Maelysroma

Bonjour à tous, Depuis hier fin de journée, sans savoir exactement pourquoi, ma navigation internet est devenue beaucoup plus lente que d'habitude et par moment se bloquait je devais par exemple cliquer plusieurs fois sur ma page d'acceuil pour qu'elle s'affiche, j'ai bien essayé de faire une restauration système mais impossible au redémarrage, un message m'informait que la restauration n'avait pas fonctionnée et que je devais choisir un autre point de restauration, chose que j'ai faite à plusieurs reprises mais sans résultat, voilà pourquoi à présent j'ai besoin de votre aide et vous poste mon rapport HijackThis; un tout grand merci d'avance pour l'aide que vous pourrez m'apporter : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:55:46, on 8/11/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\RtHDVCpl.exe C:\Windows\PLFSetI.exe C:\Windows\system32\igfxsrvc.exe C:\Users\David\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Windows\system32\WgaTray.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5735 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5735 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5735 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe -- End of file - 7773 bytes

SUPER Un méga big MERCIIIIII pour ton aide Lien Rag Bonne soirée

Voilà voilà Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:56:15, on 27/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Browser MOUSE\mouse32a.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Belgacom\bin\sprtcmd.exe C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Windows Live Toolbar\msn_sl.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang FR O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1105\fr-fr\msntb.dll/search.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 7714 bytes Je ne sais pas ce que le rapport révèle, mais en tout cas tout semble rentrer dans l'ordre grâce à tes bons conseils

Voilà SDFix: Version 1.131 Run by David Ansion on dim. 27/01/2008 at 15:09 Microsoft Windows XP [version 5.1.2600] Running From: C:\DOCUME~1\DAVIDA~1\Bureau\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Default HomePage Value Restoring Default Desktop Components Value Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\DOCUME~1\DAVIDA~1\LOCALS~1\Temp\ac8zt2.dat - Deleted C:\WINDOWS\bxsnvqt.dll - Deleted C:\WINDOWS\egodktf.dll - Deleted C:\WINDOWS\fknxwqf.exe - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\explorer.exe No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-27 15:17:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\24\xe1\21] "DisplayName"="\x24f8\x22b\x24f8\x22b\1" "DeviceDesc"="\x24f8\x22b\x24f8\x22b\1" "ProviderName"="\xfed4\21\xee18\x7c91\xff44\21\b" "MFG"="\x558" "ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\xe114\21\x80\xc010\DriverFiles\.INF" "DeviceInstanceIds"=str(7):"c:\toolscd\display driver\sbdrv\smbus\smbusati.inf" scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client" "C:\\Program Files\\support.com\\bin\\tgcmd.exe"="C:\\Program Files\\support.com\\bin\\tgcmd.exe:*:Enabled:Support.com Scheduler and Command Dispatcher" "C:\\Program Files\\Anti-Leech\\ALIE_1.0.2.3\\alhlp.exe"="C:\\Program Files\\Anti-Leech\\ALIE_1.0.2.3\\alhlp.exe:*:Enabled:Anti-Leech plugin helper program" "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater" "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:OTI@Home User Interface" "C:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\nsl_host_process.exe"="C:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process " "C:\\Program Files\\TrackMania Original\\TmOriginal.exe"="C:\\Program Files\\TrackMania Original\\TmOriginal.exe:*:Enabled:TmOriginal" "C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe"="C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files: --------------- File Backups: - C:\DOCUME~1\DAVIDA~1\Bureau\SDFix\backups\backups.zip Files with Hidden Attributes: Tue 18 Jul 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Wed 24 Jan 2007 1,642 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti1E.tmp" Mon 23 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Sun 27 Jan 2008 0 A..H. --- "C:\Documents and Settings\David Ansion\Local Settings\Temp\BIT4F8.tmp" Sun 27 Jan 2008 0 A..H. --- "C:\Documents and Settings\David Ansion\Local Settings\Temp\BIT502.tmp" Sun 27 Jan 2008 0 A..H. --- "C:\Documents and Settings\David Ansion\Local Settings\Temp\BIT503.tmp" Sun 27 Jan 2008 0 A..H. --- "C:\Documents and Settings\David Ansion\Local Settings\Temp\BIT507.tmp" Sun 27 Jan 2008 0 A..H. --- "C:\Documents and Settings\David Ansion\Local Settings\Temp\BIT50A.tmp" Sun 27 Jan 2008 0 A..H. --- "C:\Documents and Settings\David Ansion\Local Settings\Temp\BIT50E.tmp" Sun 27 Jan 2008 0 A..H. --- "C:\Documents and Settings\David Ansion\Local Settings\Temp\BIT50F.tmp" Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\770ab2029a713ab32135544cfa9c6da0\BIT48C.tmp" Mon 15 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT48B.tmp" Finished!

Merci pour la réponse Voici le rapport : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:00:15, on 27/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Browser MOUSE\mouse32a.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Belgacom\bin\sprtcmd.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: The egodktf - {00C1B214-1408-4F51-90AE-7EDAC2FAC36E} - C:\WINDOWS\egodktf.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang FR O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1105\fr-fr\msntb.dll/search.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O21 - SSODL: aslpmqk - {A9EB271E-9DB0-4F28-A628-826C1AF5079C} - C:\WINDOWS\aslpmqk.dll (file missing) O21 - SSODL: bxsnvqt - {472FAFC9-A090-42B2-8655-BA35A24D9973} - C:\WINDOWS\bxsnvqt.dll O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 7948 bytes

Bonjour, Dois-je poster également un nouveau rapport hijackthis ??

Merci pour l'aide Comme demandé voici le rapport: --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 16:08:05 26/01/2008 + Résultat de l'analyse: C:\Documents and Settings\David Ansion\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\David Ansion\Cookies\david_ansion@adviva[1].txt -> TrackingCookie.Adviva : Nettoyé. C:\Documents and Settings\David Ansion\Cookies\david_ansion@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé. C:\Documents and Settings\David Ansion\Cookies\david_ansion@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé. C:\Documents and Settings\David Ansion\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Documents and Settings\David Ansion\Cookies\david_ansion@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Documents and Settings\David Ansion\Cookies\david_ansion@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\David Ansion\Cookies\david_ansion@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé. Fin du rapport

et voici le second SmitFraudFix v2.274 Rapport fait à 1:24:43,67, sam. 26/01/2008 Executé à partir de C:\Documents and Settings\David Ansion\Mes documents\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\DOCUME~1\DAVIDA~1\Bureau\Error Cleaner.url supprimé C:\DOCUME~1\DAVIDA~1\Bureau\Privacy Protector.url supprimé C:\DOCUME~1\DAVIDA~1\Bureau\Spyware?Malware Protection.url supprimé C:\DOCUME~1\DAVIDA~1\Favoris\Error Cleaner.url supprimé C:\DOCUME~1\DAVIDA~1\Favoris\Privacy Protector.url supprimé C:\DOCUME~1\DAVIDA~1\Favoris\Spyware?Malware Protection.url supprimé »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix.exe by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{FC496D67-49AB-4D65-B307-5A513980E42E}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{FC496D67-49AB-4D65-B307-5A513980E42E}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{FC496D67-49AB-4D65-B307-5A513980E42E}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin

Bonsoir Lien Rag et merci pour la rapidité de réponse Voici le premier rapport: SmitFraudFix v2.274 Rapport fait à 23:45:55,65, ven. 25/01/2008 Executé à partir de C:\Documents and Settings\David Ansion\Mes documents\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Browser MOUSE\mouse32a.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Belgacom\bin\sprtcmd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\David Ansion »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\David Ansion\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DAVIDA~1\Favoris C:\DOCUME~1\DAVIDA~1\Favoris\Error Cleaner.url PRESENT ! C:\DOCUME~1\DAVIDA~1\Favoris\Privacy Protector.url PRESENT ! C:\DOCUME~1\DAVIDA~1\Favoris\Spyware?Malware Protection.url PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Bureau C:\DOCUME~1\DAVIDA~1\Bureau\Error Cleaner.url PRESENT ! C:\DOCUME~1\DAVIDA~1\Bureau\Privacy Protector.url PRESENT ! C:\DOCUME~1\DAVIDA~1\Bureau\Spyware?Malware Protection.url PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix.exe by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Atheros AR5005G Wireless Network Adapter - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{FC496D67-49AB-4D65-B307-5A513980E42E}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{FC496D67-49AB-4D65-B307-5A513980E42E}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin

Bonsoir à tous, Voilà cette fois c'est mon petit frère qui m'a confié son pc infecté pour un bon nettoyage car il voulait éviter le formatage Sachant qu'ici je trouverais des personnes compétentes qui pourront m'aider à réaliser cette tâche, j'ai effectué le pré-nettoyage comme indiqué et vous poste le premier rapport hijackthis. D'avance je vous remercie pour l'attention que vous porterez à mon post. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:39:58, on 25/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Browser MOUSE\mouse32a.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Belgacom\bin\sprtcmd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.skynet.be/search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: The egodktf - {00C1B214-1408-4F51-90AE-7EDAC2FAC36E} - C:\WINDOWS\egodktf.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang FR O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1105\fr-fr\msntb.dll/search.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O21 - SSODL: aslpmqk - {A9EB271E-9DB0-4F28-A628-826C1AF5079C} - C:\WINDOWS\aslpmqk.dll (file missing) O21 - SSODL: bxsnvqt - {472FAFC9-A090-42B2-8655-BA35A24D9973} - C:\WINDOWS\bxsnvqt.dll O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 8407 bytes

un dernier p'tit up ???

Bonsoir, Tout semble fonctionner correctement à présent, mais je me permets de faire ce petit "up" afin de savoir si je peux mettre "RESOLU" dans l'objet de mon sujet ou s'il reste quelques dernières manip à faire ?

Bonjour Oui, il s'agit d'avatars animés et de clin d'oeils pour msn messenger. Après avoir fait tout ce qui a été demandé dans ton message précédent, voici le rapport Blacklight: 08/13/06 14:47:53 [info]: BlackLight Engine 1.0.42 initialized 08/13/06 14:47:53 [info]: OS: 5.1 build 2600 (Service Pack 2) 08/13/06 14:47:54 [Note]: 7019 4 08/13/06 14:47:54 [Note]: 7005 0 08/13/06 14:47:58 [Note]: 7006 0 08/13/06 14:47:58 [Note]: 7011 3024 08/13/06 14:47:58 [Note]: 7026 0 08/13/06 14:47:58 [Note]: 7026 0 08/13/06 14:48:02 [Note]: FSRAW library version 1.7.1019 08/13/06 14:49:14 [Note]: 7007 0 .. et le rapport Panda: Incident Statut Analyse Outil indésirable:Application/WinAntispyware2006 No Désinfecté C:\WINDOWS\system32\drivers\uwasfsd.sys Outil indésirable:Application/Processor No Désinfecté C:\WINDOWS\system32\Process.exe Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Nath\Bureau\SmitfraudFix.zip[smitfraudFix/Process.exe] Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Nath\Bureau\Smitfraudfix\SmitfraudFix\Process.exe Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Nath\Cookies\nath@xiti[1].txt Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\Nath\Cookies\nath@tradedoubler[1].txt

Bonjour Eh oui toujours ces pubs, elles ne veulent pas me lâcher Voici le rapport: 08/06/06 08:29:35 [info]: BlackLight Engine 1.0.42 initialized 08/06/06 08:29:35 [info]: OS: 5.1 build 2600 (Service Pack 2) 08/06/06 08:29:35 [Note]: 7019 4 08/06/06 08:29:35 [Note]: 7005 0 08/06/06 08:29:39 [Note]: 7006 0 08/06/06 08:29:39 [Note]: 7011 1284 08/06/06 08:29:39 [Note]: 7026 0 08/06/06 08:29:40 [Note]: 7026 0 08/06/06 08:29:40 [Note]: 7024 3 08/06/06 08:29:40 [info]: Hidden process: C:\windows\system32\fivpny.exe 08/06/06 08:29:40 [Note]: FSRAW library version 1.7.1019 08/06/06 08:30:17 [info]: Hidden file: C:\windows\system32\fivpny.exe 08/06/06 08:30:17 [info]: Hidden file: c:\WINDOWS\SYSTEM32\FIVPNY.DAT 08/06/06 08:30:40 [info]: Hidden file: c:\WINDOWS\SYSTEM32\FIVPNY~1.DAT 08/06/06 08:30:40 [info]: Hidden file: c:\WINDOWS\SYSTEM32\FIVPNY~4.DAT 08/06/06 08:34:10 [Note]: 7007 0 Bizar, je ne comprends plus rien, il a retrouvé le fameux fichier FIVPNY.exe qu'il m'est impossible de trouver même après modifications des options d'affichage Encore un fichier qu'il m'est impossible à trouver et donc je n'ai pu l'éliminer

Bonjour Pour commencer, je n'ai pas pu analyser le fichier FIVPNY.EXE, il reste introuvable même après avoir suivi les instructions reprises dans ta citation Pour la suite, tu trouveras ci-dessous les deux rapports demandés: C:\WINDOWS\System32\wpa.dbl -->5/08/2006 12:53:18 C:\WINDOWS\System32\eRLog.ini -->5/08/2006 12:53:10 C:\WINDOWS\System32\nvs2.inf -->25/07/2006 18:59:24 C:\WINDOWS\System32\PerfStringBackup.INI -->12/07/2006 23:06:54 C:\WINDOWS\System32\perfh00C.dat -->12/07/2006 23:06:54 C:\WINDOWS\System32\perfc00C.dat -->12/07/2006 23:06:54 C:\WINDOWS\System32\perfh009.dat -->12/07/2006 23:06:54 C:\WINDOWS\System32\perfc009.dat -->12/07/2006 23:06:54 C:\WINDOWS\System32\MRT.exe -->7/07/2006 3:21:46 C:\WINDOWS\System32\WgaLogon.dll -->19/06/2006 16:20:42 C:\WINDOWS\System32\LegitCheckControl.dll -->19/06/2006 16:19:42 C:\WINDOWS\System32\WgaTray.exe -->19/06/2006 16:19:26 C:\WINDOWS\System32\avsda.dll -->17/06/2006 18:58:20 C:\WINDOWS\System32\jgpl400.dll -->1/06/2006 20:48:44 C:\WINDOWS\System32\jgdw400.dll -->1/06/2006 20:48:44 C:\WINDOWS\System32\shdocvw.dll -->29/05/2006 17:29:14 C:\WINDOWS\System32\mshtml.dll -->19/05/2006 17:09:50 C:\WINDOWS\System32\dnsapi.dll -->19/05/2006 15:23:36 C:\WINDOWS\System32\iphlpapi.dll -->19/05/2006 15:23:36 C:\WINDOWS\System32\dhcpcsvc.dll -->19/05/2006 15:23:36 C:\WINDOWS\System32\jscript.dll -->18/05/2006 7:31:22 C:\WINDOWS\System32\rasmans.dll -->14/05/2006 10:48:16 C:\WINDOWS\System32\xpsp3res.dll -->11/05/2006 10:57:36 C:\WINDOWS\System32\shlwapi.dll -->10/05/2006 7:24:40 C:\WINDOWS\System32\urlmon.dll -->10/05/2006 7:24:40 C:\WINDOWS\0.log -->5/08/2006 12:52:42 C:\WINDOWS\ModemLog_SoftV90 Data Fax Modem with SmartCP.txt -->5/08/2006 12:52:38 C:\WINDOWS\wiadebug.log -->5/08/2006 12:52:20 C:\WINDOWS\bootstat.dat -->5/08/2006 12:52:12 C:\WINDOWS\WindowsUpdate.log -->5/08/2006 9:29:48 C:\WINDOWS\SchedLgU.Txt -->5/08/2006 9:29:46 C:\WINDOWS\wiaservc.log -->5/08/2006 9:29:46 C:\WINDOWS\ntbtlog.txt -->4/08/2006 21:28:18 C:\WINDOWS\NeroDigital.ini -->4/08/2006 19:49:58 C:\WINDOWS\ComponentList.xml -->2/08/2006 9:56:24 C:\WINDOWS\setupact.log -->2/08/2006 8:55:38 C:\WINDOWS\setupapi.log -->31/07/2006 15:09:20 C:\WINDOWS\wmsetup.log -->29/07/2006 9:36:46 C:\WINDOWS\pack.epk -->25/07/2006 18:58:16 C:\WINDOWS\WgaNotify.log -->19/07/2006 6:26:56 Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 1B71-12F5 Répertoire de C:\WINDOWS\system32 05/08/2004 05:00 6.144 csrss.exe 1 fichier(s) 6.144 octets 0 Rép(s) 2.617.901.056 octets libres Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 1B71-12F5 Répertoire de C:\Program Files 15/10/2004 11:52 <REP> . 15/10/2004 11:52 <REP> .. 15/10/2004 11:52 <REP> Fichiers communs 15/10/2004 11:57 <REP> Windows NT 15/10/2004 11:57 <REP> MSN 15/10/2004 11:57 <REP> MSN Gaming Zone 15/10/2004 11:57 <REP> Messenger 15/10/2004 11:57 <REP> Windows Media Player 07/04/2006 07:07 <REP> Anti-Leech 15/10/2004 11:58 <REP> ComPlus Applications 15/10/2004 11:58 <REP> Internet Explorer 15/10/2004 11:58 <REP> Outlook Express 15/10/2004 11:58 <REP> NetMeeting 15/10/2004 11:58 <REP> Movie Maker 15/10/2004 11:59 <REP> Services en ligne 15/10/2004 12:01 <REP> microsoft frontpage 15/10/2004 12:01 <REP> xerox 06/07/2005 19:51 <REP> Intel 06/07/2005 19:58 <REP> Synaptics 06/07/2005 19:59 <REP> CONEXANT 15/07/2006 06:56 <REP> FLConline 06/07/2005 20:01 <REP> NewTech Infosystems 06/07/2005 20:03 <REP> Adobe 06/07/2005 20:03 <REP> CyberLink 06/07/2005 20:04 <REP> Acer Inc 25/12/2005 18:58 <REP> Arcade 25/12/2005 18:59 <REP> Launch Manager 25/12/2005 18:59 <REP> acer 25/12/2005 21:15 <REP> Microsoft Works 25/12/2005 21:15 <REP> Microsoft Office 25/07/2006 18:59 <REP> WebMediaPlayer 02/08/2006 10:52 <REP> hijackthis 25/12/2005 23:23 <REP> WinRAR 26/03/2006 15:01 <REP> AntiVir PersonalEdition Classic 25/12/2005 17:43 <REP> DVD Decrypter 25/12/2005 17:44 <REP> DVD Shrink 25/12/2005 17:52 <REP> Microsoft.NET 25/12/2005 18:16 <REP> Alcatel 25/12/2005 18:40 <REP> MSN Messenger 02/08/2006 22:18 <REP> CleanUp! 04/08/2006 18:32 <REP> Spyware Terminator 26/12/2005 18:44 <REP> Ahead 04/01/2006 11:40 <REP> support.com 16/01/2006 01:35 <REP> eMule 18/01/2006 22:19 <REP> PhotoFiltre 22/01/2006 17:57 <REP> HP 22/01/2006 18:16 <REP> Hewlett-Packard 31/01/2006 22:06 <REP> Logitech 31/01/2006 22:16 <REP> directx 02/02/2006 01:54 <REP> Jasc Software Inc 07/02/2006 00:24 <REP> Java 20/02/2006 05:19 <REP> K-Lite Codec Pack 21/02/2006 21:26 <REP> Azureus 25/02/2006 12:55 <REP> vso 0 fichier(s) 0 octets 54 Rép(s) 2.617.901.056 octets libres Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 1B71-12F5 Répertoire de C:\Program Files\fichiers communs 15/10/2004 11:52 <REP> . 15/10/2004 11:52 <REP> .. 15/10/2004 11:52 <REP> Microsoft Shared 15/10/2004 11:52 <REP> SpeechEngines 15/10/2004 11:52 <REP> ODBC 15/10/2004 11:58 <REP> System 15/10/2004 11:58 <REP> MSSoap 15/10/2004 11:58 <REP> Services 06/07/2005 19:50 <REP> InstallShield 06/07/2005 20:01 <REP> NewTech Infosystems 06/07/2005 20:02 <REP> muvee Technologies 25/12/2005 21:26 <REP> Symantec Shared 24/07/2006 00:52 <REP> HP 25/12/2005 17:51 <REP> DESIGNER 26/12/2005 18:44 <REP> Ahead 04/01/2006 14:52 <REP> Adobe 22/01/2006 18:15 <REP> Hewlett-Packard 31/01/2006 22:07 <REP> Logitech 31/01/2006 22:16 <REP> FotoWire 07/02/2006 00:23 <REP> Java 0 fichier(s) 0 octets 20 Rép(s) 2.617.901.056 octets libres c:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe c:\Documents and Settings\Nath\Local Settings\Temporary Internet Files\Content.IE5\U183SZ61\SystemDoctor2006FreeInstall_fr[1].exe c:\Documents and Settings\Nath\Menu Démarrer\Programmes\COKTEL\Désinstalleur Coktel.exe c:\Documents and Settings\Nath\Mes documents\SpywareTerminator.exe c:\Documents and Settings\Nath\Mes documents\Ma musique\cdex_151.exe c:\Documents and Settings\Nath\Mes documents\Mes émoticônes\clin004.exe c:\Documents and Settings\Nath\Mes documents\Mes émoticônes\clin037.exe c:\Documents and Settings\Nath\Mes documents\Mes émoticônes\new\emoadder.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\018.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\ALPluginIE-1.0.2.2-setup.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\Amsn-Pack-0.94.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\antivir_workstation_win7u_en_h.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\Azureus_2.4.0.0_Win32.setup.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\bluemountainripper.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\clinsangelxpamour004.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\clinsangelxpamour009.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\clinsangelxpamour016.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\clinsangelxpamour017.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\clinsangelxpamour031.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\Crack.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\eMule0.46c-Installer.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\klcodec270s.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\mcoviewer1.2.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\moodsangelxp273.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\moodsangelxp280.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\moodsangelxp320.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\moodsangelxp321.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\moodsangelxp326.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\pack4.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\pf-setup.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\vsoConvertXtoDVD2_setup.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\vsoDivxToDVD_setup.exe c:\Documents and Settings\Nath\Mes documents\Mes fichiers reçus\winkseditor.exe c:\Documents and Settings\Nath\Mes documents\EUD\ans305ev.exe c:\Documents and Settings\Nath\Mes documents\EUD\awiconslitesetup.exe c:\Documents and Settings\Nath\Mes documents\EUD\perfecticon.exe c:\Documents and Settings\Nath\Mes documents\EUD\RSGSetup1.0.42.exe c:\Documents and Settings\Nath\Mes documents\EUD\setup.exe c:\Documents and Settings\Nath\Mes documents\EUD\SetupSwishmax_FRA_Teaser.exe c:\Documents and Settings\Nath\Bureau\CleanUp452.exe c:\Documents and Settings\Nath\Bureau\RegCleaner.exe c:\Documents and Settings\Nath\Bureau\Smitfraudfix\SmitfraudFix\GenericRenosFix.exe c:\Documents and Settings\Nath\Bureau\Smitfraudfix\SmitfraudFix\Process.exe c:\Documents and Settings\Nath\Bureau\Smitfraudfix\SmitfraudFix\Reboot.exe c:\Documents and Settings\Nath\Bureau\Smitfraudfix\SmitfraudFix\restart.exe c:\Documents and Settings\Nath\Bureau\Smitfraudfix\SmitfraudFix\SrchSTS.exe c:\Documents and Settings\Nath\Bureau\Smitfraudfix\SmitfraudFix\swreg.exe c:\Documents and Settings\Nath\Bureau\Smitfraudfix\SmitfraudFix\swsc.exe c:\Documents and Settings\Nath\Bureau\chercher\LFiles.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Zylom\ZylomLoader\zylom\Zuma\Zuma.dll c:\Documents and Settings\Nath\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll Vérifications de quelques clefs Recherche de clefs EGDACCESS HKLM\SOFTWARE\Microsoft\Windows\explorer\SharedTaskScheduler Incident Statut Analyse Outil indésirable:application/winfixer2005 No Désinfecté c:\windows\downloaded program files\USDR6V_0001_D13M1007NetInstaller.exe Outil indésirable:Application/Processor No Désinfecté C:\WINDOWS\system32\Process.exe Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Nath\Bureau\SmitfraudFix.zip[smitfraudFix/Process.exe] Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Nath\Bureau\Smitfraudfix\SmitfraudFix\Process.exe Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Nath\Cookies\nath@atdmt[2].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Nath\Cookies\nath@xiti[1].txt Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\Nath\Cookies\nath@mediaplex[1].txt Spyware:Cookie/ErrorSafe No Désinfecté C:\Documents and Settings\Nath\Cookies\[email protected][1].txt Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\Nath\Cookies\nath@tradedoubler[2].txt Spyware:Cookie/ErrorSafe No Désinfecté C:\Documents and Settings\Nath\Cookies\nath@errorsafe[2].txt Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\Nath\Cookies\nath@adtech[2].txt Spyware:Cookie/Reliablestats No Désinfecté C:\Documents and Settings\Nath\Cookies\[email protected][2].txt Pour terminer, depuis ces dernières manip, je n'ai actuellement plus de fenêtres me demandant d'installer Winantispyware ... pourvu que ça dur EDIT: eh bien j'ai parlé trop vite, à ma connection suivante ces fenêtres de demande d'installations de Winantispyware réapparaissent