Digger

Bonjour, j'ai une Freebox que j'ai configurée en mode routeur. Sur cette FB, j'ai connecté un ordi en cable et un ordi en wifi. Tout fonctionne bien. Mais, sur mon 3éme ordinateur, plus moyen d'avoir accès au net par wifi. J'ai écris "plus" car cela fonctionnait parfaitement ces derniers temps et là, ... paf. Il voit parfaitement le réseau mais impossible d'ouvrir la moindre page. La connexion est paramétrée en tout auto. C'est à dire que l'adresse ip est délivrée à la connexion ainsi que la passerelle. Que peut il bien se passer? Merci de votre aide

En conséquence et si j'ai bien compris la dernière remarque, il est possible d'utiliser FF sur des outils IE pour peu que le "patch" IE tab soit installé chez FF. Yes or no?

Bonjour, merci pour cette réponse qui éclaire parfaitement ma lanterne...

Alors que Firefox est bien répandu maintenant...

Alors voici le combo: ComboFix 08-03-09.4 - EKAdmin 10/03/2008 20:58:33.2 - NTFSx86 Microsoft Windows 2000 Professionnel 5.0.2195.4.1252.1.1033.18.577 [GMT 1:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINNT\system\mside.exe C:\WINNT\system32\drivers\aswMon.sys C:\WINNT\system32\msasvc.exe C:\WINNT\SYSTEM32\srvany.exe C:\WINNT\system32\wmsv.exe C:\WINNT\system32\xwvyb.bak1 C:\WINNT\system32\xwvyb.bak2 C:\WINNT\system32\xwvyb.ini2 . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\_OTMoveIt C:\_OTMoveIt\MovedFiles\03102008_114602.log C:\_OTMoveIt\MovedFiles\03102008_114602.res C:\_OTMoveIt\MovedFiles\03102008_114602\WINNT\web\RELATED.HTM C:\SDFix C:\SDFix\apps\assosfix.reg C:\SDFix\apps\cliptext.exe C:\SDFix\apps\download.exe C:\SDFix\apps\dummy.sys C:\SDFix\apps\Enable_Command_Prompt.reg C:\SDFix\apps\ERDNT.E_E C:\SDFix\apps\ERDNTDOS.LOC C:\SDFix\apps\ERDNTWIN.LOC C:\SDFix\apps\ERUNT.EXE C:\SDFix\apps\ERUNT.LOC C:\SDFix\apps\fix.reg C:\SDFix\apps\FixBH.reg C:\SDFix\apps\FixComponents.reg C:\SDFix\apps\FIXCU.reg C:\SDFix\apps\FIXLM.reg C:\SDFix\apps\FixPath.exe C:\SDFix\apps\FixRedir.reg C:\SDFix\apps\FixSchedule.reg C:\SDFix\apps\FixWebCheck.reg C:\SDFix\apps\fixXP.reg C:\SDFix\apps\FixXPsp2.reg C:\SDFix\apps\grep.exe C:\SDFix\apps\HPFix.reg C:\SDFix\apps\HPFix2.reg C:\SDFix\apps\HPFix3.reg C:\SDFix\apps\HPFix4.reg C:\SDFix\apps\HPFix5.reg C:\SDFix\apps\HPFix6.reg C:\SDFix\apps\HPFix7.reg C:\SDFix\apps\isadmin.exe C:\SDFix\apps\leg2.txt C:\SDFix\apps\legacy.txt C:\SDFix\apps\legacybk.txt C:\SDFix\apps\locate.com C:\SDFix\apps\LS.exe C:\SDFix\apps\MD5File.exe C:\SDFix\apps\MyGcpvFix.reg C:\SDFix\apps\MyGkFix2.reg C:\SDFix\apps\Process.exe C:\SDFix\apps\procs.exe C:\SDFix\apps\psservice.exe C:\SDFix\apps\Rem.txt C:\SDFix\apps\Rem2.txt C:\SDFix\apps\Replace\regedit.exe C:\SDFix\apps\Replace\W2K.exe C:\SDFix\apps\Replace\w2k\beep.sys C:\SDFix\apps\Replace\w2k\null.sys C:\SDFix\apps\Replace\XP.exe C:\SDFix\apps\Replace\xp\beep.sys C:\SDFix\apps\Replace\xp\null.sys C:\SDFix\apps\Reset_AppInit_DLLs.reg C:\SDFix\apps\RestartIt!.exe C:\SDFix\apps\Restore_SecurityCenter.reg C:\SDFix\apps\Restore_SharedAccess.reg C:\SDFix\apps\sc.exe C:\SDFix\apps\sed.exe C:\SDFix\apps\SF.exe C:\SDFix\apps\shutdown.exe C:\SDFix\apps\srv2.txt C:\SDFix\apps\srv2bk.txt C:\SDFix\apps\svc.txt C:\SDFix\apps\svcbk.txt C:\SDFix\apps\swreg.exe C:\SDFix\apps\swsc.exe C:\SDFix\apps\unzip.exe C:\SDFix\apps\vfind.exe C:\SDFix\apps\WINMSG.EXE C:\SDFix\apps\winsec.reg C:\SDFix\apps\zip.exe C:\SDFix\backups\backupreg.zip C:\SDFix\backups\backups.zip C:\SDFix\backups\catchme.log C:\SDFix\backups\HOSTS C:\SDFix\catchme.exe C:\SDFix\dummy.sys C:\SDFix\rapport du 10 mars 12 52.txt C:\SDFix\Report.txt C:\SDFix\RunThis.bat C:\SDFix\SDFIX_ReadMe_Online.url C:\VundoFix Backups C:\WINNT\system32\drivers\aswMon.sys C:\WINNT\system32\xwvyb.bak1 C:\WINNT\system32\xwvyb.bak2 C:\WINNT\system32\xwvyb.ini2 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_ASWMON -------\LEGACY_EKINST -------\LEGACY_MSASVC -------\LEGACY_MSIDE -------\LEGACY_NDISKIO -------\LEGACY_WSMV -------\aswMon -------\EKInst -------\MsaSvc -------\mside -------\Ndiskio -------\nvcfsr -------\nvcoafl5 -------\nvcoarc5 -------\nvcoas -------\NVCScheduler -------\wsmv ((((((((((((((((((((((((( Files Created from 2008-02-10 to 2008-03-10 ))))))))))))))))))))))))))))))) . 2008-03-10 12:17 . 08-03-10 12:17 <DIR> d-------- C:\WINNT\ERUNT 2008-03-09 17:57 . 08-03-09 17:57 <DIR> d-------- C:\Program Files\Avira 2008-03-09 17:57 . 08-03-09 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-03-08 13:52 . 08-03-08 13:51 691,545 --a------ C:\WINNT\unins000.exe 2008-03-08 13:52 . 08-03-08 13:52 2,547 --a------ C:\WINNT\unins000.dat 2008-03-05 07:59 . 08-03-10 11:25 <DIR> d-------- C:\Hijackthis 2008-03-04 20:00 . 08-03-05 07:30 <DIR> d-------- C:\Program Files\a-squared Anti-Malware 2008-03-04 19:47 . 08-03-04 19:47 <DIR> d-------- C:\Program Files\ToniArts 2008-03-03 14:07 . 08-03-03 14:07 0 --a------ C:\WINNT\3 2008-03-01 14:21 . 08-03-03 12:33 <DIR> d-------- C:\Program Files\Defenza 2008-03-01 14:21 . 96-08-20 20:37 15,840 --a------ C:\WINNT\system32\Machnm1.exe 2008-03-01 14:21 . 05-09-25 16:37 5,632 --a------ C:\WINNT\system32\Machnm64.sys 2008-03-01 14:21 . 08-03-01 14:21 3,120 --a------ C:\WINNT\system32\118290.54 2008-03-01 14:21 . 08-03-01 14:21 3,120 --a------ C:\WINNT\118294.78 2008-03-01 14:21 . 03-08-13 00:27 2,304 --a------ C:\WINNT\system32\Machnm32.sys 2008-03-01 14:08 . 08-03-01 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue 2008-03-01 13:50 . 08-03-01 14:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue 2008-03-01 13:42 . 08-03-01 13:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ItsLabel . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-08 12:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-08 12:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-03-07 19:14 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AdobeUM 2008-03-04 18:47 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-04 18:47 --------- d---a-w C:\Program Files\Common Files\InstallShield 2008-01-21 09:59 --------- d-----w C:\Program Files\Trend Micro 2008-01-21 09:51 102,664 ----a-w C:\WINNT\system32\drivers\tmcomm.sys 2003-09-01 08:38 832 ----a-w C:\Program Files\INSTALL.LOG 2002-01-08 19:10 271 ---ha-w C:\Program Files\desktop.ini 2002-01-08 19:10 21,952 ---ha-w C:\Program Files\folder.htt 1999-12-07 12:00 32,528 -c--a-w C:\WINNT\inf\wbfirdma.sys . ------- Sigcheck ------- 01-05-08 01:00 7952 1206706a25c5b32652b4f465ede330e9 C:\WINNT\system32\svchost.exe 99-12-07 13:00 7952 9e64ad53cfd9da2d22e8a924f8c6e62c C:\WINNT\system32\dllcache\svchost.exe 03-06-19 11:05 181008 3980c28d116d438bbb36fb38526fde1a C:\WINNT\ServicePackFiles\i386\winlogon.exe 05-06-03 11:25 191248 5b5c3a13997c536c1ea1956ac7a41db8 C:\WINNT\system32\WINLOGON.EXE 03-06-19 17:05 181008 3980c28d116d438bbb36fb38526fde1a C:\WINNT\system32\dllcache\WINLOGON.EXE 03-06-19 11:05 1694080 541daef38c9c82541690aa7e6f52f654 C:\WINNT\ServicePackFiles\i386\ntkrnlpa.exe 07-03-06 05:03 1717056 12e5366b7d7eac583309cdada766b2e9 C:\WINNT\system32\NTKRNLPA.EXE 03-06-19 11:05 1719056 61a2dcfce1abf5340d2128e45b5f52b7 C:\WINNT\ServicePackFiles\i386\ntoskrnl.exe 07-03-06 05:03 1694400 a7ac10f8cea3d5d48e8a38f09462c448 C:\WINNT\system32\NTOSKRNL.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ] "E:\"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [08-03-10 07:06 249896] "Synchronization Manager"="mobsync.exe" [03-06-19 11:05 111376 C:\WINNT\system32\mobsync.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "internat.exe"="internat.exe" [01-05-08 01:00 20752 C:\WINNT\system32\internat.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 17:05 186640] C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ ieproxychk.bat [2003-11-17 15:47:06 214] userdata.bat [2001-09-04 21:41:19 251] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Collect Most Frequent Userid.lnk.disabled [2004-04-16 17:13:38 496] McAfee Desktop Firewall Tray.lnk.disabled [2004-04-16 17:13:38 745] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "disablecad"= 0 (0x0) "RunLogonScriptSync"= 0 (0x0) "RunStartupScriptSync"= 1 (0x1) "SynchronousMachineGroupPolicy"= 1 (0x1) "SynchronousUserGroupPolicy"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoToolbarCustomize"= 0 (0x0) "NoBandCustomize"= 0 (0x0) "NoMSAppLogo5ChannelNotify"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "Btn_Back"= 0 (0x0) "Btn_Forward"= 0 (0x0) "Btn_Stop"= 0 (0x0) "Btn_Refresh"= 0 (0x0) "Btn_Home"= 0 (0x0) "Btn_Search"= 0 (0x0) "Btn_History"= 0 (0x0) "Btn_Favorites"= 0 (0x0) "Btn_Folders"= 0 (0x0) "Btn_Fullscreen"= 0 (0x0) "Btn_Tools"= 0 (0x0) "Btn_MailNews"= 0 (0x0) "Btn_Size"= 0 (0x0) "Btn_Print"= 0 (0x0) "Btn_Edit"= 0 (0x0) "Btn_Discussions"= 0 (0x0) "Btn_Cut"= 0 (0x0) "Btn_Copy"= 0 (0x0) "Btn_Paste"= 0 (0x0) "Btn_Encoding"= 0 (0x0) "Btn_PrintPreview"= 0 (0x0) "NoFavoritesMenu"= 0 (0x0) "NoLogoff"= 0 (0x0) "EnforceShellExtensionSecurity"= 0 (0x0) "NoDeletePrinter"= 0 (0x0) "NoAddPrinter"= 0 (0x0) "NoPrinterTabs"= 0 (0x0) "Btn_Media"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ActiveSync] WcesWlgn.dll 05-11-15 19:44 7168 C:\WINNT\system32\WcesWlgn.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 TivoliAP [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "AGRSMMSG"=AGRSMMSG.exe "dla"=C:\WINNT\system32\dla\tfswctrl.exe "lcfep"="C:\apps\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe" -x "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey "pdfFactory Dispatcher v1"=C:\WINNT\System32\spool\DRIVERS\W32X86\2\fppdis1.exe "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe "SwdisUsrPCN.patwlc5528"="C:\apps\Tivoli\lcf\dat\1\cache\lib\w32-ix86\wdusrpcn.exe" "C:\apps\Tivoli\swdis\1\wdusrpcn.env" "Synchronization Manager"=mobsync.exe /logon R0 avgntmgr;avgntmgr;C:\WINNT\system32\DRIVERS\avgntmgr.sys [07-07-18 14:21 ] R1 avgntdd;avgntdd;C:\WINNT\system32\DRIVERS\avgntdd.sys [07-08-09 13:03 ] R1 TGrab;Tivoli Remote Control Text Grabber;C:\WINNT\system32\drivers\TGrab.sys [03-04-11 09:05 ] R1 TPPWR;TPPWR;C:\WINNT\system32\drivers\Tppwr.sys [03-01-17 01:32 ] R2 MouEx2;Tivoli Remote Control Pointer Filter;C:\WINNT\system32\drivers\MouEx2.sys [03-04-11 09:05 ] R2 TME10RC;Tivoli Remote Control Service;C:\WINNT\RCSERV.EXE [03-04-11 09:05 ] R3 Eqnmirdd;Eqnmirdd;C:\WINNT\system32\DRIVERS\Eqnmirdd.sys [03-04-11 09:05 ] R3 fhlppppoe;PPPOE/ADSL miniport;C:\WINNT\system32\DRIVERS\fhlpppoe.sys [02-11-21 16:35 ] R3 KeyEx2;Tivoli Remote Control Keyboard Filter;C:\WINNT\system32\drivers\KeyEx2.sys [03-04-11 09:05 ] R3 Tp4Track;IBM PS/2 TrackPoint Driver;C:\WINNT\system32\DRIVERS\tp4track.sys [02-07-16 09:07 ] S2 IPSECEXT;Nortel Extranet Access Protocol;C:\WINNT\system32\DRIVERS\ipsecw2k.sys [] S2 lcfd;Tivoli Endpoint;"C:\apps\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE" [] S3 Eacfilt;Eacfilt Miniport;C:\WINNT\system32\DRIVERS\eacfilt.sys [] S3 FireProx;%pgpnetMP_Desc%;C:\WINNT\system32\DRIVERS\fireprox.sys [] S3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINNT\system32\DRIVERS\ipsecw2k.sys [] S3 nvcoaft5;nvcoaft5;C:\VIRUSfighter\Nvc\bin\nvcoaft5.sys [] S3 usb_rndisy;USB RNDIS Adapter;C:\WINNT\system32\DRIVERS\usb8023y.sys [05-10-25 09:02 ] . Contents of the 'Scheduled Tasks' folder "2007-06-15 18:02:40 C:\WINNT\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2006-09-11 06:40:49 C:\WINNT\Tasks\BMMTask.job" - C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE "2008-03-03 11:29:38 C:\WINNT\Tasks\Uniblue SpyEraser Nag.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe "2008-03-01 13:09:32 C:\WINNT\Tasks\Uniblue SpyEraser.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-10 21:03:36 Windows 5.0.2195 Service Pack 4 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "E:\\"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe" . ------------------------ Other Running Processes ------------------------ . C:\WINNT\System32\ibmpmsvc.exe C:\Program Files\a-squared Anti-Malware\a2service.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\system32\hidserv.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe . ************************************************************************** . Completion time: 2008-03-10 21:05:46 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-10 20:05:41 ComboFix2.txt 2008-03-10 13:48:45 et voilà le HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:07:30, on 10/03/2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\ibmpmsvc.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\a-squared Anti-Malware\a2service.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\system32\hidserv.exe C:\WINNT\RCSERV.EXE C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINNT\explorer.exe C:\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.kodak.com:81/proxy.pac R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [E:\] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - .DEFAULT Startup: ieproxychk.bat (User 'Default user') O4 - .DEFAULT Startup: userdata.bat (User 'Default user') O4 - .DEFAULT User Startup: ieproxychk.bat (User 'Default user') O4 - .DEFAULT User Startup: userdata.bat (User 'Default user') O4 - Global Startup: Collect Most Frequent Userid.lnk.disabled O4 - Global Startup: McAfee Desktop Firewall Tray.lnk.disabled O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O14 - IERESET.INF: START_PAGE_URL=http://home.kodak.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fr.kodak.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fr.kodak.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fr.kodak.com O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: McAfee Alert Manager (AlertManager) - McAfee Division of Network Associates, Inc. - C:\Program Files\Network Associates\Alert Manager\amgrsrvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: IBM PM Service (IBMPMSVC) - IBM Corp. - C:\WINNT\System32\ibmpmsvc.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner - C:\apps\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE (file missing) O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: Norman ZANDA - Unknown owner - C:\VIRUSfighter\Npm\Bin\Zanda.exe (file missing) O23 - Service: Tivoli Remote Control Service (TME10RC) - TIVOLI Systems - C:\WINNT\RCSERV.EXE -- End of file - 5874 bytes Merci de tes lumières, dans la nuit...

Je dois m'absenter. Je ne pourrai faire cela que ce soir. A tout à l'heure. merci de ton attention et de ton temps. On progresse, on progresse...

ComboFix 08-03-09.4 - EKAdmin 10/03/2008 14:41:19.1 - NTFSx86 Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\Program Files\vsadd-in C:\WINNT\Web\default.htt ----- BITS: Possible infected sites ----- hxxp://patssus01.ekc2.ekc.kodak.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_MMUPDATE -------\LEGACY_WINCOM32 -------\mmupdate ((((((((((((((((((((((((( Files Created from 2008-02-10 to 2008-03-10 ))))))))))))))))))))))))))))))) . 2008-03-10 14:21 . 08-03-10 14:21 <DIR> d-------- C:\VundoFix Backups 2008-03-10 12:17 . 08-03-10 12:17 <DIR> d-------- C:\WINNT\ERUNT 2008-03-10 11:48 . 08-03-10 12:52 <DIR> d-------- C:\SDFix 2008-03-10 11:46 . 08-03-10 11:46 <DIR> d-------- C:\_OTMoveIt 2008-03-09 17:57 . 08-03-09 17:57 <DIR> d-------- C:\Program Files\Avira 2008-03-09 17:57 . 08-03-09 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-03-08 13:52 . 08-03-08 13:51 691,545 --a------ C:\WINNT\unins000.exe 2008-03-08 13:52 . 08-03-08 13:52 2,547 --a------ C:\WINNT\unins000.dat 2008-03-05 07:59 . 08-03-10 11:25 <DIR> d-------- C:\Hijackthis 2008-03-04 20:00 . 08-03-05 07:30 <DIR> d-------- C:\Program Files\a-squared Anti-Malware 2008-03-04 19:47 . 08-03-04 19:47 <DIR> d-------- C:\Program Files\ToniArts 2008-03-03 14:07 . 08-03-03 14:07 0 --a------ C:\WINNT\3 2008-03-01 14:21 . 08-03-03 12:33 <DIR> d-------- C:\Program Files\Defenza 2008-03-01 14:21 . 96-08-20 20:37 15,840 --a------ C:\WINNT\system32\Machnm1.exe 2008-03-01 14:21 . 05-09-25 16:37 5,632 --a------ C:\WINNT\system32\Machnm64.sys 2008-03-01 14:21 . 08-03-01 14:21 3,120 --a------ C:\WINNT\system32\118290.54 2008-03-01 14:21 . 08-03-01 14:21 3,120 --a------ C:\WINNT\118294.78 2008-03-01 14:21 . 03-08-13 00:27 2,304 --a------ C:\WINNT\system32\Machnm32.sys 2008-03-01 14:08 . 08-03-01 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue 2008-03-01 13:50 . 08-03-01 14:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue 2008-03-01 13:42 . 08-03-01 13:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ItsLabel . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-08 12:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-08 12:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-03-07 19:14 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AdobeUM 2008-03-04 18:47 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-04 18:47 --------- d---a-w C:\Program Files\Common Files\InstallShield 2008-01-21 09:59 --------- d-----w C:\Program Files\Trend Micro 2008-01-21 09:51 102,664 ----a-w C:\WINNT\system32\drivers\tmcomm.sys 2003-09-01 08:38 832 ----a-w C:\Program Files\INSTALL.LOG 2002-01-08 19:10 271 ---ha-w C:\Program Files\desktop.ini 2002-01-08 19:10 21,952 ---ha-w C:\Program Files\folder.htt 1999-12-07 12:00 32,528 -c--a-w C:\WINNT\inf\wbfirdma.sys 2007-02-09 07:54 501,605 -csh--w C:\WINNT\system32\xwvyb.bak1 2007-02-11 18:02 502,836 --sh--w C:\WINNT\system32\xwvyb.bak2 2007-02-11 08:06 508,108 -csh--w C:\WINNT\system32\xwvyb.ini2 . ------- Sigcheck ------- 01-05-08 01:00 7952 1206706a25c5b32652b4f465ede330e9 C:\WINNT\system32\svchost.exe 99-12-07 13:00 7952 9e64ad53cfd9da2d22e8a924f8c6e62c C:\WINNT\system32\dllcache\svchost.exe 03-06-19 11:05 181008 3980c28d116d438bbb36fb38526fde1a C:\WINNT\ServicePackFiles\i386\winlogon.exe 05-06-03 11:25 191248 5b5c3a13997c536c1ea1956ac7a41db8 C:\WINNT\system32\WINLOGON.EXE 03-06-19 17:05 181008 3980c28d116d438bbb36fb38526fde1a C:\WINNT\system32\dllcache\WINLOGON.EXE 03-06-19 11:05 1694080 541daef38c9c82541690aa7e6f52f654 C:\WINNT\ServicePackFiles\i386\ntkrnlpa.exe 07-03-06 05:03 1717056 12e5366b7d7eac583309cdada766b2e9 C:\WINNT\system32\NTKRNLPA.EXE 03-06-19 11:05 1719056 61a2dcfce1abf5340d2128e45b5f52b7 C:\WINNT\ServicePackFiles\i386\ntoskrnl.exe 07-03-06 05:03 1694400 a7ac10f8cea3d5d48e8a38f09462c448 C:\WINNT\system32\NTOSKRNL.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ] "E:\"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [08-03-10 07:06 249896] "Synchronization Manager"="mobsync.exe" [03-06-19 11:05 111376 C:\WINNT\system32\mobsync.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "internat.exe"="internat.exe" [01-05-08 01:00 20752 C:\WINNT\system32\internat.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 17:05 186640] C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ ieproxychk.bat [2003-11-17 15:47:06 214] userdata.bat [2001-09-04 21:41:19 251] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Collect Most Frequent Userid.lnk.disabled [2004-04-16 17:13:38 496] McAfee Desktop Firewall Tray.lnk.disabled [2004-04-16 17:13:38 745] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "disablecad"= 0 (0x0) "RunLogonScriptSync"= 0 (0x0) "RunStartupScriptSync"= 1 (0x1) "SynchronousMachineGroupPolicy"= 1 (0x1) "SynchronousUserGroupPolicy"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoToolbarCustomize"= 0 (0x0) "NoBandCustomize"= 0 (0x0) "NoMSAppLogo5ChannelNotify"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "Btn_Back"= 0 (0x0) "Btn_Forward"= 0 (0x0) "Btn_Stop"= 0 (0x0) "Btn_Refresh"= 0 (0x0) "Btn_Home"= 0 (0x0) "Btn_Search"= 0 (0x0) "Btn_History"= 0 (0x0) "Btn_Favorites"= 0 (0x0) "Btn_Folders"= 0 (0x0) "Btn_Fullscreen"= 0 (0x0) "Btn_Tools"= 0 (0x0) "Btn_MailNews"= 0 (0x0) "Btn_Size"= 0 (0x0) "Btn_Print"= 0 (0x0) "Btn_Edit"= 0 (0x0) "Btn_Discussions"= 0 (0x0) "Btn_Cut"= 0 (0x0) "Btn_Copy"= 0 (0x0) "Btn_Paste"= 0 (0x0) "Btn_Encoding"= 0 (0x0) "Btn_PrintPreview"= 0 (0x0) "NoFavoritesMenu"= 0 (0x0) "NoLogoff"= 0 (0x0) "EnforceShellExtensionSecurity"= 0 (0x0) "NoDeletePrinter"= 0 (0x0) "NoAddPrinter"= 0 (0x0) "NoPrinterTabs"= 0 (0x0) "Btn_Media"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ActiveSync] WcesWlgn.dll 05-11-15 19:44 7168 C:\WINNT\system32\WcesWlgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byvwx] C:\WINNT\system32\byvwx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxwvvs] cbxwvvs.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 TivoliAP [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "AGRSMMSG"=AGRSMMSG.exe "dla"=C:\WINNT\system32\dla\tfswctrl.exe "lcfep"="C:\apps\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe" -x "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey "pdfFactory Dispatcher v1"=C:\WINNT\System32\spool\DRIVERS\W32X86\2\fppdis1.exe "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe "SwdisUsrPCN.patwlc5528"="C:\apps\Tivoli\lcf\dat\1\cache\lib\w32-ix86\wdusrpcn.exe" "C:\apps\Tivoli\swdis\1\wdusrpcn.env" "Synchronization Manager"=mobsync.exe /logon R0 avgntmgr;avgntmgr;C:\WINNT\system32\DRIVERS\avgntmgr.sys [07-07-18 14:21 ] R1 avgntdd;avgntdd;C:\WINNT\system32\DRIVERS\avgntdd.sys [07-08-09 13:03 ] R1 TGrab;Tivoli Remote Control Text Grabber;C:\WINNT\system32\drivers\TGrab.sys [03-04-11 09:05 ] R1 TPPWR;TPPWR;C:\WINNT\system32\drivers\Tppwr.sys [03-01-17 01:32 ] R2 MouEx2;Tivoli Remote Control Pointer Filter;C:\WINNT\system32\drivers\MouEx2.sys [03-04-11 09:05 ] R2 TME10RC;Tivoli Remote Control Service;C:\WINNT\RCSERV.EXE [03-04-11 09:05 ] R3 Eqnmirdd;Eqnmirdd;C:\WINNT\system32\DRIVERS\Eqnmirdd.sys [03-04-11 09:05 ] R3 fhlppppoe;PPPOE/ADSL miniport;C:\WINNT\system32\DRIVERS\fhlpppoe.sys [02-11-21 16:35 ] R3 KeyEx2;Tivoli Remote Control Keyboard Filter;C:\WINNT\system32\drivers\KeyEx2.sys [03-04-11 09:05 ] R3 Tp4Track;IBM PS/2 TrackPoint Driver;C:\WINNT\system32\DRIVERS\tp4track.sys [02-07-16 09:07 ] S2 aswMon;avast! Standard Shield Support;C:\WINNT\system32\drivers\aswMon.sys [07-04-18 17:12 ] S2 EKInst;EKInstaller;C:\WINNT\SYSTEM32\srvany.exe [] S2 IPSECEXT;Nortel Extranet Access Protocol;C:\WINNT\system32\DRIVERS\ipsecw2k.sys [] S2 lcfd;Tivoli Endpoint;"C:\apps\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE" [] S2 MsaSvc;Microsoft authenticate service;C:\WINNT\system32\msasvc.exe [] S2 mside;Microsoft Sata emulation;"C:\WINNT\system\mside.exe" [] S2 Ndiskio;Ndiskio;C:\VIRUSfighter\Nse\bin\NDISKIO.SYS [] S2 wsmv;wsmv(wsmv);"C:\WINNT\system32\wmsv.exe" [] S3 Eacfilt;Eacfilt Miniport;C:\WINNT\system32\DRIVERS\eacfilt.sys [] S3 FireProx;%pgpnetMP_Desc%;C:\WINNT\system32\DRIVERS\fireprox.sys [] S3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINNT\system32\DRIVERS\ipsecw2k.sys [] S3 nvcfsr;nvcfsr;C:\VIRUSfighter\Nvc\bin\nvcfsr.sys [] S3 nvcoafl5;nvcoafl5;C:\VIRUSfighter\Nvc\bin\nvcoafl5.sys [] S3 nvcoaft5;nvcoaft5;C:\VIRUSfighter\Nvc\bin\nvcoaft5.sys [] S3 nvcoarc5;nvcoarc5;C:\VIRUSfighter\Nvc\bin\nvcoarc5.sys [] S3 nvcoas;Norman Virus Control on-access component;C:\VIRUSfighter\Nvc\bin\nvcoas.exe [] S3 NVCScheduler;Norman Virus Control Scheduler;C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE [] S3 usb_rndisy;USB RNDIS Adapter;C:\WINNT\system32\DRIVERS\usb8023y.sys [05-10-25 09:02 ] *Newly Created Service* - IPNAT *Newly Created Service* - RASAUTO *Newly Created Service* - SHAREDACCESS . Contents of the 'Scheduled Tasks' folder "2007-06-15 18:02:40 C:\WINNT\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2006-09-11 06:40:49 C:\WINNT\Tasks\BMMTask.job" - C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE "2008-03-03 11:29:38 C:\WINNT\Tasks\Uniblue SpyEraser Nag.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe "2008-03-01 13:09:32 C:\WINNT\Tasks\Uniblue SpyEraser.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-10 14:46:39 Windows 5.0.2195 Service Pack 4 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "E:\\"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EKInst] "ImagePath"=multi:"C:\WINNT\SYSTEM32\srvany.exe\00\00" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EKInst] "ImagePath"=multi:"C:\WINNT\SYSTEM32\srvany.exe\00\00" . ------------------------ Other Running Processes ------------------------ . C:\WINNT\System32\ibmpmsvc.exe C:\Program Files\a-squared Anti-Malware\a2service.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\system32\hidserv.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe . ************************************************************************** . Completion time: 2008-03-10 14:48:44 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-10 13:48:40

le rapport est vierge. les dernières invites ne sont pas "sorties"...

Le rapport OTM: C:\WINNT\web\related.htm moved successfully. File/Folder C:\Program Files\EoRezo not found. [Custom Input] < EmptyTemp > Temp folders emptied. IE temp folders emptied. OTMoveIt2 v1.0.20 log created on 03102008_114602 Le rapport Orphservices: Services with missing ImagePath value -------------------------------------- None found Le rapport SDFIX: SDFix: Version 1.155 Run by EKAdmin on lun. 10/03/2008 at 12:41 Microsoft Windows 2000 [Version 5.00.2195] Running From: C:\SDFix Checking Services : Name: DLLHOST32 usbpda Path: "C:\WINNT\system\dllhost.exe" %SystemRoot%\System32\svchost.exe -k netsvcs DLLHOST32 - Deleted usbpda - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\-79662~1 - Deleted C:\Documents and Settings\Administrator\Application Data\Install.dat - Deleted C:\WINNT\system32\kr_done1 - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-10 12:47:51 Windows 5.0.2195 Service Pack 4 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ActiveSync] @="" "Lock"="WLEventLock" "Unlock"="WLEventUnlock" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 "DllName"="WcesWlgn.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byvwx] "Asynchronous"=dword:00000001 "DllName"="C:\WINNT\system32\byvwx.dll" "Impersonate"=dword:00000000 "Startup"="SysLogon" "Logoff"="SysLogoff" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbxwvvs] "Asynchronous"=dword:00000001 "DllName"="cbxwvvs.dll" "Impersonate"=dword:00000000 "Logon"="Logon" "Logoff"="Logoff" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=str(2):"crypt32.dll" "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=str(2):"cryptnet.dll" "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\origami] "a"="4992913023505517" "b"=dword:0000000b "DllName"="C:\WINNT\system32\cfgldr.dll" "Startup"="DllName" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=str(2):"sclgntfy.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] "DLLName"="wzcdlg.dll" "Logon"="WZCEventLogon" "Logoff"="WZCEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000000 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Fri 9 Feb 2007 501,605 ..SH. --- "C:\WINNT\system32\xwvyb.bak1" Sun 11 Feb 2007 502,836 ..SH. --- "C:\WINNT\system32\xwvyb.bak2" Sun 26 Nov 2006 24,576 ...H. --- "C:\DATA\USERS\EKADMIN\~WRL0999.tmp" Sun 26 Nov 2006 25,088 ...H. --- "C:\DATA\USERS\EKADMIN\~WRL1105.tmp" Sun 26 Nov 2006 25,600 ...H. --- "C:\DATA\USERS\EKADMIN\~WRL2102.tmp" Tue 16 Jan 2007 23,552 ...H. --- "C:\DATA\USERS\EKADMIN\~WRL2882.tmp" Sun 26 Nov 2006 25,088 ...H. --- "C:\DATA\USERS\EKADMIN\~WRL3640.tmp" Sun 26 Nov 2006 25,600 ...H. --- "C:\DATA\USERS\EKADMIN\~WRL3894.tmp" Tue 6 May 2003 20,480 ...H. --- "C:\DATA\USERS\P15750\~WRL0003.tmp" Thu 15 May 2003 43,008 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe" Finished! Merci

run this .bat ça marche aussi? je n'ai pas run this .cmd...

Ca a marché avec le second lien. Voici le rapport "vert" OTM: C:\WINNT\web\related.htm moved successfully. File/Folder C:\Program Files\EoRezo not found. [Custom Input] < EmptyTemp > Temp folders emptied. IE temp folders emptied. OTMoveIt2 v1.0.20 log created on 03102008_114602

J'ai fait le nécessaire pour HJT. Mais pas moyen de télécharger Oldtimer. J'ai fait plusieurs essais avec ce lien et d'autre, invariablement la réponse est: erreur de chargement de la page... Que faire?

Et voilà, corbeille vidée, quarantaine également. Résultat: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:44:57, on 10/03/2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\ibmpmsvc.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\a-squared Anti-Malware\a2service.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\system32\hidserv.exe C:\WINNT\system32\MSTask.exe C:\WINNT\RCSERV.EXE C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINNT\System32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =http://home.kodak.com/categories/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.google.fr/ R1 - HKLM\Software\Microsoft\InternetExplorer\Main,Default_Page_URL = http://home.kodak.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =Microsoft Internet Explorer provided by Eastman Kodak R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\InternetSettings,AutoConfigURL = http://proxy.kodak.com:81/proxy.pac R0 - HKCU\Software\Microsoft\InternetExplorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {2B937E95-F9A9-D620-E5AE-001B0F1D0089} -(no file) O2 - BHO: (no name) - {33FE8D24-899D-4413-BFDC-7FCA165C35DF} -(no file) O2 - BHO: Spybot-S&D IE Protection -{53707962-6F74-2D53-2644-206D7942484F} - C:\ProgramFiles\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} -C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing) O2 - BHO: (no name) - {76E3BB9E-124A-4077-8A61-8C00FA112689} -(no file) O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVirPersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\ProgramFiles\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [E:\] C:\Program Files\Spybot - Search &Destroy\TeaTimer.exe O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Defaultuser') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\ProgramFiles\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User'Defaultuser') O4 - .DEFAULT Startup: ieproxychk.bat (User 'Default user') O4 - .DEFAULT Startup: userdata.bat (User 'Default user') O4 - .DEFAULT User Startup: ieproxychk.bat (User 'Default user') O4 - .DEFAULT User Startup: userdata.bat (User 'Default user') O4 - Global Startup: Collect Most Frequent Userid.lnk.disabled O4 - Global Startup: McAfee Desktop Firewall Tray.lnk.disabled O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictionspresent O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\ControlPanel present O9 - Extra button: (no name) -{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\ProgramFiles\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) -{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\ProgramFiles\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite -{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) -{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... -{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a}- C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links -{c95fe080-8f5d-11d2-a20b-00aa003c157a} -C:\WINNT\web\related.htm O9 - Extra button: (no name) -{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ProgramFiles\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration -{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ProgramFiles\Spybot - Search&Destroy\SDHelper.dll O14 - IERESET.INF: START_PAGE_URL=http://home.kodak.com O15 - Trusted Zone: http://www.chemicaldata.com O15 - Trusted Zone: http://www.ctadvantage.com O15 - Trusted Zone: http://rj.culturainglesaonline.com O15 - Trusted Zone: http://ehlfod41.eloquent.com O15 - Trusted Zone: http://helpcenter.eloquent.com O15 - Trusted Zone: http://www.ibm.com O15 - Trusted Zone: http://www.masconnexion.com O15 - Trusted Zone: http://www.progressivesecure.co.nz O15 - Trusted Zone: http://www.chemicaldata.com (HKLM) O15 - Trusted Zone: http://www.ctadvantage.com (HKLM) O15 - Trusted Zone: http://rj.culturainglesaonline.com (HKLM) O15 - Trusted Zone: http://ehlfod41.eloquent.com (HKLM) O15 - Trusted Zone: http://helpcenter.eloquent.com (HKLM) O15 - Trusted Zone: http://www.ibm.com (HKLM) O15 - Trusted Zone: http://www.masconnexion.com (HKLM) O15 - Trusted Zone: http://www.progressivesecure.co.nz (HKLM) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =fr.kodak.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =fr.kodak.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =fr.kodak.com O21 - SSODL: SysRun - {D7FFD784-5276-42D1-887B-00267870A4C7} -(no file) O21 - SSODL: ryrnIRTumoBEcS -{D08465A7-7A2E-CF0D-4440-B0FEB1D835A5} - (no file) O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - EmsiSoftware GmbH - C:\Program Files\a-squaredAnti-Malware\a2service.exe O23 - Service: McAfee Alert Manager (AlertManager) - McAfee Divisionof Network Associates, Inc. - C:\Program Files\NetworkAssociates\Alert Manager\amgrsrvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler(AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVirPersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) -Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEditionClassic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner -C:\WINNT\System32\Ati2evxx.exe O23 - Service: Windows Host Services (DLLHOST32) - Unknown owner -C:\WINNT\system\dllhost.exe (file missing) O23 - Service: Logical Disk Manager Administrative Service (dmadmin) -VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: EKInstaller (EKInst) - Unknown owner -C:\WINNT\SYSTEM32\srvany.exe (file missing) O23 - Service: IBM PM Service (IBMPMSVC) - IBM Corp. -C:\WINNT\System32\ibmpmsvc.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\ProgramFiles\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - EastmanKodak Company - C:\WINNT\system32\drivers\KodakCCS.exe O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner -C:\apps\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE (file missing) O23 - Service: McAfee Framework Service (McAfeeFramework) -McAfee, Inc. - C:\Program Files\Network Associates\CommonFramework\FrameworkService.exe O23 - Service: Network Associates Task Manager (McTaskManager) -Network Associates, Inc. - C:\Program Files\NetworkAssociates\VirusScan\vstskmgr.exe O23 - Service: Macromedia Updater (mmupdate) - Unknown owner -C:\WINNT\TEMP\C.tmp (file missing) O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner- C:\WINNT\system32\msasvc.exe (file missing) O23 - Service: Microsoft Sata emulation (mside) - Unknown owner -C:\WINNT\system\mside.exe (file missing) O23 - Service: Norman ZANDA - Unknown owner -C:\VIRUSfighter\Npm\Bin\Zanda.exe (file missing) O23 - Service: Norman Virus Control on-access component (nvcoas) -Unknown owner - C:\VIRUSfighter\Nvc\bin\nvcoas.exe (file missing) O23 - Service: Norman Virus Control Scheduler (NVCScheduler) -Unknown owner - C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE (filemissing) O23 - Service: Tivoli Remote Control Service (TME10RC) - TIVOLISystems - C:\WINNT\RCSERV.EXE O23 - Service: wsmv(wsmv) (wsmv) - Unknown owner -C:\WINNT\system32\wmsv.exe (file missing) -- End of file - 8362 bytes

Yes Madame!!!

Et voici le HJT report... AntiVir PersonalEdition Classic Report file date: dimanche 9 mars 2008 20:08 Scanning for 835736 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows 2000 Windows version: (Service Pack 4) [5.0.2195] Username: EKAdmin Computer name: patwlc5528 Version information: BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 8/14/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 14:27:15 ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 9/13/2007 14:26:55 ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 9/13/2007 14:27:04 ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 9/13/2007 14:27:13 AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 9/17/2007 17:43:56 AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 13:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 8/3/2007 08:46:00 AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: E:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: dimanche 9 mars 2008 20:08 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'mspmspsv.exe' - '1' Module(s) have been scanned Scan process 'WinMgmt.exe' - '1' Module(s) have been scanned Scan process 'RCSERV.EXE' - '1' Module(s) have been scanned Scan process 'mstask.exe' - '1' Module(s) have been scanned Scan process 'hidserv.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'a2service.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ibmpmsvc.exe' - '1' Module(s) have been scanned Scan process 'LSASS.EXE' - '1' Module(s) have been scanned Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned Scan process 'SMSS.EXE' - '1' Module(s) have been scanned 26 processes with 26 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '5' files ). Starting the file scan: Begin scan in 'C:\' <LOCALDISK> C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip [DETECTION] Contains suspicious code HEUR/PwdZIP [iNFO] The file was moved to '483d38bf.qua'! C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\YH0QJAWY\installer[1].exe [DETECTION] Is the Trojan horse TR/Drop.Agent.79360 [iNFO] The file was moved to '484738cd.qua'! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\D2htls32.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Descr.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\elogger.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\elogger.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\elogsvc.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Licwiz.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Lnq.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Ndfedit.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nerrors.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\ninfo.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\niu.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\niulang.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Njeeves.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Njev_Npt.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Njev_Pwr.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Noemrc.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Npipe.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Npt.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptbin.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptevlg2.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptndesk.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptndpip.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptpipx.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptpop.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptsms.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptsmtp.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptsnmp.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptxmit.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\nren.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\NupdEx.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nvccf.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nvccf0.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nvccf0f.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nvccf0g.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nvccf0h.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nvccf0o.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nvccf0q.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nvcevlog.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\nwscl.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\PsapiNT4.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Zanda.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Zlh.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Zlhapi.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Zlh_npm.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nse\Bin\ncl.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nse\Bin\Ncm.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nse\Bin\Ndiskio.sys [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nse\Bin\Nse.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nse\Bin\Nse_w32.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nse\Bin\zlh_nse.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\CClaw.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Delnvc5.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Ndlg.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nfshook.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nip.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Niphk.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Njev_nfo.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nlog5.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Noemrc.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Npipe.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\NupdEx.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcc.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvccf0A.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvccf0B.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvccf0C.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvccf0D.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvccf0E.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvccf0I.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvccx.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcevlog.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcfsr.sys [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcioctl.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\nvcmflt.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoa.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoafl4.sys [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoafl5.sys [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoafl51.sys [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoaft4.sys [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoaft5.sys [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoaft51.sys [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoarc4.sys [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoarc5.sys [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoarc51.sys [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoas.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcod.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcodrc.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcsched.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcse.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcte.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcte0.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcte0A.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcut.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcut0.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcut0A.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcut0B.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcut0E.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\nvcv32mf.sys [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\nvcv64mf.sys [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\nvcw32mf.sys [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\nvcw64mf.sys [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Zanda.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Zlh.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Zlhapi.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Zlh_nvc.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Qtn\Bin\D2htls32.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Qtn\Bin\Njev_Qtn.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Qtn\Bin\nqtn.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Qtn\Bin\nqtn.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Qtn\Bin\Nvccf0p.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Qtn\Bin\zlh_qtn.dll [WARNING] The file could not be opened! Begin scan in 'D:\' Begin scan in 'E:\' Search path E:\ could not be opened! Le périphérique n'est pas prêt. End of the scan: dimanche 9 mars 2008 21:55 Used time: 1:46:24 min The scan has been done completely. 4023 Scanning directories 1229125 Files were scanned 1 viruses and/or unwanted programs were found 1 Files were classified as suspicious: 0 files were deleted 0 files were repaired 2 files were moved to quarantine 0 files were renamed 111 Files cannot be scanned 1229124 Files not concerned 4587 Archives were scanned 111 Warnings 0 Notes J'aime assez la remarque "virus truc"...!

Alors, j'ai fait le nécessaire au niveau présentation... Voici le rapport Avira. AntiVir PersonalEdition Classic Report file date: dimanche 9 mars 2008 20:08 Scanning for 835736 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows 2000 Windows version: (Service Pack 4) [5.0.2195] Username: EKAdmin Computer name: patwlc5528 Version information: BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 8/14/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 14:27:15 ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 9/13/2007 14:26:55 ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 9/13/2007 14:27:04 ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 9/13/2007 14:27:13 AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 9/17/2007 17:43:56 AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 13:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 8/3/2007 08:46:00 AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: E:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: dimanche 9 mars 2008 20:08 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'mspmspsv.exe' - '1' Module(s) have been scanned Scan process 'WinMgmt.exe' - '1' Module(s) have been scanned Scan process 'RCSERV.EXE' - '1' Module(s) have been scanned Scan process 'mstask.exe' - '1' Module(s) have been scanned Scan process 'hidserv.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'a2service.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ibmpmsvc.exe' - '1' Module(s) have been scanned Scan process 'LSASS.EXE' - '1' Module(s) have been scanned Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned Scan process 'SMSS.EXE' - '1' Module(s) have been scanned 26 processes with 26 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '5' files ). Starting the file scan: Begin scan in 'C:\' <LOCALDISK> C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip [DETECTION] Contains suspicious code HEUR/PwdZIP [iNFO] The file was moved to '483d38bf.qua'! C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\YH0QJAWY\installer[1].exe [DETECTION] Is the Trojan horse TR/Drop.Agent.79360 [iNFO] The file was moved to '484738cd.qua'! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\D2htls32.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Descr.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\elogger.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\elogger.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\elogsvc.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Licwiz.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Lnq.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Ndfedit.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nerrors.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\ninfo.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\niu.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\niulang.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Njeeves.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Njev_Npt.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Njev_Pwr.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Noemrc.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Npipe.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Npt.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptbin.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptevlg2.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptndesk.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptndpip.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptpipx.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptpop.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptsms.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptsmtp.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptsnmp.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nptxmit.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\nren.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\NupdEx.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nvccf.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nvccf0.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nvccf0f.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nvccf0g.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nvccf0h.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nvccf0o.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nvccf0q.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Nvcevlog.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\nwscl.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\PsapiNT4.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Zanda.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Zlh.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Zlhapi.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\npm\bin\Zlh_npm.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nse\Bin\ncl.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nse\Bin\Ncm.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nse\Bin\Ndiskio.sys [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nse\Bin\Nse.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nse\Bin\Nse_w32.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nse\Bin\zlh_nse.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\CClaw.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Delnvc5.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Ndlg.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nfshook.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nip.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Niphk.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Njev_nfo.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nlog5.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Noemrc.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Npipe.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\NupdEx.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcc.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvccf0A.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvccf0B.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvccf0C.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvccf0D.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvccf0E.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvccf0I.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvccx.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcevlog.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcfsr.sys [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcioctl.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\nvcmflt.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoa.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoafl4.sys [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoafl5.sys [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoafl51.sys [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoaft4.sys [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoaft5.sys [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoaft51.sys [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoarc4.sys [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoarc5.sys [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoarc51.sys [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcoas.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcod.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcodrc.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcsched.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcse.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcte.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcte0.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcte0A.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcut.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcut0.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcut0A.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcut0B.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Nvcut0E.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\nvcv32mf.sys [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\nvcv64mf.sys [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\nvcw32mf.sys [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\nvcw64mf.sys [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Zanda.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Zlh.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Zlhapi.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Nvc\Bin\Zlh_nvc.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Qtn\Bin\D2htls32.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Qtn\Bin\Njev_Qtn.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Qtn\Bin\nqtn.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Qtn\Bin\nqtn.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Qtn\Bin\Nvccf0p.dll [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-21-295725379-573063237-2090404751-500\Dc9\Qtn\Bin\zlh_qtn.dll [WARNING] The file could not be opened! Begin scan in 'D:\' Begin scan in 'E:\' Search path E:\ could not be opened! Le périphérique n'est pas prêt. End of the scan: dimanche 9 mars 2008 21:55 Used time: 1:46:24 min The scan has been done completely. 4023 Scanning directories 1229125 Files were scanned 1 viruses and/or unwanted programs were found 1 Files were classified as suspicious: 0 files were deleted 0 files were repaired 2 files were moved to quarantine 0 files were renamed 111 Files cannot be scanned 1229124 Files not concerned 4587 Archives were scanned 111 Warnings 0 Notes Je poste le rapport HJT ensuite. A propos, il fait quel temps en BeZeh?

J'ai oublié des lignes? Pourtant j'ai fais un copié collé... Ok pour le scan et le rapport. Pour le HJT, il faut que je ferme firefox avant de l'effectuer ou pas?

Bonjour, alors: voici les copier/coller des .bat @echo off if not exist "c:\winnt\temp\ieproxychk.exe" exit if exist C:\KIP\TOOLS\sleep.exe C:\KIP\TOOLS\sleep.exe 5 c:\winnt\temp\ieproxychk.exe del /q "%USERPROFILE%\STARTM~1\Programs\Startup\ieproxychk.bat" @echo off echo ... Making Data Directories ... mkdir %SystemDrive%\DATA\USERS\%USERNAME% xcacls %SystemDrive%\DATA\USERS\%USERNAME% /y /p "creator owner":f system:f %username%:f erase /q "%USERPROFILE%\Start Menu\Programs\Startup\userdata.bat" En revanche, je ne trouve pas celui ci: DEFAULT User Startup: ieproxychk.bat, celui qui est dans ma session. J'ai désinstallé Virus fighter. Et voici le rapport HJT demandé: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:36:33, on 09/03/2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\ibmpmsvc.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\a-squared Anti-Malware\a2service.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\system32\hidserv.exe C:\WINNT\system32\MSTask.exe C:\WINNT\RCSERV.EXE C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINNT\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.kodak.com/categories/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.kodak.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Eastman Kodak R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.kodak.com:81/proxy.pac R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {2B937E95-F9A9-D620-E5AE-001B0F1D0089} - (no file) O2 - BHO: (no name) - {33FE8D24-899D-4413-BFDC-7FCA165C35DF} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing) O2 - BHO: (no name) - {76E3BB9E-124A-4077-8A61-8C00FA112689} - (no file) O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [E:\] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - .DEFAULT Startup: ieproxychk.bat (User 'Default user') O4 - .DEFAULT Startup: userdata.bat (User 'Default user') O4 - .DEFAULT User Startup: ieproxychk.bat (User 'Default user') O4 - .DEFAULT User Startup: userdata.bat (User 'Default user') O4 - Global Startup: Collect Most Frequent Userid.lnk.disabled O4 - Global Startup: McAfee Desktop Firewall Tray.lnk.disabled O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O14 - IERESET.INF: START_PAGE_URL=http://home.kodak.com O15 - Trusted Zone: http://www.chemicaldata.com O15 - Trusted Zone: http://www.ctadvantage.com O15 - Trusted Zone: http://rj.culturainglesaonline.com O15 - Trusted Zone: http://ehlfod41.eloquent.com O15 - Trusted Zone: http://helpcenter.eloquent.com O15 - Trusted Zone: http://www.ibm.com O15 - Trusted Zone: http://www.masconnexion.com O15 - Trusted Zone: http://www.progressivesecure.co.nz O15 - Trusted Zone: http://www.chemicaldata.com (HKLM) O15 - Trusted Zone: http://www.ctadvantage.com (HKLM) O15 - Trusted Zone: http://rj.culturainglesaonline.com (HKLM) O15 - Trusted Zone: http://ehlfod41.eloquent.com (HKLM) O15 - Trusted Zone: http://helpcenter.eloquent.com (HKLM) O15 - Trusted Zone: http://www.ibm.com (HKLM) O15 - Trusted Zone: http://www.masconnexion.com (HKLM) O15 - Trusted Zone: http://www.progressivesecure.co.nz (HKLM) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fr.kodak.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fr.kodak.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fr.kodak.com O21 - SSODL: SysRun - {D7FFD784-5276-42D1-887B-00267870A4C7} - (no file) O21 - SSODL: ryrnIRTumoBEcS - {D08465A7-7A2E-CF0D-4440-B0FEB1D835A5} - (no file) O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: McAfee Alert Manager (AlertManager) - McAfee Division of Network Associates, Inc. - C:\Program Files\Network Associates\Alert Manager\amgrsrvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe O23 - Service: Windows Host Services (DLLHOST32) - Unknown owner - C:\WINNT\system\dllhost.exe (file missing) O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: EKInstaller (EKInst) - Unknown owner - C:\WINNT\SYSTEM32\srvany.exe (file missing) O23 - Service: IBM PM Service (IBMPMSVC) - IBM Corp. - C:\WINNT\System32\ibmpmsvc.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner - C:\apps\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE (file missing) O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: Macromedia Updater (mmupdate) - Unknown owner - C:\WINNT\TEMP\C.tmp (file missing) O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINNT\system32\msasvc.exe (file missing) O23 - Service: Microsoft Sata emulation (mside) - Unknown owner - C:\WINNT\system\mside.exe (file missing) O23 - Service: Norman ZANDA - Unknown owner - C:\VIRUSfighter\Npm\Bin\Zanda.exe (file missing) O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - C:\VIRUSfighter\Nvc\bin\nvcoas.exe (file missing) O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE (file missing) O23 - Service: Tivoli Remote Control Service (TME10RC) - TIVOLI Systems - C:\WINNT\RCSERV.EXE O23 - Service: wsmv(wsmv) (wsmv) - Unknown owner - C:\WINNT\system32\wmsv.exe (file missing) -- End of file - 8408 bytes

Merci. Je fais cela et je remets un HJT Bonne soirée.

Merci de votre avis. Bonne soirée

Je pense qu'il s'agit d'une infection par Trojan. Après toutes les manip recommandées, reste t il quelque chose à faire? merci de me donner votre avis sur le rapport HJT qui doit donner, d'après ce que j'ai compris, une photo à l'instant "t" de ma config.

Merci! En réalité, je cherche un antivirus et un firewall connexe pour win 2000.

Bonjour, afin de nettoyer mon ordi, j'ai suivi le mode opératoire proposé sur le forum. Ce faisant, j'ai installé A-squared. Quel firewall puis-je mettre devant cet anti-malware? Merci de vos avis.

Bonjour, est ce qu'une fois branché en s-vhs, l'image et le son sont gérés par la tv?

Oui, cela s'apparenterait à une notion philosophique de la chose... ZUT! une partie de ma réponse est "entrée" dans le message de base!