Ben13

Jamais 2, d'accord Donc Antivir + Windows firewall ca fait pas double emploi ?

Les protrections Windows de bases (windows defender et firewall) + antivir constituent une bonne protection ?

Apparement non, aucun problème à signaler Un grand merci à vous !!! Vous me conseillez de garder AVG et Antivir opérationnel ?

Désolé pour le retard... Voici le rapport antivir AntiVir PersonalEdition Classic Report file date: 2008-02-10 16:55 Scanning for 1096761 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows Vista Windows version: (plain) [6.0.6000] Username: Maryse Computer name: PC-DE-MARYSE Version information: BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 14:32:39 ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 2008-02-08 15:43:18 ANTIVIR3.VDF : 7.0.2.114 2048 Bytes 2008-02-08 15:43:18 AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 2008-02-08 14:32:42 AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-02-08 14:32:42 AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: 2008-02-10 16:55 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'guard.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 17 processes with 17 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '13' files ). Starting the file scan: Begin scan in 'C:\' <HDD> C:\pagefile.sys [WARNING] The file could not be opened! End of the scan: 2008-02-10 17:31 Used time: 36:35 min The scan has been done completely. 12035 Scanning directories 159578 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 159578 Files not concerned 1386 Archives were scanned 1 Warnings 0 Notes

J'ai essayé, mais ça n'a pas marché. J'avais essayé aussi la compatibilité Windows Xp mais rien non plus.

--------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 19:39 2008-02-09 + Résultat de l'analyse: :mozilla.137:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise. C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\maryse@247realmedia[1].txt -> TrackingCookie.247realmedia : Aucune action entreprise. :mozilla.140:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise. :mozilla.141:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise. :mozilla.142:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise. :mozilla.143:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise. :mozilla.144:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise. :mozilla.145:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise. :mozilla.146:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise. :mozilla.147:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise. :mozilla.164:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise. :mozilla.582:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise. C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\maryse@2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise. C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.2o7 : Aucune action entreprise. C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\maryse@2o7[2].txt -> TrackingCookie.2o7 : Aucune action entreprise. :mozilla.456:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise. :mozilla.60:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise. C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\maryse@adtech[1].txt -> TrackingCookie.Adtech : Aucune action entreprise. :mozilla.89:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise. :mozilla.90:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise. :mozilla.91:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise. :mozilla.92:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise. :mozilla.93:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise. C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\maryse@advertising[1].txt -> TrackingCookie.Advertising : Aucune action entreprise. C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\maryse@advertising[2].txt -> TrackingCookie.Advertising : Aucune action entreprise. :mozilla.22:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Adviva : Aucune action entreprise. :mozilla.99:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise. C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\maryse@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise. C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\maryse@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise. :mozilla.63:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise. C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\maryse@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise. C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\maryse@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise. :mozilla.642:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Burstnet : Aucune action entreprise. :mozilla.643:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Burstnet : Aucune action entreprise. :mozilla.474:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise. :mozilla.475:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise. :mozilla.476:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise. :mozilla.477:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise. :mozilla.478:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise. :mozilla.549:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Dealtime : Aucune action entreprise. :mozilla.550:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Dealtime : Aucune action entreprise. :mozilla.36:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise. :mozilla.9:C:\Users\Maryse\AppData\Roaming\Mozilla\Firefox\Profiles\wn6ist1o.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise. C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\maryse@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise. C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\maryse@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise. :mozilla.228:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Estat : Aucune action entreprise. :mozilla.241:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise. :mozilla.245:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise. :mozilla.246:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise. :mozilla.250:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise. :mozilla.251:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise. :mozilla.379:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise. :mozilla.380:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise. :mozilla.381:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise. :mozilla.382:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise. :mozilla.383:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise. :mozilla.464:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise. :mozilla.479:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise. :mozilla.606:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise. :mozilla.667:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise. :mozilla.266:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise. :mozilla.267:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise. :mozilla.268:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise. :mozilla.471:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise. :mozilla.514:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise. :mozilla.593:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise. C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt -> TrackingCookie.Hitbox : Aucune action entreprise. C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\maryse@hitbox[2].txt -> TrackingCookie.Hitbox : Aucune action entreprise. :mozilla.453:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise. :mozilla.454:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise. C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt -> TrackingCookie.Liveperson : Aucune action entreprise. :mozilla.41:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise. C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\maryse@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise. C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\maryse@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise. :mozilla.7:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Netflame : Aucune action entreprise. :mozilla.148:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Overture : Aucune action entreprise. :mozilla.149:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Overture : Aucune action entreprise. :mozilla.150:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Overture : Aucune action entreprise. :mozilla.200:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Overture : Aucune action entreprise. C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\maryse@overture[1].txt -> TrackingCookie.Overture : Aucune action entreprise. :mozilla.484:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Realmedia : Aucune action entreprise. :mozilla.485:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Realmedia : Aucune action entreprise. :mozilla.309:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise. :mozilla.310:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise. :mozilla.311:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise. :mozilla.312:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise. :mozilla.313:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise. :mozilla.314:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise. :mozilla.315:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise. :mozilla.283:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Sitestat : Aucune action entreprise. :mozilla.386:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Sitestat : Aucune action entreprise. :mozilla.17:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise. :mozilla.18:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise. :mozilla.19:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise. :mozilla.20:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise. :mozilla.21:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise. C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\maryse@smartadserver[2].txt -> TrackingCookie.Smartadserver : Aucune action entreprise. C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\maryse@smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise. :mozilla.364:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise. :mozilla.365:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise. :mozilla.27:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise. :mozilla.28:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise. :mozilla.29:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise. :mozilla.30:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise. :mozilla.31:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise. C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\maryse@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise. :mozilla.46:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise. :mozilla.47:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise. :mozilla.50:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise. C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\maryse@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise. C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt -> TrackingCookie.Webtrends : Aucune action entreprise. C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt -> TrackingCookie.Webtrendslive : Aucune action entreprise. :mozilla.644:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Yadro : Aucune action entreprise. :mozilla.645:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Yadro : Aucune action entreprise. :mozilla.238:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise. :mozilla.239:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise. :mozilla.240:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise. :mozilla.244:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise. :mozilla.247:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise. :mozilla.248:C:\Program Files\OrangeHSS\Config\User0\firefox\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise. C:\Users\Maryse\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt -> TrackingCookie.Yieldmanager : Aucune action entreprise. Fin du rapport

Voila le résultat du scan avec DiagHelp : DiagHelp version v1.4 - http://www.malekal.com excute le 2008-02-09 à 18:11:23.50 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\Windows\prefetch\CHCP.COM-61043047.pf -->2008-02-09 18:11:21 C:\Windows\prefetch\NOTEPAD.EXE-D8414F97.pf -->2008-02-09 18:10:15 C:\Windows\prefetch\WLLOGINPROXY.EXE-9E0DCEF8.pf -->2008-02-09 18:09:21 C:\Windows\prefetch\IEXPLORE.EXE-908C99F8.pf -->2008-02-09 18:09:21 C:\Windows\prefetch\SEARCHFILTERHOST.EXE-77482212.pf -->2008-02-09 18:08:48 C:\Windows\prefetch\DLLHOST.EXE-5E46FA0D.pf -->2008-02-09 18:08:44 C:\Windows\prefetch\NTVDM.EXE-F6564EE5.pf -->2008-02-09 18:08:27 C:\Windows\prefetch\FIND.EXE-E2237F6D.pf -->2008-02-09 18:07:50 C:\Windows\prefetch\CONIME.EXE-9781FD5F.pf -->2008-02-09 18:07:29 C:\Windows\prefetch\CMD.EXE-4A81B364.pf -->2008-02-09 18:07:29 C:\Windows\System32\drivers\ComboFix.sys -->2008-02-09 16:36:22 C:\Windows\System32\drivers\avipbb.sys -->2008-02-08 15:32:43 C:\Windows\System32\drivers\tcpip.sys -->2008-01-10 11:55:00 C:\Windows\System32\drivers\netio.sys -->2008-01-10 11:55:00 C:\Windows\System32\drivers\volsnap.sys -->2008-01-10 11:53:33 C:\Windows\System32\drivers\pciidex.sys -->2008-01-10 11:53:33 C:\Windows\System32\drivers\pciide.sys -->2008-01-10 11:53:33 C:\Windows\System32\perfh00C.dat -->2008-02-09 17:53:28 C:\Windows\System32\perfh009.dat -->2008-02-09 17:53:28 C:\Windows\System32\perfc00C.dat -->2008-02-09 17:53:28 C:\Windows\System32\perfc009.dat -->2008-02-09 17:53:28 C:\Windows\System32\PerfStringBackup.INI -->2008-02-09 17:53:27 C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -->2008-02-09 17:47:37 C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -->2008-02-09 17:47:36 C:\Windows\System32\FNTCACHE.DAT -->2008-02-09 14:42:50 C:\Windows\System32\jupdate-1.6.0_03-b05.log -->2008-02-08 14:06:27 C:\Windows\System32\config.nt -->2008-02-08 13:09:12 C:\Windows\System32\tcpipcfg.dll -->2008-01-10 11:55:00 C:\Windows\System32\netiougc.exe -->2008-01-10 11:55:00 C:\Windows\System32\netcfg.exe -->2008-01-10 11:55:00 C:\Windows\System32\GameUXLegacyGDFs.dll -->2008-01-10 11:53:47 C:\Windows\System32\gameux.dll -->2008-01-10 11:53:46 C:\Windows\System32\sbunattend.exe -->2008-01-10 11:53:02 C:\Windows\System32\mrt.exe -->2008-01-02 19:21:36 C:\Windows\System32\coh.cache -->2007-12-28 17:26:56 C:\Windows\System32\riched32.dll -->2007-12-28 17:11:48 C:\Windows\System32\riched20.dll -->2007-12-28 17:11:48 C:\Windows\System32\kmddsp.tsp -->2007-12-28 17:11:44 C:\Windows\System32\rasser.dll -->2007-12-28 17:11:43 C:\Windows\System32\rasdiag.dll -->2007-12-28 17:11:43 C:\Windows\System32\rascfg.dll -->2007-12-28 17:11:43 C:\Windows\System32\rasmxs.dll -->2007-12-28 17:11:42 C:\Windows\WindowsUpdate.log -->2008-02-09 17:51:14 C:\Windows\bootstat.dat -->2008-02-09 17:47:27 C:\Windows\ntbtlog.txt -->2008-02-09 17:46:23 C:\Windows\PFRO.log -->2008-02-09 17:40:35 C:\Windows\PSEXESVC.EXE -->2008-02-09 17:38:06 C:\Windows\TMUPDATE.DLL -->2008-02-08 14:01:38 C:\Windows\UNZIP.DLL -->2008-02-08 14:01:37 C:\Windows\PATCH.EXE -->2008-02-08 14:01:37 C:\Windows\setupact.log -->2008-01-20 23:58:56 C:\Windows\msxml4-KB941833-enu.LOG -->2007-12-29 20:03:13 C:\Windows\WindowsShell.Manifest -->2007-12-28 17:17:40 C:\Windows\explorer.exe -->2007-12-28 17:10:17 C:\Windows\msxml4-KB936181-enu.LOG -->2007-12-28 16:47:19 C:\Windows\DPINST.LOG -->2007-12-28 14:00:57 C:\Windows\Kit.ini -->2007-12-28 12:24:31 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 280 Command line: C:\Windows\Explorer.EXE Base Size Version Path 0x00740000 0x2cd000 6.00.6000.16549 C:\Windows\Explorer.EXE 0x77d50000 0x11e000 6.00.6000.16386 C:\Windows\system32\ntdll.dll 0x767b0000 0xd8000 6.00.6000.16386 C:\Windows\system32\kernel32.dll 0x76890000 0xbf000 6.00.6000.16386 C:\Windows\system32\ADVAPI32.dll 0x77670000 0xc3000 6.00.6000.16525 C:\Windows\system32\RPCRT4.dll 0x76750000 0x4b000 6.00.6000.16386 C:\Windows\system32\GDI32.dll 0x76960000 0x9e000 6.00.6000.16438 C:\Windows\system32\USER32.dll 0x76610000 0xaa000 7.00.6000.16386 C:\Windows\system32\msvcrt.dll 0x77e80000 0x55000 6.00.6000.16386 C:\Windows\system32\SHLWAPI.dll 0x76b20000 0xace000 6.00.6000.16513 C:\Windows\system32\SHELL32.dll 0x77a70000 0x144000 6.00.6000.16386 C:\Windows\system32\ole32.dll 0x77940000 0x8c000 6.00.6000.16386 C:\Windows\system32\OLEAUT32.dll 0x73380000 0x107000 6.00.6000.16386 C:\Windows\system32\SHDOCVW.dll 0x756b0000 0x3f000 6.00.6000.16386 C:\Windows\system32\UxTheme.dll 0x75960000 0x1a000 6.00.6000.16386 C:\Windows\system32\POWRPROF.dll 0x741b0000 0xc000 6.00.6000.16386 C:\Windows\system32\dwmapi.dll 0x74e60000 0x1aa000 5.02.6000.16386 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll 0x75f40000 0x39000 6.00.6000.16509 C:\Windows\system32\slc.dll 0x74c40000 0xb7000 6.00.6000.16386 C:\Windows\system32\PROPSYS.dll 0x73230000 0x145000 6.00.6000.16386 C:\Windows\system32\BROWSEUI.dll 0x76b00000 0x1e000 6.00.6000.16386 C:\Windows\system32\IMM32.dll 0x76a30000 0xc7000 6.00.6000.16386 C:\Windows\system32\MSCTF.dll 0x75680000 0x30000 6.00.6000.16386 C:\Windows\system32\DUser.dll 0x77e70000 0x9000 6.00.6000.16386 C:\Windows\system32\LPK.DLL 0x77f10000 0x7d000 1.626.6000.16386 C:\Windows\system32\USP10.dll 0x753b0000 0x194000 6.10.6000.16386 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll 0x74870000 0xb2000 6.00.6000.16493 C:\Windows\system32\WindowsCodecs.dll 0x73ee0000 0x6000 6.00.6000.16386 C:\Windows\system32\IconCodecService.dll 0x764a0000 0x14000 6.00.6000.16386 C:\Windows\system32\Secur32.dll 0x766c0000 0x84000 2001.12.6930.16386 C:\Windows\system32\CLBCatQ.DLL 0x75a20000 0x38000 6.00.6000.16386 C:\Windows\system32\rsaenh.dll 0x72d90000 0xb2000 6.00.6000.16549 C:\Windows\system32\timedate.cpl 0x74d40000 0x14000 3.05.2284.0000 C:\Windows\system32\ATL.DLL 0x76110000 0x6a000 6.00.6000.16386 C:\Windows\system32\NETAPI32.dll 0x76570000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL 0x75020000 0x38000 4.02.5406.0000 C:\Windows\system32\OLEACC.dll 0x72cd0000 0x53000 6.00.6000.16386 C:\Windows\system32\actxprxy.dll 0x764c0000 0x1e000 6.00.6000.16386 C:\Windows\system32\USERENV.dll 0x72ca0000 0x2b000 6.00.6000.16386 C:\Windows\system32\msutb.dll 0x75ae0000 0xd7000 6.00.6000.16386 C:\Windows\system32\WINBRAND.dll 0x72d70000 0x9000 6.00.6000.16386 C:\Windows\system32\LINKINFO.dll 0x76440000 0x2c000 6.00.6000.16386 C:\Windows\system32\apphelp.dll 0x77740000 0x127000 7.00.6000.16575 C:\Windows\system32\urlmon.dll 0x779d0000 0x45000 7.00.6000.16386 C:\Windows\system32\iertutil.dll 0x75980000 0x21000 6.00.6000.16386 C:\Windows\system32\NTMARTA.DLL 0x77a20000 0x49000 6.00.6000.16386 C:\Windows\system32\WLDAP32.dll 0x76a00000 0x2d000 6.00.6000.16386 C:\Windows\system32\WS2_32.dll 0x767a0000 0x6000 6.00.6000.16386 C:\Windows\system32\NSI.dll 0x760f0000 0x11000 6.00.6000.16386 C:\Windows\system32\SAMLIB.dll 0x72520000 0x5cd000 7.00.6000.16575 C:\Windows\system32\ieframe.dll 0x75060000 0x33000 6.00.6000.16386 C:\Windows\system32\WINMM.dll 0x74c10000 0x30000 6.00.6000.16386 C:\Windows\system32\wdmaud.drv 0x75650000 0x4000 6.00.6000.16386 C:\Windows\system32\ksuser.dll 0x757a0000 0x7000 6.00.6000.16386 C:\Windows\system32\AVRT.dll 0x757b0000 0x27000 6.00.6000.16386 C:\Windows\system32\MMDevAPI.DLL 0x77bc0000 0x188000 6.00.6000.16386 C:\Windows\system32\SETUPAPI.dll 0x756f0000 0x2d000 6.00.6000.16386 C:\Windows\system32\WINTRUST.dll 0x75f80000 0xf1000 6.00.6000.16425 C:\Windows\system32\CRYPT32.dll 0x760d0000 0x12000 6.00.6000.16386 C:\Windows\system32\MSASN1.dll 0x77ee0000 0x29000 6.00.6000.16470 C:\Windows\system32\imagehlp.dll 0x74b80000 0x21000 6.00.6000.16386 C:\Windows\System32\audioses.dll 0x74a50000 0x66000 6.00.6000.16386 C:\Windows\System32\audioeng.dll 0x74bd0000 0x9000 6.00.6000.16386 C:\Windows\system32\msacm32.drv 0x74bb0000 0x15000 6.00.6000.16386 C:\Windows\system32\MSACM32.dll 0x74b70000 0x7000 6.00.6000.16386 C:\Windows\system32\midimap.dll 0x720c0000 0x223000 6.00.6000.16386 C:\Windows\system32\NetworkExplorer.dll 0x77870000 0xcf000 7.00.6000.16575 C:\Windows\system32\WININET.dll 0x76950000 0x3000 6.00.6000.16386 C:\Windows\system32\Normaliz.dll 0x72380000 0x7000 4.00.6000.16386 C:\Windows\system32\msiltcfg.dll 0x75ca0000 0x8000 6.00.6000.16386 C:\Windows\system32\VERSION.dll 0x72e80000 0x204000 4.00.6000.16386 C:\Windows\system32\msi.dll 0x71e50000 0x9000 6.00.6000.16386 C:\Windows\system32\ExplorerFrame.dll 0x75790000 0xa000 6.00.6000.16386 C:\Windows\system32\cscapi.dll 0x72af0000 0x92000 6.00.6000.16386 C:\Windows\system32\stobject.dll 0x717c0000 0xb6000 6.00.6000.16386 C:\Windows\system32\BatMeter.dll 0x75880000 0x9000 6.00.6000.16553 C:\Windows\system32\WTSAPI32.dll 0x75d90000 0x24000 6.00.6000.16386 C:\Windows\system32\WINSTA.dll 0x74930000 0x45000 2001.12.6930.16386 C:\Windows\system32\es.dll 0x72ba0000 0x30000 6.00.6000.16386 C:\Windows\System32\SndVolSSO.dll 0x72420000 0x21000 6.00.6000.16386 C:\Windows\ehome\ehSSO.dll 0x74b60000 0x9000 6.00.6000.16386 C:\Windows\system32\HID.DLL 0x70940000 0x30b000 6.00.6000.16386 C:\Windows\System32\netshell.dll 0x75ee0000 0x19000 6.00.6000.16386 C:\Windows\System32\IPHLPAPI.DLL 0x75ea0000 0x35000 6.00.6000.16512 C:\Windows\System32\dhcpcsvc.DLL 0x76180000 0x2b000 6.00.6000.16386 C:\Windows\System32\DNSAPI.dll 0x75e90000 0x7000 6.00.6000.16386 C:\Windows\System32\WINNSI.DLL 0x75e70000 0x20000 6.00.6000.16512 C:\Windows\System32\dhcpcsvc6.DLL 0x75010000 0xf000 6.00.6000.16386 C:\Windows\System32\nlaapi.dll 0x75890000 0x63000 6.00.6000.16501 C:\Windows\system32\FirewallAPI.dll 0x713b0000 0x1bf000 6.00.6000.16386 C:\Windows\system32\pnidui.dll 0x72be0000 0x17000 6.00.6000.16386 C:\Windows\system32\QUtil.dll 0x75f00000 0x3e000 6.00.6000.16386 C:\Windows\system32\wevtapi.dll 0x74210000 0x6000 6.00.6000.16386 C:\Windows\system32\wlanutil.dll 0x71ee0000 0x27000 6.00.6000.16386 C:\Windows\system32\FunDisc.dll 0x74d00000 0x9000 6.00.6000.16386 C:\Windows\system32\fdproxy.dll 0x72c00000 0x30000 6.00.6000.16386 C:\Windows\system32\MLANG.dll 0x6ffd0000 0x8000 6.00.6000.16386 C:\Windows\System32\npmproxy.dll 0x75350000 0xe000 6.00.6000.16551 C:\Windows\system32\Wlanapi.dll 0x74360000 0x2d000 6.00.6000.16386 C:\Windows\system32\OneX.DLL 0x74450000 0xd000 6.00.6000.16386 C:\Windows\system32\eappprxy.dll 0x74250000 0x28000 6.00.6000.16386 C:\Windows\system32\eappcfg.dll 0x75dc0000 0x44000 6.00.6000.16386 C:\Windows\system32\bcrypt.dll 0x6f250000 0xd000 6.00.6000.16386 C:\Windows\System32\AltTab.dll 0x6ef90000 0x23000 6.00.6000.16386 C:\Windows\system32\wpdshserviceobj.dll 0x73ba0000 0x5f000 6.00.6000.16386 C:\Windows\system32\WINHTTP.dll 0x6ef50000 0x40000 6.00.6000.16386 C:\Windows\System32\srchadmin.dll 0x6ee80000 0x3c000 7.00.6000.16386 C:\Windows\system32\webcheck.dll 0x6ecf0000 0x4a000 6.00.6000.16386 C:\Windows\system32\ntshrui.dll 0x6e6f0000 0x21c000 6.00.6000.16386 C:\Windows\System32\SyncCenter.dll 0x6ecb0000 0x39000 6.00.6000.16386 C:\Windows\system32\wscntfy.dll 0x6f410000 0xb000 6.00.6000.16386 C:\Windows\system32\WSCAPI.dll 0x6e9c0000 0x51000 6.00.6000.16386 C:\Windows\system32\imapi2.dll 0x6f100000 0xb000 6.00.6000.16386 C:\Windows\system32\mssprxy.dll 0x6ec30000 0x2b000 6.00.6000.16386 C:\Windows\system32\PortableDeviceTypes.dll 0x6fd60000 0x46000 6.00.6000.16386 C:\Windows\system32\PortableDeviceApi.dll 0x6e5f0000 0xf9000 6.00.6000.16386 C:\Windows\system32\bthprops.cpl 0x76380000 0x5f000 6.00.6000.16386 C:\Windows\system32\SXS.DLL 0x76090000 0x14000 6.00.6000.16386 C:\Windows\system32\MPR.dll 0x75660000 0x14000 6.00.6000.16386 C:\Windows\system32\Cabinet.dll 0x6ef20000 0x2c000 6.00.6000.16386 C:\Windows\System32\QAgent.dll 0x73cb0000 0x8a000 6.00.6000.16386 C:\Windows\System32\fwpuclnt.dll 0x6d3b0000 0x56000 6.00.6000.16386 C:\Windows\system32\zipfldr.dll 0x02b50000 0x2e000 C:\Program Files\WinRAR\rarext.dll 0x10000000 0x11000 7.00.0000.0010 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll 0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL 0x05400000 0x56000 7.10.3052.0004 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll 0x5d360000 0xf000 7.10.3077.0000 C:\Windows\system32\MFC71FRA.DLL 0x6e490000 0x2e000 6.00.6000.16386 C:\Windows\system32\syncui.dll 0x72080000 0x15000 6.00.6000.16386 C:\Windows\system32\SYNCENG.dll 0x75130000 0x12000 6.00.6000.16386 C:\Windows\system32\thumbcache.dll 0x6d610000 0x60000 6.00.6000.16386 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll 0x01d80000 0x10000 8.00.0000.0456 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 0x73090000 0x9b000 8.00.50727.0312 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.312_none_10b2ee7b9bffc2c7\MSVCR80.dll 0x75620000 0x22000 1.01.1002.0000 C:\Windows\system32\xmllite.dll 0x5a500000 0x50000 8.05.1302.1018 C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 700 Command line: winlogon.exe Base Size Version Path 0x00270000 0x4e000 6.00.6000.16386 C:\Windows\system32\winlogon.exe 0x77d50000 0x11e000 6.00.6000.16386 C:\Windows\system32\ntdll.dll 0x767b0000 0xd8000 6.00.6000.16386 C:\Windows\system32\kernel32.dll 0x76890000 0xbf000 6.00.6000.16386 C:\Windows\system32\ADVAPI32.dll 0x77670000 0xc3000 6.00.6000.16525 C:\Windows\system32\RPCRT4.dll 0x76960000 0x9e000 6.00.6000.16438 C:\Windows\system32\USER32.dll 0x76750000 0x4b000 6.00.6000.16386 C:\Windows\system32\GDI32.dll 0x76610000 0xaa000 7.00.6000.16386 C:\Windows\system32\msvcrt.dll 0x764a0000 0x14000 6.00.6000.16386 C:\Windows\system32\Secur32.dll 0x75d90000 0x24000 6.00.6000.16386 C:\Windows\system32\WINSTA.dll 0x76570000 0x7000 6.00.6000.16386 C:\Windows\system32\PSAPI.DLL 0x764c0000 0x1e000 6.00.6000.16386 C:\Windows\system32\USERENV.dll 0x76b00000 0x1e000 6.00.6000.16386 C:\Windows\system32\IMM32.DLL 0x76a30000 0xc7000 6.00.6000.16386 C:\Windows\system32\MSCTF.dll 0x77e70000 0x9000 6.00.6000.16386 C:\Windows\system32\LPK.DLL 0x77f10000 0x7d000 1.626.6000.16386 C:\Windows\system32\USP10.dll 0x76440000 0x2c000 6.00.6000.16386 C:\Windows\system32\apphelp.dll 0x75980000 0x21000 6.00.6000.16386 C:\Windows\system32\NTMARTA.DLL 0x77a20000 0x49000 6.00.6000.16386 C:\Windows\system32\WLDAP32.dll 0x76a00000 0x2d000 6.00.6000.16386 C:\Windows\system32\WS2_32.dll 0x767a0000 0x6000 6.00.6000.16386 C:\Windows\system32\NSI.dll 0x760f0000 0x11000 6.00.6000.16386 C:\Windows\system32\SAMLIB.dll 0x77a70000 0x144000 6.00.6000.16386 C:\Windows\system32\ole32.dll 0x749d0000 0x3e000 6.00.6000.16386 C:\Windows\system32\SHSVCS.dll 0x756b0000 0x3f000 6.00.6000.16386 C:\Windows\system32\uxtheme.dll 0x75a20000 0x38000 6.00.6000.16386 C:\Windows\system32\rsaenh.dll 0x74870000 0xb2000 6.00.6000.16493 C:\Windows\system32\WindowsCodecs.dll 0x76110000 0x6a000 6.00.6000.16386 C:\Windows\system32\NETAPI32.dll 0x75f40000 0x39000 6.00.6000.16509 C:\Windows\system32\slc.dll 0x76090000 0x14000 6.00.6000.16386 C:\Windows\system32\MPR.dll Le volume dans le lecteur C s'appelle HDD Le numéro de série du volume est 3C38-DEFE Répertoire de C:\Windows\system32 2006-11-02 10:45 7,680 csrss.exe 1 fichier(s) 7,680 octets 0 Rép(s) 106,017,398,784 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle HDD Le numéro de série du volume est 3C38-DEFE Répertoire de C:\Windows\Downloaded Program Files 2008-02-08 14:06 <REP> . 2008-02-08 14:06 <REP> .. 2006-09-18 22:26 65 desktop.ini 2006-06-30 11:00 29,616 dwusplay.dll 2006-06-30 11:00 201,648 dwusplay.exe 2006-09-11 03:40 484,272 isusweb.dll 2007-09-25 01:33 1,055 jinstall-6u3.inf 2005-11-02 18:01 1,777 xscan.inf 2005-11-02 18:07 435,712 xscan53.ocx 7 fichier(s) 1,154,145 octets Total des fichiers listés : 7 fichier(s) 1,154,145 octets 2 Rép(s) 106,017,398,784 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. dword:00000001 présent dans la clef HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon - Possible infection Trojan.DNS/Wareout Liste des fichiers en exception sur le pare-feu XP SP2 Export de la clef SharedTaskScheduler [sharedTaskScheduler] exports des policies REGEDIT4 [system] "ConsentPromptBehaviorAdmin"=dword:00000002 "ConsentPromptBehaviorUser"=dword:00000001 "EnableInstallerDetection"=dword:00000001 "EnableLUA"=dword:00000000 "EnableSecureUIAPaths"=dword:00000001 "EnableVirtualization"=dword:00000001 "PromptOnSecureDesktop"=dword:00000001 "ValidateAdminCodeSignatures"=dword:00000000 "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "scforceoption"=dword:00000000 "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "FilterAdministratorToken"=dword:00000000 [system\UIPI] [system\UIPI\Clipboard] [system\UIPI\Clipboard\ExceptionFormats] "CF_TEXT"=dword:00000001 "CF_BITMAP"=dword:00000002 "CF_OEMTEXT"=dword:00000007 "CF_DIB"=dword:00000008 "CF_PALETTE"=dword:00000009 "CF_UNICODETEXT"=dword:0000000d "CF_DIBV5"=dword:00000011 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-09 18:11:37 Windows 6.0.6000 NTFS scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Sorry, this version supports only Win2K/XP KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Sorry, this version supports only Win2K/XP Le volume dans le lecteur C s'appelle HDD Le numéro de série du volume est 3C38-DEFE Répertoire de C:\Program Files 2008-02-09 11:53 <REP> . 2008-02-09 11:53 <REP> .. 2007-09-27 20:35 <REP> Activation Assistant for the 2007 Microsoft Office suites 2008-01-09 13:07 <REP> Adobe 2008-02-08 13:08 <REP> Alwil Software 2007-09-27 20:01 <REP> AMD 2007-09-27 20:08 <REP> Atheros 2007-09-27 20:02 <REP> ATI 2007-09-27 20:06 <REP> ATI Technologies 2007-09-27 20:01 <REP> ATK Hotkey 2008-02-08 15:30 <REP> Avira 2008-02-08 14:03 <REP> Common Files 2007-09-27 20:23 <REP> CyberLink 2007-12-28 17:13 <REP> Google 2007-09-27 20:14 <REP> HDReg 2007-12-28 17:13 <REP> Internet Explorer 2008-02-08 14:06 <REP> Java 2007-12-28 17:05 <REP> Microsoft CAPICOM 2.1.0.2 2006-11-02 13:37 <REP> Microsoft Games 2007-09-27 20:33 <REP> Microsoft Office 2007-09-27 20:33 <REP> Microsoft Works 2007-09-27 20:33 <REP> Microsoft.NET 2007-09-28 05:19 <REP> Movie Maker 2008-02-09 15:17 <REP> Mozilla Firefox 2006-11-02 13:37 <REP> MSBuild 2006-11-02 13:37 <REP> MSN 2007-12-28 16:47 <REP> MSXML 4.0 2007-12-28 17:29 <REP> Norton 360 2008-01-09 12:08 <REP> OrangeHSS 2008-02-09 17:16 <REP> Packard Bell 2008-01-08 19:11 <REP> Picasa2 2008-02-08 12:54 <REP> Prevx1 2006-11-02 13:37 <REP> Reference Assemblies 2007-09-27 20:21 <REP> Roxio 2007-12-28 12:22 <REP> SAGEM 2007-12-28 11:04 <REP> Securitoo 2007-09-27 20:36 <REP> Skype 2007-09-27 20:03 <REP> Synaptics 2008-02-09 11:53 <REP> Trend Micro 2008-01-17 14:12 <REP> Valve 2007-12-28 12:24 <REP> Wanadoo 2007-12-28 17:14 <REP> Windows Calendar 2007-09-28 05:19 <REP> Windows Collaboration 2007-09-28 05:28 <REP> Windows Defender 2007-09-28 05:19 <REP> Windows Journal 2007-12-28 14:00 <REP> Windows Live 2008-01-10 12:00 <REP> Windows Mail 2007-12-28 17:13 <REP> Windows Media Player 2007-12-28 10:43 <REP> Windows NT 2007-09-28 05:19 <REP> Windows Photo Gallery 2008-01-10 12:00 <REP> Windows Sidebar 2007-12-30 15:08 <REP> WinRAR 0 fichier(s) 0 octets 52 Rép(s) 106,004,619,264 octets libres Le volume dans le lecteur C s'appelle HDD Le numéro de série du volume est 3C38-DEFE Répertoire de C:\Program Files\fichiers communs Le volume dans le lecteur C s'appelle HDD Le numéro de série du volume est 3C38-DEFE Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 2007-09-27 20:33 <REP> . 2007-09-27 20:33 <REP> .. 2007-09-27 20:30 <REP> 1036 2006-10-26 19:12 40,256 MSOSV.DLL 1 fichier(s) 40,256 octets 3 Rép(s) 106,004,619,264 octets libres Le volume dans le lecteur C s'appelle HDD Le numéro de série du volume est 3C38-DEFE Répertoire de C:\Program Files\common files 2008-02-08 14:03 <REP> . 2008-02-08 14:03 <REP> .. 2008-01-09 13:07 <REP> Adobe 2007-09-27 20:33 <REP> DESIGNER 2007-09-27 20:23 <REP> InstallShield 2008-02-08 14:03 <REP> Java 2007-12-28 14:01 <REP> microsoft shared 2007-09-27 20:21 <REP> Roxio Shared 2006-11-02 12:18 <REP> Services 2007-09-27 20:36 <REP> Skype 2007-09-27 20:21 <REP> Sonic Shared 2006-11-02 12:18 <REP> SpeechEngines 2007-09-27 20:21 <REP> SureThing Shared 2007-12-28 17:30 <REP> Symantec Shared 2007-09-28 05:39 <REP> System 0 fichier(s) 0 octets 15 Rép(s) 106,004,619,264 octets libres ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_PC-de-Maryse.tar.gz a l'adresse http://upload.malekal.com

Désolé, j'ai refais le reg (j'avais oublié la première ligne ) Et j'ai suivi la procédure. (il n'était pas dans le regedit après l'avoir fusionner, donc c'est bon ?) Pour ce fichier : c:\users\maryse\appdata\local\temp\ursrq.dll Non, il n'est plus la. Voici le nouveau HJT : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:56, on 2008-02-09 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16575) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Maryse\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redi...amp;key=IESTART R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing) O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [smpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: http://*.secuser.com O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 7342 bytes

Le fichier que vous m'avez dit de supprimer n'existe pas (plus ?) apparement. J'ai créer le fichier .reg mais ce dernier refuse de fusionner "Impossible d'importer C:\User\Maryse\Desktop\ben.ref : le fichier spécifié n'est pas un script du Registre. Vous pouvez uniquement importer des fichiers du Registre Binaires à partir de l'éditeur du Registre. Je ne suis pas aller plus loin dans la procédure. A noter que Combofix a fonctionner une fois mais ne m'a pas créer de rapport (ni ouvert, ni créer dans C:\ComboFix) mais que j'ai, depuis, un fichier "catchme" (apparement .rar) sur le bureau. PS : je précise, j'ai 2 ordinateurs, donc un accès au forum "constant".

Je viens d'essayer ça en recherchant un peu sur internet d'ou pouvez venir le problème, mais ça ne change rien Devrais-je essayer en mode sans echec ? Merci pour votre aide.

Heu...J'ai un petit problème. J'ai tout désactivé, fermé les programmes en cours, je lance ComboFix et la 2nd ligne est : "Out of Memory". Que faire ?

Rapport Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:58:39, on 09/02/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16575) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redi...e=AD&p(...) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing) O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [smpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Maryse\AppData\Local\Temp\opnki.dll,#1 O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Maryse\AppData\Local\Temp\ursrq.dll,c O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Maryse\AppData\Local\Temp\qpugdplp.dll",run O4 - HKCU\..\Run: [3c38de51] rundll32.exe "C:\Users\Maryse\AppData\Local\Temp\lcwytyuq.dll",b O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: http://*.secuser.com O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...com/housec(...) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 8057 bytes

Si ça peut aider, j'ai fais un scan avec antivir (qui, au passage, m'a floodé de plein d'alertes pour un seul et même fichier). Je suis obligé de le désactivé pour pouvoir faire quelque chose... AntiVir PersonalEdition Classic Report file date: vendredi 8 février 2008 15:53 Scanning for 1096649 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows Vista Windows version: (plain) [6.0.6000] Username: SYSTEM Computer name: PC-DE-MARYSE Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 14:32:39 ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 25/01/2008 14:32:40 ANTIVIR3.VDF : 7.0.2.112 361984 Bytes 08/02/2008 14:32:40 AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 08/02/2008 14:32:42 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 08/02/2008 14:32:42 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: vendredi 8 février 2008 15:53 The scan of running processes will be started Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'avconfig.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'GoogleDesktopCrawl.exe' - '1' Module(s) have been scanned Scan process 'CPSHelpRunner.exe' - '1' Module(s) have been scanned Scan process 'CCC.exe' - '1' Module(s) have been scanned Scan process 'sidebar.exe' - '1' Module(s) have been scanned Scan process 'RoxMediaDB9.exe' - '1' Module(s) have been scanned Scan process 'SmpSys.exe' - '1' Module(s) have been scanned Scan process 'sidebar.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'GoogleDesktopIndex.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'MSPMirage.exe' - '1' Module(s) have been scanned Scan process 'MOM.exe' - '1' Module(s) have been scanned Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned Scan process 'RoxWatchTray9.exe' - '1' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'RoxWatch9.exe' - '1' Module(s) have been scanned Scan process 'RichVideo.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'ATKOSD.exe' - '1' Module(s) have been scanned Scan process 'HControl.exe' - '1' Module(s) have been scanned Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned Scan process 'MSASCui.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'dwm.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'ASLDRSrv.exe' - '1' Module(s) have been scanned Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SLsvc.exe' - '1' Module(s) have been scanned Scan process 'audiodg.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 77 processes with 77 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '10' files ). Starting the file scan: Begin scan in 'C:\' <HDD> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Users\Maryse\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LUNUH92M\css4[1] [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '481f6fef.qua'! C:\Users\Maryse\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LUNUH92M\css4[2] [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '481f6ffa.qua'! C:\Users\Maryse\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LUNUH92M\css4[3] [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '481f6ffb.qua'! C:\Users\Maryse\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S3IRPZC0\hctp[1] [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '48206ff3.qua'! C:\Users\Maryse\AppData\Local\Temp\awtsq.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003 [WARNING] The file could not be deleted! C:\Users\Maryse\AppData\Local\Temp\lcwytyuq.dll [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [iNFO] The file was moved to '482370fe.qua'! End of the scan: vendredi 8 février 2008 16:28 Used time: 34:32 min The scan has been done completely. 12687 Scanning directories 202480 Files were scanned 6 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 5 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 202474 Files not concerned 1807 Archives were scanned 3 Warnings 0 Notes

Bonjour à tous, Mon ordinateur a eu quelques problèmes ce matin. (plus accès au Poste de travail...fermeture immédiate avec un genre de reboot de "explorer"). J'ai téléchargé l'éval d'Avast qui m'a trouvé un win32:tratBHO. Par la suite en venant sur le forum et lisant le topic pour ouvrir un sujet, j'ai téléchargé Antivir (après avoir désinstallé Avast) qui lui me parle de Dldr.ConHook.Gen. Je ne sais pas quoi faire (est-ce qu'il y a une "éradication type" ou est-ce du cas par cas) ? OS : Vista Familial (si ça peut aider) Voila, Merci. Ben