txt 395 octets
TrackingCookie.Overture C:\Documents and Settings\Administrateur\Cookies\administrateur@perf.overture[1].txt 28/08/2007 01:28:35 administrateur@perf.overture[1].txt 114 octets
TrackingCookie.Overture C:\Documents and Settings\Administrateur\Cookies\administrateur@overture[1].txt 28/08/2007 01:28:35 administrateur@overture[1].txt 102 octets
TrackingCookie.2o7 C:\Documents and Settings\Administrateur\Cookies\administrateur@msnportal.112.2o7[1].txt 28/08/2007 01:28:35 administrateur@msnportal.112.2o7[1].txt 124 octets
TrackingCookie.2o7 C:\Documents and Settings\Administrateur\Cookies\administrateur@2o7[2].txt 28/08/2007 01:28:35 administrateur@2o7[2].txt 156 octets
TrackingCookie.Smartadserver C:\Documents and Settings\Administrateur\Cookies\administrateur@smartadserver[1].txt 27/08/2007 01:29:04 administrateur@smartadserver[1].txt 394 octets
TrackingCookie.Revenue C:\Documents and Settings\Administrateur\Cookies\administrateur@revenue[2].txt 27/08/2007 01:29:04 administrateur@revenue[2].txt 260 octets
TrackingCookie.Webtrends C:\Documents and Settings\Administrateur\Cookies\administrateur@m.webtrends[2].txt 27/08/2007 01:29:04 administrateur@m.webtrends[2].txt 187 octets
TrackingCookie.Adtech C:\Documents and Settings\Administrateur\Cookies\administrateur@adtech[2].txt 27/08/2007 01:29:04 administrateur@adtech[2].txt 168 octets
TrackingCookie.247realmedia C:\Documents and Settings\Administrateur\Cookies\administrateur@247realmedia[1].txt 27/08/2007 01:29:04 administrateur@247realmedia[1].txt 690 octets
Attention: Extension cachee .exe C:\Documents and Settings\Administrateur\Mes documents\My Completed Downloads\Ad-aware_Professional_v6.0_Serial.zip.exe 26/08/2007 14:15:24 Ad-aware_Professional_v6.0_Serial.zip.exe 133.56 KB
TrackingCookie.Adbrite C:\Documents and Settings\MILES\Cookies\miles@ads.adbrite[2].txt 26/08/2007 04:42:58 miles@ads.adbrite[2].txt 174 octets
TrackingCookie.Adbrite C:\Documents and Settings\MILES\Cookies\miles@adbrite[2].txt 26/08/2007 04:42:58 miles@adbrite[2].txt 338 octets
TrackingCookie.Adbrite C:\Documents and Settings\MILES\Cookies\miles@3.adbrite[2].txt 26/08/2007 04:42:58 miles@3.adbrite[2].txt 84 octets
TrackingCookie.Weborama C:\Documents and Settings\MILES\Cookies\miles@weborama[2].txt 25/08/2007 14:22:34 miles@weborama[2].txt 169 octets
TrackingCookie.Netflame C:\Documents and Settings\MILES\Cookies\miles@ssl-hints.netflame[1].txt 25/08/2007 14:22:34 miles@ssl-hints.netflame[1].txt 157 octets
TrackingCookie.Smartadserver C:\Documents and Settings\MILES\Cookies\miles@smartadserver[1].txt 25/08/2007 14:22:34 miles@smartadserver[1].txt 371 octets
TrackingCookie.Comclick C:\Documents and Settings\MILES\Cookies\miles@fl01.ct2.comclick[2].txt 25/08/2007 14:22:34 miles@fl01.ct2.comclick[2].txt 323 octets
TrackingCookie.Estat C:\Documents and Settings\MILES\Cookies\miles@estat[1].txt 25/08/2007 14:22:34 miles@estat[1].txt 80 octets
TrackingCookie.Weborama C:\Documents and Settings\MILES\Cookies\miles@weborama[2].txt 24/08/2007 10:28:29 miles@weborama[2].txt 176 octets
TrackingCookie.Serving-sys C:\Documents and Settings\MILES\Cookies\miles@serving-sys[2].txt 24/08/2007 10:28:29 miles@serving-sys[2].txt 410 octets
TrackingCookie.Overture C:\Documents and Settings\MILES\Cookies\miles@overture[1].txt 24/08/2007 10:28:29 miles@overture[1].txt 151 octets
TrackingCookie.2o7 C:\Documents and Settings\MILES\Cookies\miles@numericable.112.2o7[1].txt 24/08/2007 10:28:29 miles@numericable.112.2o7[1].txt 120 octets
TrackingCookie.Serving-sys C:\Documents and Settings\MILES\Cookies\miles@bs.serving-sys[2].txt 24/08/2007 10:28:28 miles@bs.serving-sys[2].txt 124 octets
Attention: Extension cachee .exe C:\Documents and Settings\MILES\Mes documents\My Completed Downloads\Rarlab_WinRAR_3.70.zip.exe 23/08/2007 19:32:53 Rarlab_WinRAR_3.70.zip.exe 211.76 KB
TrackingCookie.Adtech C:\Documents and Settings\MILES\Cookies\miles@adtech[2].txt 23/08/2007 10:13:55 miles@adtech[2].txt 158 octets
TrackingCookie.Webtrends C:\Documents and Settings\MILES\Cookies\miles@m.webtrends[2].txt 22/08/2007 10:43:45 miles@m.webtrends[2].txt 181 octets
TrackingCookie.Comclick C:\Documents and Settings\MILES\Cookies\miles@fl01.ct2.comclick[1].txt 22/08/2007 10:43:45 miles@fl01.ct2.comclick[1].txt 270 octets
TrackingCookie.Weborama C:\Documents and Settings\MILES\Cookies\miles@weborama[2].txt 21/08/2007 12:54:49 miles@weborama[2].txt 75 octets
TrackingCookie.Estat C:\Documents and Settings\MILES\Cookies\miles@estat[1].txt 21/08/2007 12:54:49 miles@estat[1].txt 79 octets
TrackingCookie.Adtech C:\Documents and Settings\MILES\Cookies\miles@adtech[2].txt 21/08/2007 12:54:49 miles@adtech[2].txt 160 octets
TrackingCookie.Comclick C:\Documents and Settings\MILES\Cookies\miles@fl01.ct2.comclick[1].txt 20/08/2007 10:09:41 miles@fl01.ct2.comclick[1].txt 270 octets
TrackingCookie.Netflame C:\Documents and Settings\MILES\Cookies\miles@ssl-hints.netflame[2].txt 18/08/2007 20:14:55 miles@ssl-hints.netflame[2].txt 157 octets
TrackingCookie.2o7 C:\Documents and Settings\MILES\Cookies\miles@divx.112.2o7[1].txt 18/08/2007 20:14:54 miles@divx.112.2o7[1].txt 113 octets
TrackingCookie.Weborama C:\Documents and Settings\MILES\Cookies\miles@weborama[1].txt 18/08/2007 09:59:39 miles@weborama[1].txt 258 octets
TrackingCookie.Netflame C:\Documents and Settings\MILES\Cookies\miles@ssl-hints.netflame[1].txt 18/08/2007 09:59:39 miles@ssl-hints.netflame[1].txt 157 octets
TrackingCookie.Specificclick C:\Documents and Settings\MILES\Cookies\miles@specificclick[2].txt 18/08/2007 09:59:39 miles@specificclick[2].txt 346 octets
TrackingCookie.Smartadserver C:\Documents and Settings\MILES\Cookies\miles@smartadserver[2].txt 18/08/2007 09:59:39 miles@smartadserver[2].txt 270 octets
TrackingCookie.Real C:\Documents and Settings\MILES\Cookies\miles@real[1].txt 18/08/2007 09:59:39 miles@real[1].txt 89 octets
TrackingCookie.Estat C:\Documents and Settings\MILES\Cookies\miles@estat[1].txt 18/08/2007 09:59:39 miles@estat[1].txt 80 octets
TrackingCookie.2o7 C:\Documents and Settings\MILES\Cookies\miles@divx.112.2o7[1].txt 18/08/2007 09:59:39 miles@divx.112.2o7[1].txt 111 octets
TrackingCookie.Weborama C:\Documents and Settings\MILES\Cookies\miles@weborama[1].txt 16/08/2007 16:32:35 miles@weborama[1].txt 84 octets
TrackingCookie.2o7 C:\Documents and Settings\MILES\Cookies\miles@msnportal.112.2o7[1].txt 16/08/2007 16:32:35 miles@msnportal.112.2o7[1].txt 119 octets
TrackingCookie.Atdmt C:\Documents and Settings\MILES\Cookies\miles@atdmt[2].txt 16/08/2007 16:32:35 miles@atdmt[2].txt 96 octets
Cheval de Troie Downloader.Generic5.RMD E:\System Volume Information\_restore{D13DDD2A-9D4D-4245-93F1-1EC754B9810D}\RP25\A0006257.exe 16/08/2007 16:32:35 A0006257.exe 174.83 KB
TrackingCookie.Weborama C:\Documents and Settings\MILES\Cookies\miles@weborama[2].txt 15/08/2007 10:11:30 miles@weborama[2].txt 257 octets
TrackingCookie.Real C:\Documents and Settings\MILES\Cookies\miles@real[2].txt 15/08/2007 10:11:30 miles@real[2].txt 89 octets
TrackingCookie.Ivwbox C:\Documents and Settings\MILES\Cookies\miles@ivwbox[2].txt 15/08/2007 10:11:30 miles@ivwbox[2].txt 82 octets
Cheval de Troie Downloader.Generic5.RMD E:\WINDOWS\exefld\84020384.exe 15/08/2007 10:11:30 84020384.exe 174.83 KB
TrackingCookie.Yadro C:\Documents and Settings\MILES\Cookies\miles@yadro[1].txt 14/08/2007 09:55:47 miles@yadro[1].txt 73 octets
TrackingCookie.Weborama C:\Documents and Settings\MILES\Cookies\miles@weborama[1].txt 14/08/2007 09:55:47 miles@weborama[1].txt 84 octets
TrackingCookie.Real C:\Documents and Settings\MILES\Cookies\miles@real[2].txt 14/08/2007 09:55:47 miles@real[2].txt 506 octets
TrackingCookie.Webtrends C:\Documents and Settings\MILES\Cookies\miles@m.webtrends[2].txt 14/08/2007 09:55:47 miles@m.webtrends[2].txt 181 octets
TrackingCookie.Comclick C:\Documents and Settings\MILES\Cookies\miles@fl01.ct2.comclick[2].txt 14/08/2007 09:55:46 miles@fl01.ct2.comclick[2].txt 344 octets
TrackingCookie.Weborama C:\Documents and Settings\MILES\Cookies\miles@weborama[2].txt 11/08/2007 09:56:34 miles@weborama[2].txt 84 octets
TrackingCookie.Tacoda C:\Documents and Settings\MILES\Cookies\miles@tacoda[2].txt 11/08/2007 09:56:34 miles@tacoda[2].txt 496 octets
TrackingCookie.Smartadserver C:\Documents and Settings\MILES\Cookies\miles@smartadserver[2].txt 11/08/2007 09:56:34 miles@smartadserver[2].txt 371 octets
TrackingCookie.Real C:\Documents and Settings\MILES\Cookies\miles@real[2].txt 11/08/2007 09:56:34 miles@real[2].txt 597 octets
TrackingCookie.Real C:\Documents and Settings\MILES\Cookies\miles@realguide.real[1].txt 11/08/2007 09:56:34 miles@realguide.real[1].txt 85 octets
TrackingCookie.2o7 C:\Documents and Settings\MILES\Cookies\miles@microsoftwga.112.2o7[1].txt 11/08/2007 09:56:34 miles@microsoftwga.112.2o7[1].txt 121 octets
TrackingCookie.Webtrends C:\Documents and Settings\MILES\Cookies\miles@m.webtrends[2].txt 11/08/2007 09:56:34 miles@m.webtrends[2].txt 228 octets
TrackingCookie.Atdmt C:\Documents and Settings\MILES\Cookies\miles@atdmt[2].txt 11/08/2007 09:56:33 miles@atdmt[2].txt 96 octets
TrackingCookie.2o7 C:\Documents and Settings\MILES\Cookies\miles@2o7[1].txt 11/08/2007 09:56:33 miles@2o7[1].txt 246 octets
TrackingCookie.Weborama C:\Documents and Settings\MILES\Cookies\miles@weborama[1].txt 10/08/2007 09:56:57 miles@weborama[1].txt 167 octets
TrackingCookie.Smartadserver C:\Documents and Settings\MILES\Cookies\miles@smartadserver[2].txt 10/08/2007 09:56:57 miles@smartadserver[2].txt 373 octets
TrackingCookie.2o7 C:\Documents and Settings\MILES\Cookies\miles@microsoftwga.112.2o7[1].txt 10/08/2007 09:56:57 miles@microsoftwga.112.2o7[1].txt 121 octets
TrackingCookie.Webtrends C:\Documents and Settings\MILES\Cookies\miles@m.webtrends[2].txt 10/08/2007 09:56:57 miles@m.webtrends[2].txt 229 octets
TrackingCookie.Com C:\Documents and Settings\MILES\Cookies\miles@com[1].txt 10/08/2007 09:56:57 miles@com[1].txt 89 octets
TrackingCookie.Atdmt C:\Documents and Settings\MILES\Cookies\miles@atdmt[1].txt 10/08/2007 09:56:57 miles@atdmt[1].txt 98 octets
Cheval de Troie Downloader.Generic5.PIO G:\Nouveau dossier\aaw2007.exe 10/08/2007 09:56:53 aaw2007.exe 17.32 MB
TrackingCookie.2o7 C:\Documents and Settings\MILES\Cookies\miles@microsoftwga.112.2o7[1].txt 09/08/2007 09:43:05 miles@microsoftwga.112.2o7[1].txt 121 octets
TrackingCookie.Webtrends C:\Documents and Settings\MILES\Cookies\miles@m.webtrends[1].txt 09/08/2007 09:43:04 miles@m.webtrends[1].txt 213 octets
TrackingCookie.Atdmt C:\Documents and Settings\MILES\Cookies\miles@atdmt[2].txt 09/08/2007 09:43:04 miles@atdmt[2].txt 96 octets
TrackingCookie.Tradedoubler C:\Documents and Settings\MILES\Cookies\miles@tradedoubler[1].txt 08/08/2007 16:22:53 miles@tradedoubler[1].txt 119 octets
TrackingCookie.Smartadserver C:\Documents and Settings\MILES\Cookies\miles@smartadserver[2].txt 08/08/2007 16:22:53 miles@smartadserver[2].txt 270 octets
TrackingCookie.Skype C:\Documents and Settings\MILES\Cookies\miles@skype[2].txt 08/08/2007 16:22:53 miles@skype[2].txt 669 octets
TrackingCookie.Skype C:\Documents and Settings\MILES\Cookies\miles@site.skype[1].txt 08/08/2007 16:22:53 miles@site.skype[1].txt 95 octets
TrackingCookie.2o7 C:\Documents and Settings\MILES\Cookies\miles@msnportal.112.2o7[1].txt 08/08/2007 16:22:53 miles@msnportal.112.2o7[1].txt 118 octets
TrackingCookie.Hotlog C:\Documents and Settings\MILES\Cookies\miles@hotlog[2].txt 08/08/2007 16:22:53 miles@hotlog[2].txt 71 octets
TrackingCookie.Atdmt C:\Documents and Settings\MILES\Cookies\miles@atdmt[2].txt 08/08/2007 16:22:53 miles@atdmt[2].txt 97 octets
TrackingCookie.Yieldmanager C:\Documents and Settings\MILES\Cookies\miles@ad.yieldmanager[1].txt 08/08/2007 16:22:53 miles@ad.yieldmanager[1].txt 196 octets
TrackingCookie.2o7 C:\Documents and Settings\MILES\Cookies\miles@2o7[2].txt 08/08/2007 16:22:52 miles@2o7[2].txt 128 octets
Cheval de Troie Generic5.MBY G:\fichier J\UTILITAIRE\Nouveau dossier\utilitaire 2007\FSCommand\c9.exe 30/07/2007 11:26:18 c9.exe 129.49 KB
Cheval de Troie Generic5.JFE G:\fichier J\UTILITAIRE\Nouveau dossier\utilitaire 2007\FSCommand\c5.exe 30/07/2007 11:26:18 c5.exe 115.3 KB
Cheval de Troie Small.AD G:\fichier J\UTILITAIRE\ad aware\AVG\keygen AVG.exe 30/07/2007 11:26:18 keygen AVG.exe 52 KB
Cheval de Troie Agent.DYC G:\fichier J\SALIM\CrackDown.exe 30/07/2007 11:26:18 CrackDown.exe 390.5 KB
Virus identifié Obfustat.AHV F:\WINDOWS\system32\wintems.exe 30/07/2007 11:26:18 wintems.exe 55.53 KB
Virus identifié I-Worm/Bagle.TU F:\WINDOWS\exefld\44127732.exe 30/07/2007 11:26:18 44127732.exe 83 KB
Virus identifié Obfustat.HP F:\WINDOWS\exefld\43976004.exe 30/07/2007 11:26:18 43976004.exe 83 KB
Virus identifié Obfustat.HP F:\WINDOWS\exefld\43682432.exe 30/07/2007 11:26:18 43682432.exe 83 KB
Virus identifié Obfustat.HP F:\WINDOWS\exefld\391402.exe 30/07/2007 11:26:17 391402.exe 83 KB
Virus identifié Obfustat.HP F:\WINDOWS\exefld\371309574.exe 30/07/2007 11:26:17 371309574.exe 83 KB
Virus identifié Obfustat.HP F:\WINDOWS\exefld\29695539.exe 30/07/2007 11:26:17 29695539.exe 83 KB
Virus identifié Obfustat.HP F:\WINDOWS\exefld\29533807.exe 30/07/2007 11:26:17 29533807.exe 83 KB
Virus identifié Obfustat.HP F:\WINDOWS\exefld\29218994.exe 30/07/2007 11:26:17 29218994.exe 83 KB
Virus identifié Obfustat.HP F:\WINDOWS\exefld\205074.exe 30/07/2007 11:26:17 205074.exe 83 KB
Virus identifié I-Worm/Bagle.TU F:\WINDOWS\exefld\203732.exe 30/07/2007 11:26:17 203732.exe 83 KB
Virus identifié I-Worm/Bagle.TU F:\WINDOWS\exefld\198745.exe 30/07/2007 11:26:17 198745.exe 83 KB
Virus identifié Obfustat.HP F:\WINDOWS\exefld\195320.exe 30/07/2007 11:26:17 195320.exe 83 KB
Virus identifié Obfustat.HP F:\WINDOWS\exefld\15250649.exe 30/07/2007 11:26:17 15250649.exe 83 KB
Virus identifié Obfustat.HP F:\WINDOWS\exefld\14713707.exe 30/07/2007 11:26:17 14713707.exe 83 KB
Virus identifié Obfustat.HP F:\System Volume Information\_restore{3AA51383-1463-41A3-9108-0CF96EC3B0DC}\RP287\A0091642.exe 30/07/2007 11:26:17 A0091642.exe 83 KB
Virus identifié I-Worm/Bagle.TU F:\System Volume Information\_restore{3AA51383-1463-41A3-9108-0CF96EC3B0DC}\RP286\A0090784.exe 30/07/2007 11:26:17 A0090784.exe 83 KB
Virus identifié Obfustat.AHV F:\Documents and Settings\Administrateur\Local Settings\Temp\~48E.exe 30/07/2007 11:26:16 ~48E.exe 55.53 KB
Virus identifié Obfustat.AGV F:\Documents and Settings\Administrateur\Local Settings\Temp\~48D.exe 30/07/2007 11:26:16 ~48D.exe 86 KB
Virus identifié Obfustat.AGV F:\Documents and Settings\Administrateur\Application Data\hidires\hidr.exe 30/07/2007 11:26:16 hidr.exe 86 KB

et le rapport hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 18:34:10, on 08/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nisvcloc.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Micro Application\12 DICOS Indispensables\MediaDICO12.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Micro Application\12 DICOS Indispensables\Rac12.EXE
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Larousse\Petit Larousse 2007\bin\Hyperappel.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
D:\Program Files\DAP\DAP.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON Tools\daemon.exe" -lang 1036
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MediaDico] C:\Program Files\Micro Application\12 DICOS Indispensables\LanceMediaDICO12.exe Lancement
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Hyperappel du Petit Larousse 2007.lnk = C:\Program Files\Larousse\Petit Larousse 2007\bin\Hyperappel.exe
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{054C26D5-5C88-4053-9A81-1C3752369502}: NameServer = 208.67.222.222 193.55.10.102
O17 - HKLM\System\CS3\Services\Tcpip\..\{054C26D5-5C88-4053-9A81-1C3752369502}: NameServer = 208.67.222.222 193.55.10.102
O17 - HKLM\System\CS5\Services\Tcpip\..\{054C26D5-5C88-4053-9A81-1C3752369502}: NameServer = 208.67.222.222 193.55.10.102
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - Unknown owner - J:\nationalm instrument\Shared\Security\nidmsrv.exe (file missing)
O23 - Service: NILM License Manager - Unknown owner - J:\nationalm instrument\Shared\License Manager\Bin\lmgrd.exe (file missing)
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)

voila ce que vous m'avez demandez de faire.

concernant les problémes de mon ordi, j'ai tout le temps ou presque mon UC qui fonctionne a 100%, ca rame et j'entends souvent le ventilo qui s'active pour un moment.
de plus, il m'est impossible de visualiser mes fichiers cachés : en allant dans dossier option, etc......., une fois coché, l'option de visualiser les fichier, se décoche d'elle même, c'est comme si qu'elle est vérouillé.
voila, et merci encore pour ton aide.

N/B : au fait tout les logiciels que vous m'avez demander de télécharger dois je les garder ou je les désinstalle , merci pour tout

Répondre à Be SMILE

jlpjlp, le 8 sep 2007 à 20:38:55

Vire ce qui est en quarantaine dans avg
___________

desactive la restauration systeme puis

stinger

http://download.nai.com/products/mcafee-avert/stinger.exe

puis

http://securityresponse.symantec.com/avcenter/FxBeagle.exe

puis

http://securityresponse.symantec.com/avcenter/FxBgleMO.exe
_____________

essaye de refaire elibaga

_____________

smit fraud fix (colle le rapport)

1/ telecharger :
http://telechargement.zebulon.fr/smitfraudfix.html

2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. une fois le rapport effectué redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général)

3/ puis refaire comme en 2/ mais sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée
___________

AD AWARE:
http://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/11643.html
___________

relance ccleaner et nettoie

___________

reactive la restauration systeme

puis refais un scan en ligne et recolle hijackthis et dis tes pbs

Répondre à jlpjlp

Posez votre question Répondre