[LOGICIEL] [Centralisation] .:::: Hijackthis ::::.

[snooky]

@ manolele :

Désactive la restauration système .

Désinstalle Spybot.

Coche et fixe ces lignes :

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {613E7B70-5380-4063-A060-C147AB994C02} - C:\WINDOWS\system32\nnnmljg.dll

O2 - BHO: (no name) - {6F2058A8-FCF3-5C8A-E089-041DB8D674F5} - C:\WINDOWS\system32\fsnvzjb.dll

O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - (no file)

O4 - HKLM\..\Run: [sitaomk.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\poitou\Local Settings\Application Data\sitaomk.dll",nwkcvcb

O4 - Startup: .protected

O4 - Global Startup: .protected

O20 - Winlogon Notify: ddabx - C:\WINDOWS\system32\ddabx.dll

Passe Vundofix et poste le rapport créé ?

http://www.atribune.org/ccount/click.php?id=4

Passe Clean 1.4 byFRUiT.

Passe SysClean et poste le rapport créé.

[snooky]

@ Bobby6Killer37 :

msconfig dans Démarrer / Exécuter , onglet Démarrage .

Décoche tout et redémarre .

Pareil ?

[Bobby6Killer37]

Pareil, et maintenant j'ai même un message d'erreur quand je lance MSN:

IE7 ne se lance plus et CSS me met une erreur au lancement...qui a dit formatage ?

[snooky]

Oui , formate , c'est bien plus simple .

[Bobby6Killer37]

OK, merci quand même

[snooky]

De rien .

[manolele]

@ manolele :

Désactive la restauration système .

Désinstalle Spybot.

Coche et fixe ces lignes :

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {613E7B70-5380-4063-A060-C147AB994C02} - C:\WINDOWS\system32\nnnmljg.dll

O2 - BHO: (no name) - {6F2058A8-FCF3-5C8A-E089-041DB8D674F5} - C:\WINDOWS\system32\fsnvzjb.dll

O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - (no file)

O4 - HKLM\..\Run: [sitaomk.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\poitou\Local Settings\Application Data\sitaomk.dll",nwkcvcb

O4 - Startup: .protected

O4 - Global Startup: .protected

O20 - Winlogon Notify: ddabx - C:\WINDOWS\system32\ddabx.dll

Passe Vundofix et poste le rapport créé ?

http://www.atribune.org/ccount/click.php?id=4

Passe Clean 1.4 byFRUiT.

Passe SysClean et poste le rapport créé.

Merci de ton attention.

rapport de vundofix:

C:\Windows\system32\ddabx.dll

C:\Windows\system32\nnnmlig.dll

C:\Windows\system32\sbadd.bak1

C:\Windows\system32\xbadd.bak2

C:\Windows\system32sbadd.ini

rapport de Sysclean:

Damage Cleanup Engine (DCE) 3.98(Build 1012)

Windows XP(Build 2600: Service Pack 2)

Start time : lun. févr. 19 2007 14:35:06

Load Damage Cleanup Template (DCT) "D:\Documents and Settings\MetaSnook\Bureau\SysCleanTrendMicro\SysCleanTrendMicro\tsc.ptn" (version 772) [success]

Complete time : lun. févr. 19 2007 14:35:14

Execute pattern count(2924), Virus found count(0), Virus clean count(0), Clean failed count(0)

Damage Cleanup Engine (DCE) 3.98(Build 1012)

Windows XP(Build 2600: Service Pack 2)

Start time : lun. févr. 19 2007 14:37:23

Load Damage Cleanup Template (DCT) "D:\Documents and Settings\MetaSnook\Bureau\SysCleanTrendMicro\SysCleanTrendMicro\tsc.ptn" (version 772) [success]

Merci par avance

[manolele]

@ manolele :

Désactive la restauration système .

Désinstalle Spybot.

Coche et fixe ces lignes :

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {613E7B70-5380-4063-A060-C147AB994C02} - C:\WINDOWS\system32\nnnmljg.dll

O2 - BHO: (no name) - {6F2058A8-FCF3-5C8A-E089-041DB8D674F5} - C:\WINDOWS\system32\fsnvzjb.dll

O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - (no file)

O4 - HKLM\..\Run: [sitaomk.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\poitou\Local Settings\Application Data\sitaomk.dll",nwkcvcb

O4 - Startup: .protected

O4 - Global Startup: .protected

O20 - Winlogon Notify: ddabx - C:\WINDOWS\system32\ddabx.dll

Passe Vundofix et poste le rapport créé ?

http://www.atribune.org/ccount/click.php?id=4

Passe Clean 1.4 byFRUiT.

Passe SysClean et poste le rapport créé.

Merci de ton attention.

rapport de vundofix:

C:\Windows\system32\ddabx.dll

C:\Windows\system32\nnnmlig.dll

C:\Windows\system32\sbadd.bak1

C:\Windows\system32\xbadd.bak2

C:\Windows\system32sbadd.ini

rapport de Sysclean:

Damage Cleanup Engine (DCE) 3.98(Build 1012)

Windows XP(Build 2600: Service Pack 2)

Start time : lun. févr. 19 2007 14:35:06

Load Damage Cleanup Template (DCT) "D:\Documents and Settings\MetaSnook\Bureau\SysCleanTrendMicro\SysCleanTrendMicro\tsc.ptn" (version 772) [success]

Complete time : lun. févr. 19 2007 14:35:14

Execute pattern count(2924), Virus found count(0), Virus clean count(0), Clean failed count(0)

Damage Cleanup Engine (DCE) 3.98(Build 1012)

Windows XP(Build 2600: Service Pack 2)

Start time : lun. févr. 19 2007 14:37:23

Load Damage Cleanup Template (DCT) "D:\Documents and Settings\MetaSnook\Bureau\SysCleanTrendMicro\SysCleanTrendMicro\tsc.ptn" (version 772) [success]

Merci par avance

erreur dans le rapport voici le bon

/--------------------------------------------------------------\

| Trend Micro Sysclean Package |

| Copyright 2002, Trend Micro, Inc. |

| http://www.trendmicro.com |

\--------------------------------------------------------------/

2007-02-19, 14:35:06, Auto-clean mode specified.

2007-02-19, 14:35:06, Running scanner "D:\Documents and Settings\MetaSnook\Bureau\SysCleanTrendMicro\SysCleanTrendMicro\TSC.BIN"...

2007-02-19, 14:35:14, Scanner "D:\Documents and Settings\MetaSnook\Bureau\SysCleanTrendMicro\SysCleanTrendMicro\TSC.BIN" has finished running.

2007-02-19, 14:35:14, TSC Log:

2007-02-19, 14:35:14, Could not set file for reading on "C:\bootmgr": Accès refusé.

2007-02-19, 14:35:50, Could not set file for reading on "C:\Boot\memtest.exe": Accès refusé.

2007-02-19, 14:35:50, Could not set file for reading on "C:\Boot\cs-CZ\bootmgr.exe.mui": Accès refusé.

2007-02-19, 14:35:50, Could not set file for reading on "C:\Boot\da-DK\bootmgr.exe.mui": Accès refusé.

2007-02-19, 14:35:50, Could not set file for reading on "C:\Boot\de-DE\bootmgr.exe.mui": Accès refusé.

2007-02-19, 14:35:50, Could not set file for reading on "C:\Boot\el-GR\bootmgr.exe.mui": Accès refusé.

2007-02-19, 14:35:50, Could not set file for reading on "C:\Boot\en-US\bootmgr.exe.mui": Accès refusé.

2007-02-19, 14:35:50, Could not set file for reading on "C:\Boot\en-US\memtest.exe.mui": Accès refusé.

2007-02-19, 14:35:50, Could not set file for reading on "C:\Boot\es-ES\bootmgr.exe.mui": Accès refusé.

2007-02-19, 14:35:50, Could not set file for reading on "C:\Boot\fi-FI\bootmgr.exe.mui": Accès refusé.

2007-02-19, 14:35:50, Could not set file for reading on "C:\Boot\Fonts\chs_boot.ttf": Accès refusé.

2007-02-19, 14:35:50, Could not set file for reading on "C:\Boot\Fonts\cht_boot.ttf": Accès refusé.

2007-02-19, 14:35:50, Could not set file for reading on "C:\Boot\Fonts\jpn_boot.ttf": Accès refusé.

2007-02-19, 14:35:50, Could not set file for reading on "C:\Boot\Fonts\kor_boot.ttf": Accès refusé.

2007-02-19, 14:35:50, Could not set file for reading on "C:\Boot\Fonts\wgl4_boot.ttf": Accès refusé.

2007-02-19, 14:35:50, Could not set file for reading on "C:\Boot\fr-FR\bootfix.bin": Accès refusé.

2007-02-19, 14:35:50, Could not set file for reading on "C:\Boot\fr-FR\bootmgr.exe.mui": Accès refusé.

2007-02-19, 14:35:50, Could not set file for reading on "C:\Boot\fr-FR\memtest.exe.mui": Accès refusé.

2007-02-19, 14:35:50, Could not set file for reading on "C:\Boot\hu-HU\bootmgr.exe.mui": Accès refusé.

2007-02-19, 14:35:50, Could not set file for reading on "C:\Boot\it-IT\bootmgr.exe.mui": Accès refusé.

2007-02-19, 14:35:50, Could not set file for reading on "C:\Boot\ja-JP\bootmgr.exe.mui": Accès refusé.

2007-02-19, 14:35:50, Could not set file for reading on "C:\Boot\ko-KR\bootmgr.exe.mui": Accès refusé.

2007-02-19, 14:35:50, Could not set file for reading on "C:\Boot\nb-NO\bootmgr.exe.mui": Accès refusé.

2007-02-19, 14:35:50, Could not set file for reading on "C:\Boot\nl-NL\bootmgr.exe.mui": Accès refusé.

2007-02-19, 14:35:50, Could not set file for reading on "C:\Boot\pl-PL\bootmgr.exe.mui": Accès refusé.

2007-02-19, 14:35:50, Could not set file for reading on "C:\Boot\pt-BR\bootmgr.exe.mui": Accès refusé.

2007-02-19, 14:35:50, Could not set file for reading on "C:\Boot\pt-PT\bootmgr.exe.mui": Accès refusé.

2007-02-19, 14:35:50, Could not set file for reading on "C:\Boot\ru-RU\bootmgr.exe.mui": Accès refusé.

2007-02-19, 14:35:50, Could not set file for reading on "C:\Boot\sv-SE\bootmgr.exe.mui": Accès refusé.

2007-02-19, 14:35:50, Could not set file for reading on "C:\Boot\tr-TR\bootmgr.exe.mui": Accès refusé.

2007-02-19, 14:35:50, Could not set file for reading on "C:\Boot\zh-CN\bootmgr.exe.mui": Accès refusé.

2007-02-19, 14:35:50, Could not set file for reading on "C:\Boot\zh-HK\bootmgr.exe.mui": Accès refusé.

2007-02-19, 14:35:50, Could not set file for reading on "C:\Boot\zh-TW\bootmgr.exe.mui": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\095cb2e83495b00e3d71879ec5e7bb7f_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0a7dfec2d94c9e17090fc78729ca05df_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0ba419dfe08007c7215a9a5c49816e20_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0bbb6c9578bfdaa5dfdadc369c6b6c58_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0c508b649c50dd8b7c2df914b5e2f818_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d5fd0f030c3d97008bdc7f3e5fb0da4_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0efa19c18925236d4dd9577a0b01591b_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\228e2d48188955f0b17faf6bf3bf24d0_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\27c93c9c09f73ac9e2a0e1e5a2bb7cef_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\27d17b38ee1d18a5f44165f2e6ba3255_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2b407740a80fa473488b825021a08c05_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2d0750e5649ec4f10913b397cc20e135_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\311ff855539e57986883d44301aaaf69_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\31e16256dae11dc8da07a7461a0f92b6_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\32aadd13b491dac41ecb2d108859178d_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\378ef72eede85b0c666016122d8ebf12_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3a11625e96336f63f0cadecb2cd5ad64_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3d586ac905d47a65ac609addbe516d0e_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\422af2f65f75fa6c3381f900b7741253_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\47ef35cc26451887aeaece2718c3b587_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4c03317990b9403dd10dfad59ba79e09_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4fb19c55310c6b9078f3f6f9a69aec39_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5134d69a6bfed8f314023de00117fbef_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\530a35551f0735f0d69e5f95794d41ed_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\530f3f2f6f81bfbb7b810fec6efba966_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\55a90e3964f0fd30e24a51ada107c125_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\58cd0f778d4e596c180398d9a713578b_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\59ff5a252c4518ac2279f857ab0b407b_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5ac864a706c7fe1bcee32a81e6319425_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6273a0b349be6da64ad391a013ef954b_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\683856ac8f82624a7a44d3b9b08bccf7_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6f3c0a29bca2612459bef0a1b4a6a146_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\77072ff6d3fd2a8e76f115e6565fe43e_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7c6fad9268a1479763b55771bc0c16ae_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7dfc2716847edb6793271bf4446755a0_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8272765e0c8fd9721c931e02bb7d23ab_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\84f232842fe75242a26a8b636ad39a91_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8514c7df0f78996e3469b7813c31d129_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\851b7d7925ff9397d09cc1fdb307dec0_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\87d3625d3f3ac94097b06dc3b3ff2465_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8bcd3a2c1d4a12fe87f424a1bd12d9d5_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\90525fad85275f67941b07824bc03be6_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\90774a6e6ca80dd917909da91867d221_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\909efd514a727ab8fee4b69a1ba1814a_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\92cc4da41f66051b962afaf88305f763_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\94e53b09d5967e23cd63f16e949dace5_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\991a8b4ab7be68c186d765aaa1b0070e_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9ae92f653f4c42291f465fd7d9cdd9a8_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9c32cac170acaebc5d1e12a0c1723887_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9dc55bdce4fff36c1f4c3d831849a6c2_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9fa0c8773100a5b34bad612c651c5979_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a7a93bf40596f6484d51cfeb46425f5e_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b547a96836c4ec246fa1f3413d7d4b42_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb7c4ad35e7df20330425ed8eb9be684_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bcb1378666eb9e454f45e668f49a8df6_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\be1221098b1b6b71a1e0616448e65c8b_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\be5523ed145bd90ae9cca598cd412f2d_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bfbf215b87215a682c1f5137e094c36c_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c95b9dd0f30e7111c84d4fbcb1445cff_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c9602c6008976898f5b20ddc8c872adc_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ca5f8662fa390cefff55ac8dead79db3_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cbd4f5243cc51fe4f2c17b2d7ae4deac_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ce1112872828c3ac35183a1357f4c03c_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ce19318fed00dfd8ba0db068c9ee39ed_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cf733e55c0eedde0a165f8c2328ff353_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d2550fd5b279f3a4916e62f738a39eb3_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d258072a5f7a339a34cb80b382d08a7f_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d49d4d87fdab2e7297208d83c22ae807_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d792722379778f2918a2ca3e733e9669_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d7d1250f2df5d49edf786fd76fa6baa7_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d842e7a89944edf80b34e943831b7190_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d9c01223cbaf80cfc0d5cb6c15243927_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\da5d2e7ce42265ef9200ddde133d4c7a_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e015e41d5a4a0b68004d528cec27adc2_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e2ed3e3796b3002493a9d4a16ea6660e_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e3274dee15242af815c582c35dfb7bd7_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e39bafab8745b0f9db46d821bbfe91fe_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\edfe7d88c787abf18f6c10aa4f251e03_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f2e27a1a864ce66f25d11817546cf719_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f56f7179043110815ede25f8aad2decd_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f5c1ead5890bf4528c68a104b51bc27a_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fa2527b482f00b613a90dbf9acfed352_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:19, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fa6e4a6a56923b3ca0231754700493f8_4e646123-f326-4dab-8b19-e53e618be2a1": Accès refusé.

2007-02-19, 14:36:33, Could not set file for reading on "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Dr Watson\user.dmp": Accès refusé.

2007-02-19, 14:36:39, The user stopped the operation.

/--------------------------------------------------------------\

| Trend Micro Sysclean Package |

| Copyright 2002, Trend Micro, Inc. |

| http://www.trendmicro.com |

\--------------------------------------------------------------/

2007-02-19, 14:37:21, Auto-clean mode specified.

2007-02-19, 14:37:21, Running scanner "D:\Documents and Settings\MetaSnook\Bureau\SysCleanTrendMicro\SysCleanTrendMicro\TSC.BIN"...

2007-02-19, 14:37:30, Scanner "D:\Documents and Settings\MetaSnook\Bureau\SysCleanTrendMicro\SysCleanTrendMicro\TSC.BIN" has finished running.

2007-02-19, 14:37:30, TSC Log:

2007-02-19, 14:37:31, Could not set file for reading on "C:\bootmgr": Accès refusé.

2007-02-19, 14:37:57, Operation was aborted.

/--------------------------------------------------------------\

| Trend Micro Sysclean Package |

| Copyright 2002, Trend Micro, Inc. |

| http://www.trendmicro.com |

\--------------------------------------------------------------/

2007-02-23, 23:56:00, Auto-clean mode specified.

2007-02-23, 23:56:00, Running scanner "C:\Documents and Settings\poitou\Bureau\securitePC\SysCleanTrendMicro\TSC.BIN"...

2007-02-23, 23:56:22, Scanner "C:\Documents and Settings\poitou\Bureau\securitePC\SysCleanTrendMicro\TSC.BIN" has finished running.

2007-02-23, 23:56:22, TSC Log:

2007-02-23, 23:58:34, An error occurred while scanning file "C:\WINDOWS\system32\config\system.LOG": Accès refusé.

2007-02-23, 23:58:34, An error occurred while scanning file "C:\WINDOWS\system32\config\software.LOG": Accès refusé.

2007-02-23, 23:58:34, An error occurred while scanning file "C:\WINDOWS\system32\config\default.LOG": Accès refusé.

2007-02-23, 23:58:35, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM.LOG": Accès refusé.

2007-02-23, 23:58:35, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY.LOG": Accès refusé.

2007-02-23, 23:58:36, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY": Accès refusé.

2007-02-23, 23:58:36, An error occurred while scanning file "C:\WINDOWS\system32\config\SOFTWARE": Accès refusé.

2007-02-23, 23:58:36, An error occurred while scanning file "C:\WINDOWS\system32\config\SYSTEM": Accès refusé.

2007-02-23, 23:58:36, An error occurred while scanning file "C:\WINDOWS\system32\config\DEFAULT": Accès refusé.

2007-02-23, 23:58:36, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM": Accès refusé.

2007-02-23, 23:59:10, An error occurred while scanning file "C:\WINDOWS\system32\CatRoot2\edb.log": Accès refusé.

2007-02-23, 23:59:10, An error occurred while scanning file "C:\WINDOWS\system32\CatRoot2\tmp.edb": Accès refusé.

2007-02-24, 00:00:29, An error occurred while scanning file "C:\WINDOWS\Temp\JETAC7C.tmp": Accès refusé.

2007-02-24, 00:00:29, An error occurred while scanning file "C:\WINDOWS\Temp\Perflib_Perfdata_6a4.dat": Accès refusé.

2007-02-24, 00:00:29, An error occurred while scanning file "C:\WINDOWS\Temp\win5A5.tmp": Accès refusé.

2007-02-24, 00:00:30, An error occurred while scanning file "C:\WINDOWS\Temp\winB52.tmp": Accès refusé.

2007-02-24, 00:00:56, An error occurred while scanning file "C:\WINDOWS\SoftwareDistribution\EventCache\{8D9D25D9-94E1-4044-AF2C-4B7041A2D889}.bin": Accès refusé.

2007-02-24, 00:02:22, An error occurred while scanning file "C:\Documents and Settings\NetworkService\ntuser.dat.LOG": Accès refusé.

2007-02-24, 00:02:23, An error occurred while scanning file "C:\Documents and Settings\NetworkService\NTUSER.DAT": Accès refusé.

2007-02-24, 00:02:23, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Accès refusé.

2007-02-24, 00:02:23, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Accès refusé.

2007-02-24, 00:02:23, An error occurred while scanning file "C:\Documents and Settings\LocalService\ntuser.dat.LOG": Accès refusé.

2007-02-24, 00:02:23, An error occurred while scanning file "C:\Documents and Settings\LocalService\NTUSER.DAT": Accès refusé.

2007-02-24, 00:02:23, An error occurred while scanning file "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Accès refusé.

2007-02-24, 00:02:23, An error occurred while scanning file "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Accès refusé.

2007-02-24, 00:02:24, An error occurred while scanning file "C:\Documents and Settings\poitou\ntuser.dat.LOG": Accès refusé.

2007-02-24, 00:02:24, An error occurred while scanning file "C:\Documents and Settings\poitou\NTUSER.DAT": Accès refusé.

2007-02-24, 00:02:24, An error occurred while scanning file "C:\Documents and Settings\poitou\Local Settings\Temp\~DFBFF8.tmp": Accès refusé.

2007-02-24, 00:02:25, An error occurred while scanning file "C:\Documents and Settings\poitou\Local Settings\Temp\~DFC019.tmp": Accès refusé.

2007-02-24, 00:02:25, An error occurred while scanning file "C:\Documents and Settings\poitou\Local Settings\Temp\~DFD9FE.tmp": Accès refusé.

2007-02-24, 00:02:25, An error occurred while scanning file "C:\Documents and Settings\poitou\Local Settings\Temp\~DFDA73.tmp": Accès refusé.

2007-02-24, 00:02:31, An error occurred while scanning file "C:\Documents and Settings\poitou\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Accès refusé.

2007-02-24, 00:02:31, An error occurred while scanning file "C:\Documents and Settings\poitou\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Accès refusé.

2007-02-24, 00:09:01, Running scanner "C:\Documents and Settings\poitou\Bureau\securitePC\SysCleanTrendMicro\VSCANTM.BIN"...

2007-02-24, 00:24:23, Files Detected:

Copyright © 1990 - 2004 Trend Micro Inc.

Report Date : 2/24/2007 00:09:03

VSAPI Engine Version : 8.000-1001

VSCANTM Version : 1.1-1001

Virus Pattern Version : 278 (158679 Patterns) (2007/02/19) (427805)

Command Line: C:\Documents and Settings\poitou\Bureau\securitePC\SysCleanTrendMicro\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\poitou\Bureau\securitePC\SysCleanTrendMicro

C:\WINDOWS\system32\sitaomk.dll [Possible_Obfus]

C:\WINDOWS\system32\fsnvzjb.dll [Possible_Obfus]

C:\Documents and Settings\poitou\Local Settings\Application Data\sitaomk.dll [Possible_Obfus]

C:\Program Files\Hijackthis Version Française\backups\backup-20070223-212354-463.dll [Possible_Obfus]

53860 files have been read.

53860 files have been checked.

43353 files have been scanned.

87176 files have been scanned. (including files in archived)

4 files containing viruses.

Found 4 viruses totally.

Maybe 0 viruses totally.

Stop At : 2/24/2007 00:24:23

---------*---------*---------*---------*---------*---------*---------*---------*

2007-02-24, 00:24:24, Files Clean:

Copyright © 1990 - 2004 Trend Micro Inc.

Report Date : 2/24/2007 00:09:03

VSAPI Engine Version : 8.000-1001

VSCANTM Version : 1.1-1001

Virus Pattern Version : 278 (158679 Patterns) (2007/02/19) (427805)

Command Line: C:\Documents and Settings\poitou\Bureau\securitePC\SysCleanTrendMicro\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\poitou\Bureau\securitePC\SysCleanTrendMicro

Can not Clean [ Possible_Obfus]( 1) from C:\WINDOWS\system32\sitaomk.dll

Can not Clean [ Possible_Obfus]( 1) from C:\WINDOWS\system32\fsnvzjb.dll

Can not Clean [ Possible_Obfus]( 1) from C:\Documents and Settings\poitou\Local Settings\Application Data\sitaomk.dll

Can not Clean [ Possible_Obfus]( 1) from C:\Program Files\Hijackthis Version Française\backups\backup-20070223-212354-463.dll

53860 files have been read.

53860 files have been checked.

43353 files have been scanned.

87176 files have been scanned. (including files in archived)

4 files containing viruses.

Found 4 viruses totally.

Maybe 0 viruses totally.

Stop At : 2/24/2007 00:24:23 15 minutes 19 seconds (919.20 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*

2007-02-24, 00:24:24, Clean Fail:

Copyright © 1990 - 2004 Trend Micro Inc.

Report Date : 2/24/2007 00:09:03

VSAPI Engine Version : 8.000-1001

VSCANTM Version : 1.1-1001

Virus Pattern Version : 278 (158679 Patterns) (2007/02/19) (427805)

Command Line: C:\Documents and Settings\poitou\Bureau\securitePC\SysCleanTrendMicro\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\poitou\Bureau\securitePC\SysCleanTrendMicro

Can not Clean [ Possible_Obfus]( 1) from C:\WINDOWS\system32\sitaomk.dll

Can not Clean [ Possible_Obfus]( 1) from C:\WINDOWS\system32\fsnvzjb.dll

Can not Clean [ Possible_Obfus]( 1) from C:\Documents and Settings\poitou\Local Settings\Application Data\sitaomk.dll

Can not Clean [ Possible_Obfus]( 1) from C:\Program Files\Hijackthis Version Française\backups\backup-20070223-212354-463.dll

53860 files have been read.

53860 files have been checked.

43353 files have been scanned.

87176 files have been scanned. (including files in archived)

4 files containing viruses.

Found 4 viruses totally.

Maybe 0 viruses totally.

Stop At : 2/24/2007 00:24:23 15 minutes 19 seconds (919.20 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*

2007-02-24, 00:24:24, Scanner "C:\Documents and Settings\poitou\Bureau\securitePC\SysCleanTrendMicro\VSCANTM.BIN" has finished running.

2007-02-24, 00:41:40, Running scanner "C:\Documents and Settings\poitou\Bureau\securitePC\SysCleanTrendMicro\VSCANTM.BIN"...

2007-02-24, 00:41:49, Files Detected:

Copyright © 1990 - 2004 Trend Micro Inc.

Report Date : 2/24/2007 00:41:40

VSAPI Engine Version : 8.000-1001

VSCANTM Version : 1.1-1001

Virus Pattern Version : 278 (158679 Patterns) (2007/02/19) (427805)

Command Line: C:\Documents and Settings\poitou\Bureau\securitePC\SysCleanTrendMicro\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\poitou\Bureau\securitePC\SysCleanTrendMicro

507 files have been read.

507 files have been checked.

419 files have been scanned.

420 files have been scanned. (including files in archived)

0 files containing viruses.

Found 0 viruses totally.

Maybe 0 viruses totally.

Stop At : 2/24/2007 00:41:49

---------*---------*---------*---------*---------*---------*---------*---------*

2007-02-24, 00:41:49, Files Clean:

Copyright © 1990 - 2004 Trend Micro Inc.

Report Date : 2/24/2007 00:41:40

VSAPI Engine Version : 8.000-1001

VSCANTM Version : 1.1-1001

Virus Pattern Version : 278 (158679 Patterns) (2007/02/19) (427805)

Command Line: C:\Documents and Settings\poitou\Bureau\securitePC\SysCleanTrendMicro\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\poitou\Bureau\securitePC\SysCleanTrendMicro

507 files have been read.

507 files have been checked.

419 files have been scanned.

420 files have been scanned. (including files in archived)

0 files containing viruses.

Found 0 viruses totally.

Maybe 0 viruses totally.

Stop At : 2/24/2007 00:41:49 6 seconds (5.70 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*

2007-02-24, 00:41:49, Clean Fail:

Copyright © 1990 - 2004 Trend Micro Inc.

Report Date : 2/24/2007 00:41:40

VSAPI Engine Version : 8.000-1001

VSCANTM Version : 1.1-1001

Virus Pattern Version : 278 (158679 Patterns) (2007/02/19) (427805)

Command Line: C:\Documents and Settings\poitou\Bureau\securitePC\SysCleanTrendMicro\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\poitou\Bureau\securitePC\SysCleanTrendMicro

507 files have been read.

507 files have been checked.

419 files have been scanned.

420 files have been scanned. (including files in archived)

0 files containing viruses.

Found 0 viruses totally.

Maybe 0 viruses totally.

Stop At : 2/24/2007 00:41:49 6 seconds (5.70 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*

2007-02-24, 00:41:49, Scanner "C:\Documents and Settings\poitou\Bureau\securitePC\SysCleanTrendMicro\VSCANTM.BIN" has finished running.

[Kristof2582]

salut je te poste ceci en rapport a mon probleme avec active virus shield

k' en pense tu?.....

merci de m' eclairer un peu svp......

Logfile of HijackThis v1.99.1

Scan saved at 05:12:23, on 24/02/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AOL\Active Virus Shield\avp.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\sm56hlpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\AOL\Active Virus Shield\avp.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\MessengerSkinner\MessengerSkinner.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[noisette]

Salut Snooky

de la part de kolpakopoul:

######################################

Scan saved at 14:05:57, on 23/02/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\MSN Messenger\usnsvc.exe

D:\emule\eMule.exe

C:\Program Files\uTorrent\utorrent.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe

C:\Program Files\Nero\Nero 7\Core\nero.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\DEKOLP~1.!\LOCALS~1\Temp\Rar$EX00.016\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O1 - Hosts: 66.98.148.65 auto.search.msn.com

O1 - Hosts: 66.98.148.65 auto.search.msn.es

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172111930593

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

bon y'a un ptit truc que je dois te dire dans le scan j'ai vue deux grosses croix ROUGE cela concernait le fichier HOSTS y'en 2 ca dit qu'il faut les effaces .... aussi le probleme survient que l'orsque j'entamme une conversation video sur msn .... donc je te rexplique je fais demarrer poste de travail et je selectionne le disque D et bien rien ne ce passe et par contre quand j'ouvre internet et bien en meme temps que la page s'affiche et bien s'affiche aussi la demande que j'ai fait avant a savoir le disque D

en tout les cas je te remercie et attend avec impatience le denouement avec explication si tu peux

merci encore

[snooky]

@ kolpakopoul:

Désactive la restauration système et réactive là .

Services.msc dans Démarrer :

Arrête et désactive ces services :

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

Désinstalle le firewall Nvidia Network Access Manager via Ajout/supp des programmes .

Passe Clean 1.4 byFRUiT

Dans Ajout/supp des programmes , " Modifier " sur WLM 8.1, puis " Réparer".

[snooky]

@ manolele :

Redémarre en mode sans échec .

Passe Vundofix et poste le rapport :

http://www.atribune.org/ccount/click.php?id=4

Poste un nouveau rapport Hijackthis .

[snooky]

@ Kristof2582 :

Passe SmitfraudFix et poste son rapport.

[Kristof2582]

voici ce que j obtient.....

SmitFraudFix v2.144

Rapport fait à 14:54:42,06, 24/02/2007

Executé à partir de C:\Documents and Settings\KRISTOF\Bureau\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\KRISTOF

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\KRISTOF\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\KRISTOF\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

[snooky]

Choisis l'option 2 .

Installe le fichier Hosts .

[Kristof2582]

ok mais questions betes, je fais comment pour placer le fichier .bat dans le dossier windows? et comment mettre un raccourci dans la barre de lancement rapide?

[fougam]

bonjour snooky

j'ai quelques soucis avec mon pc peux tu m'aider please??

merci

Logfile of HijackThis v1.99.1

Scan saved at 16:32:50, on 24/02/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\HP\KBD\KBD.EXE

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\System32\hphmon05.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\MessengerPlus! 3\MsgPlus1.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Valve\Steam\Steam.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Odebit Multimédia\V2\Odebit.exe

C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe

C:\Program Files\Xfire\Xfire.exe

C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe

C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3409E~1\Bar888.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3409E~1\Bar888.dll

O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe"

O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"

O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P41 "EPSON Stylus Photo RX620 Series (Copie 1)" /O6 "USB001" /M "Stylus Photo RX620"

O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0

O4 - HKLM\..\RunOnce: [MorpheusToolbar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe" /WinStart

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Odebit Multimedia V2] C:\Program Files\Odebit Multimédia\V2\Odebit.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Odebit Multimedia V3 - Services] C:\Program Files\Odebit Multimédia\V2\Odebit.exe /info

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [superCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe

O4 - Startup: desktop(2)(2).ini

O4 - Startup: desktop(2).ini

O4 - Startup: desktop(3).ini

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe

O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe

O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe

O4 - Global Startup: desktop(2)(2).ini

O4 - Global Startup: desktop(2).ini

O4 - Global Startup: desktop(3).ini

O4 - Global Startup: desktop(4).ini

O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod3\v4\yhexbmes.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod3\v4\yhexbmes.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe" -run bl -n PersonalPro -v 5.0.0.0 -ttsr 10000000 (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

merci

[manolele]

@ manolele :

Redémarre en mode sans échec .

Passe Vundofix et poste le rapport :

http://www.atribune.org/ccount/click.php?id=4

Poste un nouveau rapport Hijackthis .

Tiens voila le rapport de vundofix, mais j'y comprend rien:

C:\windows\system32\ckwmkrsa.dll

C:\Windows\system32\ddabx.dll

C:\Windows\system32\nnnmljg.dll

C:\Windows\system32\ssipvpex.exe

C:\Windows\system32\ultxrjxd.dll

et celui de hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 17:46:40, on 24/02/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\acer\Acer eConsole\MediaServerService.exe

c:\progra~1\intern~1\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

C:\Program Files\acer\eRecovery\Monitor.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\setup\avast.setup

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - Default URLSearchHook is missing

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {60E1989F-D3A7-4970-9C51-207A4B76C5D2} - C:\WINDOWS\system32\ddabx.dll

O2 - BHO: (no name) - {613E7B70-5380-4063-A060-C147AB994C02} - C:\WINDOWS\system32\nnnmljg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - (no file)

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [thirdeqfirstview] C:\Documents and Settings\All Users\Application Data\Coal Long Third Eq\Idle the.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Configuration de la neuf Box] C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\poitou\APPLIC~1\ELSEPL~1\AXISNEW.exe

O4 - Startup: .protected

O4 - Global Startup: .protected

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?0aa644df55fc45bfb766bad4173ccb1e

O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?0aa644df55fc45bfb766bad4173ccb1e

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {041816FE-7869-4B5F-9BE4-FFF3B7368727} - http://barremagique.aliceadsl.fr/download/BarreMagique.cab

O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.1-click.com/common/files/installer2.cab

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5554A026-7282-4C11-A8F1-652D0599CD02} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/fr.ni...ROPE_SILENT.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: ddabx - C:\WINDOWS\system32\ddabx.dll

O20 - Winlogon Notify: nnnmljg - C:\WINDOWS\SYSTEM32\nnnmljg.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: wineiu32 - C:\WINDOWS\SYSTEM32\wineiu32.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

bon ocurage pour ce charabias

[Spybotics]

Ok merci j'ai fait ce que tu ma dit de faire c'est deja plus rapide maintenant !

Mais par contre je viens de remarquer que a chaque fois que je veux copier un fichier qui provient d'un disque ou d'une carte memoire sur le pc en fesant un copier coller le PC planter et j'etais obliger de redemarer a la main... Et encore une chose mon PC plante une fois sur deux au demarage... Sa plante a l'ecran bleu ou il y a ecris Welcome en blanc.

Donc voila merci de ton aide.

Logfile of HijackThis v1.99.1

Scan saved at 22:50:04, on 21/02/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AOL\Active Virus Shield\avp.exe

C:\Acer\Empowering Technology\admServ.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\AOL\Active Virus Shield\avp.exe

c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)

O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

[snooky]

@ Kristof2582 :

tu as juste à cliquer sur le fichier.bat , c'est tout .

Le nouveau fichier Hosts est automatiquement installé !

__________________________________________

@ manolele :

Démarre le pc en mode sans échec .

VundoFix te trouve ces fichiers :

C:\windows\system32\ckwmkrsa.dll

C:\Windows\system32\ddabx.dll

C:\Windows\system32\nnnmljg.dll

C:\Windows\system32\ssipvpex.exe

C:\Windows\system32\ultxrjxd.dll

Il faut cliquer sur Remove pour les supprimer !

Passe ensuite SysClean et poste le rapport ( supprime les fichiers qu'il trouve ! )

__________________________________

@ Spybotics :

Rien qui pourrait aider dans ton rapport Hijackthis ...

[Spybotics]

Arf

Merci quand meme

[fougam]

re snooky tu m'as oublier?? fougam

[nahtano]

Bonsoir!

Voici mon log:

Logfile of HijackThis v1.99.1

Scan saved at 18:32:08, on 25/02/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5700.0007)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Softwin\BitDefender10\bdmcon.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\Program Files\uTorrent\utorrent.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\foobar2000\foobar2000.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Documents and Settings\nathano\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O15 - Trusted Zone: http://www.youtube.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1145045138749

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6675BCE6-C4D5-40FD-B0AB-53693AA72D42}: NameServer = 194.117.200.10,194.117.200.15

O17 - HKLM\System\CCS\Services\Tcpip\..\{970AEAA0-E3F9-494F-95E0-555126C2079F}: NameServer = 194.117.200.10,194.117.200.15

O17 - HKLM\System\CCS\Services\Tcpip\..\{C72A63FB-2D6D-451C-A362-9F6BCC701FDF}: NameServer = 194.117.200.10,194.117.200.15

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[snooky]

@ fougam :

Désactive la restauration système .

Coche et fixe ces lignes :

O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3409E~1\Bar888.dll

O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3409E~1\Bar888.dll

O4 - HKLM\..\RunOnce: [MorpheusToolbar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2

O4 - Startup: desktop(2)(2).ini

O4 - Startup: desktop(2).ini

O4 - Startup: desktop(3).ini

O4 - Global Startup: desktop(2)(2).ini

O4 - Global Startup: desktop(2).ini

O4 - Global Startup: desktop(3).ini

O4 - Global Startup: desktop(4).ini

O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Passe Navipro :

http://snooky730.free.fr/Programmes/navilog1.zip

Dézippe et clique sur Navilog1.bat ... option 1 .

Un rapport est créé , poste le .

Passe Smitfraudfix et poste le rapport.

[snooky]

@ nahtano :

Un souci ?