heloise

Bref, encore quelques manip en perspective pour assurer une bonne protection. Je ne vous dirai jamais assez merci pour votre aide précieuse. Question subsidiaire : mon PC n'est plus tout récent (HP Pentium 300 Mhz je crois) - tous ces utilitaires ne vont-ils pas mobiliser beaucoup de ressources et par conséquent rendre les applications bureautiques sensiblement plus lentes (j'ai quand même installé depuis longtemps 513 Mb RAM)

Kaspersky terminé : n'a rien trouvé. L'analyse est terminée. Pas de logiciel malveillant détecté. Les sections analysées sont SAINES. Le rapport est vide. Please note: le logiciel gratuit Kaspersky On-line Scanner n’offre pas une protection globale et ne peut empêcher les infections futures. Il ne détecte que les codes malveillants qui ont déjà pénétré dans vos disques de stockage. Nous vous conseillons vivement d’utiliser entièrement un logiciel antivirus opérationnel afin de protéger votre ordinateur en permanence. Patientez, car ce processus peut prendre un certain temps en fonction de la cible sélectionnée. Si vous souhaitez continuer à surfer, ouvrez une seconde fenêtre. Progression de l'analyse [99%]: Total de fichiers analysés : 44193 Nombre de virus trouvés : 0 Nombre d'objets infectés : 0 Nombre d'objets suspects : 0 Durée de l'analyse : 02:18:01 Si maintenant tout est en ordre, est-ce abuser de demander des conseils pour une protection ptomale du PC ? Tu as mentionné antivir et Zone Alarm. Y a-t-il des astuces pour l'installation/la configuration ? Du fait que qu'il y a un PC serveur (et un routeur) entre mon PC et le réseau Internet, Zone Alarm n'est-il pas superflu ?

Pour msi.exe, je n'ai pas trouvé le fichier dans le répertoire mentionné. Une recherche dans tout le disque n'a rien donné non plus ! Dans WINNT/System32, il y a seulement un msi.dll (pas de msi.exe) Je dois dire que je trouve assez extraordinaire de pouvoir trouver une telle aide dans ce forum. C'est la première fois que je fais appel et je suis abasourdi de tant de gentillesse et de compétence. Bon, je fais Kasperski

Bon ! J'ai essayé de bien faire tout ce que tu indiques. Un problème quand même : pas trouvé les fichiers netdrvr.exe - msconfsys88.exe - WinSys32ys.exe et rlplyr.exe malgré une recherche dans tout le disque C Voici quand même les deux rapports (Hijack et Ewido) PS : quand je vois tout ce qui a été supprimé, il me semble que AVAST est une vraie passoire. Avant j'avais Norton (que je payais consciencieusement chaque année) et j'ai changé suite à un article de 01.net affirmant qu'avast est mieux que Norton. Mais que faut-il installer pour ne plus avoir ces mésaventures ? Logfile of HijackThis v1.99.1 Scan saved at 12:07:44, on 6/03/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINNT\System32\svchost.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINNT\system32\MGE\RunSC.exe C:\WINNT\system32\MGE\PCtl.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\MsPMSPSv.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\ZipToA.exe C:\WINNT\system32\MGE\BIL.EXE C:\WINNT\system32\MGE\CILUSB.EXE C:\WINNT\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\SAM\SAM.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\Program Files\WHFC\WHFC\Whfc.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.toine.be:3128 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINNT\Downloaded Program Files\googlenav.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [QuickTime Task] "C:\WINNT\system32\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [update] C:\Program Files\AntiVir PersonalEdition Classic\preupd.exe /DM="0" /CALLSCHEDULER O4 - HKCU\..\Run: [spyware-Cop] "C:\PROGRA~1\SPYWAR~1\Spyware-Cop.exe" /s O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: SAM.lnk = C:\Program Files\SAM\SAM.exe O4 - Startup: Whfc.lnk = C:\Program Files\WHFC\WHFC\Whfc.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O8 - Extra context menu item: &Google Search - res://C:\WINNT\Downloaded Program Files\googlenav.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\WINNT\Downloaded Program Files\googlenav.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINNT\Downloaded Program Files\googlenav.dll/cmcache.html O8 - Extra context menu item: Ouvrir avec GetRight - C:/PROGRA~1/GETRIGHT/GRbrowse.htm O8 - Extra context menu item: Si&milar Pages - res://C:\WINNT\Downloaded Program Files\googlenav.dll/cmsimilar.html O8 - Extra context menu item: Télecharger avec GetRight - C:/PROGRA~1/GETRIGHT/GRdownload.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O15 - Trusted Zone: http://netbanking.dexia.be O15 - Trusted IP range: http://127.0.0.1 O16 - DPF: Dexia Netbanking - http://netbanking.dexia.be/PC//Dynamic/Sha...t//DexiaIIA.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedCon...bin/AvSniff.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200209...meInstaller.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/fr/big/1.1....g/GoogleNav.cab O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://express.foto.com/activeX/newUploadFotoCom.CAB O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/s...er/PROFILER.CAB O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{2F572336-C10B-4208-A774-AF521C7AFD6E}: Domain = woo.toine.be O17 - HKLM\System\CS2\Services\Tcpip\..\{2F572336-C10B-4208-A774-AF521C7AFD6E}: Domain = woo.toine.be O17 - HKLM\System\CS3\Services\Tcpip\..\{2F572336-C10B-4208-A774-AF521C7AFD6E}: Domain = woo.toine.be O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: MGE Service module - Unknown owner - C:\WINNT\system32\MGE\RunSC.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINNT\system32\HPHipm11.exe O23 - Service: Onduleur (UPS) - Unknown owner - C:\WINNT\System32\ups2.exe (file missing) O23 - Service: ZipToA - Iomega Corporation - C:\WINNT\System32\ZipToA.exe --------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 11:53:27, 6/03/2006 + Somme de contrôle: 425E2A61 + Résultats du scan: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Nettoyer et sauvegarder :mozilla.18:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Profiles\Michel\d0ft8i09.slt\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder :mozilla.28:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Profiles\Michel\d0ft8i09.slt\cookies.txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Cookies\administrateur@112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Cookies\administrateur@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Cookies\administrateur@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Cookies\administrateur@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Cookies\administrateur@downloads-zdnet.com[2].txt -> TrackingCookie.Com : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Cookies\administrateur@e-2dj6wflowmazodq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Cookies\administrateur@e-2dj6wjmyqodzwbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Cookies\administrateur@estat[1].txt -> TrackingCookie.Estat : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Cookies\administrateur@install.xxxtoolbar[1].txt -> TrackingCookie.Xxxtoolbar : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Cookies\administrateur@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Cookies\administrateur@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Cookies\administrateur@stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Cookies\administrateur@tacoda[2].txt -> TrackingCookie.Tacoda : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Cookies\administrateur@weborama[1].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Cookies\administrateur@webstat[2].txt -> TrackingCookie.Web-stat : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Cookies\administrateur@wreport.weborama[1].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Cookies\administrateur@www.sidefind[1].txt -> TrackingCookie.Sidefind : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Cookies\administrateur@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Cookies\administrateur@www.web-stat[2].txt -> TrackingCookie.Web-stat : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Cookies\administrateur@www.xxxtoolbar[1].txt -> TrackingCookie.Xxxtoolbar : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Cookies\administrateur@www.ysbweb[1].txt -> TrackingCookie.Ysbweb : Nettoyer et sauvegarder C:\Documents and Settings\Administrateur\Cookies\administrateur@yadro[1].txt -> TrackingCookie.Yadro : Nettoyer et sauvegarder C:\WINNT\bde -> Adware.BrilliantDigital : Nettoyer et sauvegarder ::Fin du rapport

Totalement sûr : c'est le site de transactions bancaires via Internet de ma banque - je l'utilise depuis des années (ainsi que plus d'un million d'autres)

Toine.be est notre nom de domaine "familial" Le FAI est TVCABLENET.BE mais il y a un serveur/routeur entre mon PC et le réseau extérieur

Bon, ça été long, mais je crois avoir fait tout ce qui était indiqué. Rapport Hijack ci-dessous Logfile of HijackThis v1.99.1 Scan saved at 22:22:49, on 5/03/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\MGE\RunSC.exe C:\WINNT\system32\MGE\PCtl.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\MsPMSPSv.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\ZipToA.exe C:\WINNT\system32\MGE\BIL.EXE C:\WINNT\system32\MGE\CILUSB.EXE C:\WINNT\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.myclick2search.com/search/ie.html%s R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.fr.netscape.com/fr/home/winsearch.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.fr.netscape.com/fr/home/winsearch200.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.fr.netscape.com/fr/home/winsearch.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.fr.netscape.com/keyword/%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.toine.be:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINNT\Downloaded Program Files\googlenav.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [QuickTime Task] "C:\WINNT\system32\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [update] C:\Program Files\AntiVir PersonalEdition Classic\preupd.exe /DM="0" /CALLSCHEDULER O4 - HKLM\..\RunServices: [winlogon] msi.exe O4 - HKLM\..\RunServices: [Configuration Loader] WinSys32ys.exe O4 - HKLM\..\RunServices: [Video Processor] msconfsys88.exe O4 - HKCU\..\Run: [spyware-Cop] "C:\PROGRA~1\SPYWAR~1\Spyware-Cop.exe" /s O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Configuration Loader] rlplyr.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: SAM.lnk = C:\Program Files\SAM\SAM.exe O4 - Startup: Whfc.lnk = C:\Program Files\WHFC\WHFC\Whfc.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O8 - Extra context menu item: &Google Search - res://C:\WINNT\Downloaded Program Files\googlenav.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\WINNT\Downloaded Program Files\googlenav.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINNT\Downloaded Program Files\googlenav.dll/cmcache.html O8 - Extra context menu item: Ouvrir avec GetRight - C:/PROGRA~1/GETRIGHT/GRbrowse.htm O8 - Extra context menu item: Si&milar Pages - res://C:\WINNT\Downloaded Program Files\googlenav.dll/cmsimilar.html O8 - Extra context menu item: Télecharger avec GetRight - C:/PROGRA~1/GETRIGHT/GRdownload.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O15 - Trusted Zone: http://netbanking.dexia.be O15 - Trusted IP range: http://127.0.0.1 O16 - DPF: Dexia Netbanking - http://netbanking.dexia.be/PC//Dynamic/Sha...t//DexiaIIA.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedCon...bin/AvSniff.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200209...meInstaller.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/fr/big/1.1....g/GoogleNav.cab O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://express.foto.com/activeX/newUploadFotoCom.CAB O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/s...er/PROFILER.CAB O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{2F572336-C10B-4208-A774-AF521C7AFD6E}: Domain = woo.toine.be O17 - HKLM\System\CS2\Services\Tcpip\..\{2F572336-C10B-4208-A774-AF521C7AFD6E}: Domain = woo.toine.be O17 - HKLM\System\CS3\Services\Tcpip\..\{2F572336-C10B-4208-A774-AF521C7AFD6E}: Domain = woo.toine.be O18 - Protocol: bw+0 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {49062168-8F13-4A3B-A03D-74B1A8B280EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: MGE Service module - Unknown owner - C:\WINNT\system32\MGE\RunSC.exe O23 - Service: Network DRV (NTDRV) - Unknown owner - C:\WINNT\system32\netdrvr.exe (file missing) O23 - Service: Pml Driver HPH11 - HP - C:\WINNT\system32\HPHipm11.exe O23 - Service: Onduleur (UPS) - Unknown owner - C:\WINNT\System32\ups2.exe (file missing) O23 - Service: Video Processor (VidPrcs) - Unknown owner - C:\WINNT\system32\msconfsys88.exe" -service (file missing) O23 - Service: ZipToA - Iomega Corporation - C:\WINNT\System32\ZipToA.exe

Bonjour, Nouveau dans ce forum, je cherche de l'aide en désespoir de cause. Depuis plusieurs jours, AVAST me dit que mon PC est infecté par Win32-Ranky-cn. Quelque soit l'action demandée à AVAST (supprimer, déplacer, quarantaine), le problème revient à chaque démarrage. J'ai espéré une solution grâce à A-squared que j'ai chargé, mais rien à faire. Voici le rapport Hijack. Déjà merci à ceux ou celles qui tenteront de m'aider StartupList report, 5/03/2006, 19:09:25 StartupList version: 1.52.2 Started from : C:\Documents and Settings\Administrateur\Bureau\HijackThis.EXE Detected: Windows 2000 SP4 (WinNT 5.00.2195) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options ================================================== Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\MGE\RunSC.exe C:\WINNT\system32\netdrvr.exe C:\WINNT\system32\MGE\PCtl.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\MGE\BIL.EXE C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\MGE\CILUSB.EXE C:\WINNT\System32\MsPMSPSv.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\ZipToA.exe C:\WINNT\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage] SAM.lnk = C:\Program Files\SAM\SAM.exe Whfc.lnk = C:\Program Files\WHFC\WHFC\Whfc.exe Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage] Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINNT\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run NeroFilterCheck = C:\WINNT\system32\NeroCheck.exe Synchronization Manager = mobsync.exe /logon QuickTime Task = "C:\WINNT\system32\qttask.exe" -atboottime avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices winlogon = msi.exe Configuration Loader = WinSys32ys.exe Video Processor = msconfsys88.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Spyware-Cop = "C:\PROGRA~1\SPYWAR~1\Spyware-Cop.exe" /s MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background Configuration Loader = rlplyr.exe LDM = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe NBJ = "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" Skype = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized a-squared = "C:\a-squared\a2guard.exe" -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\AutoCADScript\shell\open\command (Default) = C:\WINNT\NOTEPAD.EXE "%1" -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = notepad %1 -------------------------------------------------- Shell & screensaver key from C:\WINNT\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINNT\KODAKP~1.SCR drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910} -------------------------------------------------- Enumerating Task Scheduler jobs: Symantec NetDetect.job -------------------------------------------------- Enumerating Download Program Files: [shockwave ActiveX Control] InProcServer32 = C:\WINNT\System32\macromed\Shockwave 8\Download.dll CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab [symantec AntiVirus scanner] InProcServer32 = C:\WINNT\Downloaded Program Files\avsniff.dll CODEBASE = http://security.symantec.com/SSC/SharedCon...bin/AvSniff.cab [{41F17733-B041-4099-A042-B518BB6A408C}] CODEBASE = http://a1540.g.akamai.net/7/1540/52/200209...meInstaller.exe [bDSCANONLINE Control] InProcServer32 = C:\WINNT\DOWNLO~1\oscan8.ocx CODEBASE = http://download.bitdefender.com/resources/scan8/oscan8.cab [Google Activate] InProcServer32 = C:\WINNT\Downloaded Program Files\googlenav.dll CODEBASE = http://toolbar.google.com/data/fr/big/1.1....g/GoogleNav.cab [ActiveXUploadFotoCom.UserCtrlFotoCom] InProcServer32 = C:\WINNT\Downloaded Program Files\newUploadFotoCom.ocx CODEBASE = http://express.foto.com/activeX/newUploadFotoCom.CAB [DmiReader Class] InProcServer32 = C:\WINNT\DOWNLO~1\SYSPRO~1.DLL CODEBASE = http://support.euro.dell.com/global/apps/s...er/PROFILER.CAB [{9F1C11AA-197B-4942-BA54-47A8489BB47F}] CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...7579.5458101852 [{A4639D2F-774E-11D3-A490-00C04F6843FB}] CODEBASE = http://download.microsoft.com/download/viz...N-US/msorun.cab [Get_ActiveX Control] InProcServer32 = C:\WINNT\DOWNLO~1\HPGETD~1.OCX CODEBASE = https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx [{CEBC955E-58AF-11D2-A30A-00A0C903492B}] CODEBASE = http://windowsupdate.microsoft.com/R868/V3...fr/actsetup.cab [shockwave Flash Object] InProcServer32 = C:\WINNT\system32\Macromed\Flash\Flash8.ocx CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll SysTray: stobject.dll WebCheck: C:\WINNT\System32\webcheck.dll -------------------------------------------------- End of report, 7.742 bytes Report generated in 0,281 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only Résolu ! Des Millions de merci.