galahad97

Bonjour à tous, En essayant d'apprendre un peu plus sur le probleme des virus et autre je suis tombé sur Rootkitrevealer. J'ai fait un scan et voilà ce que ça donne, mais j'ai un peu de mal à l'interpréter. Quequ'un connait il ce programme? rapport: HKU\.DEFAULT\Control Panel\International 28/03/2008 17:22 0 bytes Security mismatch. HKU\.DEFAULT\Control Panel\International\Geo 28/03/2008 17:22 0 bytes Security mismatch. HKU\S-1-5-21-1877743137-3993601192-4060323896-1005\Control Panel\International 28/03/2008 17:22 0 bytes Security mismatch. HKU\S-1-5-21-1877743137-3993601192-4060323896-1005\Control Panel\International\Geo 28/03/2008 17:22 0 bytes Security mismatch. HKU\S-1-5-18\Control Panel\International 28/03/2008 17:22 0 bytes Security mismatch. HKU\S-1-5-18\Control Panel\International\Geo 28/03/2008 17:22 0 bytes Security mismatch. HKLM\SECURITY\Policy\Secrets\SAC* 08/03/2005 07:34 0 bytes Key name contains embedded nulls (*) HKLM\SECURITY\Policy\Secrets\SAI* 08/03/2005 07:34 0 bytes Key name contains embedded nulls (*) C:\Documents and Settings\Anne\Local Settings\Temp\~DFDE4E.tmp 30/05/2008 08:11 16.00 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Anne\Local Settings\Temp\~DFDE5C.tmp 30/05/2008 08:11 512 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Anne\Local Settings\Temporary Internet Files\Content.IE5\NGZQR7CW\CA7KZA0Z.HTM 30/05/2008 08:11 888 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Anne\Local Settings\Temporary Internet Files\Content.IE5\RTH6W1UF\CAFQ9CSW.HTM 30/05/2008 08:15 888 bytes Hidden from Windows API. A+

Bonjour jacmanou, Je vais donc suivre tes directives. je vois qu'il y a pas mal de boulot mais cela m'interesse et je ne suis pas pressé. Je te remercie et @+ amicalement Gal

Bonjour à tous, je souhaiterai m'informer et me former à l'eradication de virus et autres bestioles qui grouillent ici et là. qui peut m'indiquer un tuto ou autre moyen de déchiffrer un rapport HJT pour demarer? cordialement Gal

Salut wullf, je l'attendais, elle n'a pas tardé à venir. Il a demandé un scan du disque dur, alors je lui ai indiqué comment le faire sans prendre de risque vu qu'il n'a pas d'antivirus. on ne sait pas d'où vient le problème. je vois pas où ai le probleme. A+

Bonsoir, Tu n'a pas d'antivirus alors scan ton disque en solo. C'est assez simple. Si tu as XP ,tu vas dans "demarer" , "tous les programmes" Tu choisis "accessoires" et ensuite "invite de commande" Là tu tapes "chkdsk" et entrer Le reste se fera tout seul. Cordialement Gal

bon, c'est bien comme ça alors. Pour la suite c'est quand tu peux, y a pas le feu! Bye Pat

Ok, ccleaner fait sans probleme. La barre a bien disparu dans IE mais elle est toujours presente dans "ajout suppression des prog" A demain

RAPPORT OTMOVE: C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858 moved successfully. C:\Program Files\Google\GoogleToolbarNotifier moved successfully. File/Folder c:\program files\google\googletoolbar1.dll not found. OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05262008_174604

J'ai mis le programme en surbrillance, cliqué sur "supprimer" et ça bloque rien ne se passe Alors pourquoi? ça je ne sais pas.

note aussi que je n'ai pas pu supprimé le google toolbar dans "ajout/suppression de prog" Y a t il un autre moyen? A+

HPhost a bien été installé J'ai trouvé la ligne avec HJ et fait le fix Je souhaite securiser le PC Bien amicalement Pat

rapport HJ: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:06:25, on 26/05/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\keyhook.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\WINDOW~3\MESSEN~1\msnmsgr.exe C:\WINDOWS\system32\sistray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\acer\eRecovery\Monitor.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\Anne\Bureau\ewido_micro.exe C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wanadoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing) O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WINDOW~3\MESSEN~1\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: WiziWYG XP Startup.lnk = C:\Program Files\Praxisoft\WiziWYG XP\WiziWYGXP.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?91bb5a865fe846ecac54c8549e222c2e O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?91bb5a865fe846ecac54c8549e222c2e O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150063111484 O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing) -- End of file - 8836 bytes

rapport de : SmitFraudFix v2.322 Rapport fait à 14:46:33,59, 26/05/2008 Executé à partir de C:\Documents and Settings\Anne\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est FAT32 Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\keyhook.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\WINDOW~3\MESSEN~1\msnmsgr.exe C:\WINDOWS\system32\sistray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\acer\eRecovery\Monitor.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\Anne\Bureau\ewido_micro.exe C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts Fichier hosts corrompu ! 127.0.0.1 ads.bleepingcomputer.com 127.0.0.1 assets.lockergnome.com 127.0.0.1 microsoft.com.org 127.0.0.1 rad.microsoft.com 127.0.0.1 updated-microsoft.com 127.0.0.1 view-microsoft.com 127.0.0.1 www.microsoft.com.org 127.0.0.1 www.updated-microsoft.com 127.0.0.1 www.view-microsoft.com 127.0.0.1 www.www.microsoft.com.org »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Anne »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Anne\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Carte réseau Broadcom 802.11g - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.1 DNS Server Search Order: 0.0.0.0 HKLM\SYSTEM\CCS\Services\Tcpip\..\{3450A9E6-5A72-45B8-B0E9-7911855F0CEC}: DhcpNameServer=192.168.1.1 0.0.0.0 HKLM\SYSTEM\CS1\Services\Tcpip\..\{3450A9E6-5A72-45B8-B0E9-7911855F0CEC}: DhcpNameServer=192.168.1.1 0.0.0.0 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin

Bonsoir Ogu, je t'informe que lors du téléchargement de Smitfraudfix, antivir à détécter quelque chose : "contains detection pattern of dropper Dr/tool.reboot?F93 qu'est ce que je fais? A+

RAPPORT EWIDO: __________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: TrackingCookie.Estat Path: C:\Documents and Settings\Anne\Cookies\anne@estat[1].txt Risk: Medium Name: TrackingCookie.Smartadserver Path: C:\Documents and Settings\Anne\Cookies\anne@smartadserver[2].txt Risk: Medium Name: TrackingCookie.Pointroll Path: C:\Documents and Settings\Anne\Cookies\anne@ads.pointroll[1].txt Risk: Medium Name: TrackingCookie.Atdmt Path: C:\Documents and Settings\Anne\Cookies\anne@atdmt[2].txt Risk: Medium Name: TrackingCookie.Adtech Path: C:\Documents and Settings\Anne\Cookies\anne@adtech[1].txt Risk: Medium Name: TrackingCookie.Weborama Path: C:\Documents and Settings\Anne\Cookies\anne@laredoute.solution.weborama[2].txt Risk: Medium Name: TrackingCookie.Serving-sys Path: C:\Documents and Settings\Anne\Cookies\anne@serving-sys[1].txt Risk: Medium Name: TrackingCookie.Webtrends Path: C:\Documents and Settings\Anne\Cookies\anne@m.webtrends[1].txt Risk: Medium Name: TrackingCookie.Weborama Path: C:\Documents and Settings\Anne\Cookies\anne@searchmobile.solution.weborama[2].txt Risk: Medium Name: TrackingCookie.Estat Path: C:\Documents and Settings\Anne\Cookies\anne@estat[2].txt Risk: Medium Name: TrackingCookie.Weborama Path: C:\Documents and Settings\Anne\Cookies\anne@cetelem.solution.weborama[2].txt Risk: Medium Name: TrackingCookie.Weborama Path: C:\Documents and Settings\Anne\Cookies\anne@aimfar.solution.weborama[1].txt Risk: Medium Name: TrackingCookie.Weborama Path: C:\Documents and Settings\Anne\Cookies\anne@samsung.solution.weborama[2].txt Risk: Medium Name: TrackingCookie.Weborama Path: C:\Documents and Settings\Anne\Cookies\anne@francecredit2.solution.weborama[1].txt Risk: Medium Name: TrackingCookie.Weborama Path: C:\Documents and Settings\Anne\Cookies\anne@weborama[1].txt Risk: Medium Name: TrackingCookie.Dealtime Path: C:\Documents and Settings\Anne\Cookies\anne@dealtime[2].txt Risk: Medium Name: TrackingCookie.Epilot Path: C:\Documents and Settings\Anne\Cookies\anne@www.epilot[1].txt Risk: Medium Name: TrackingCookie.Findwhat Path: C:\Documents and Settings\Anne\Cookies\anne@findwhat[1].txt Risk: Medium Name: TrackingCookie.Tribalfusion Path: C:\Documents and Settings\Anne\Cookies\anne@tribalfusion[1].txt Risk: Medium Name: TrackingCookie.Dealtime Path: C:\Documents and Settings\Anne\Cookies\anne@stat.dealtime[2].txt Risk: Medium Name: TrackingCookie.Smartadserver Path: C:\Documents and Settings\Anne\Cookies\anne@smartadserver[3].txt Risk: Medium Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Anne\Cookies\anne@ice.112.2o7[1].txt Risk: Medium Name: TrackingCookie.Weborama Path: C:\Documents and Settings\Anne\Cookies\anne@emiratespromos2008.solution.weborama[2].txt Risk: Medium Name: TrackingCookie.Comclick Path: C:\Documents and Settings\Anne\Cookies\anne@fl01.ct2.comclick[1].txt Risk: Medium Name: TrackingCookie.Weborama Path: C:\Documents and Settings\Anne\Cookies\anne@jardindorante.solution.weborama[2].txt Risk: Medium Name: TrackingCookie.Serving-sys Path: C:\Documents and Settings\Anne\Cookies\anne@bs.serving-sys[2].txt Risk: Medium Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Anne\Cookies\anne@msnportal.112.2o7[1].txt Risk: Medium Name: TrackingCookie.Mediaplex Path: C:\Documents and Settings\PAT\Cookies\pat@mediaplex[1].txt Risk: Medium Name: TrackingCookie.Doubleclick Path: C:\Documents and Settings\PAT\Cookies\pat@doubleclick[2].txt Risk: Medium Name: TrackingCookie.Estat Path: C:\Documents and Settings\PAT\Cookies\pat@estat[1].txt Risk: Medium Name: TrackingCookie.Adtech Path: C:\Documents and Settings\PAT\Cookies\pat@adtech[1].txt Risk: Medium Name: TrackingCookie.Weborama Path: C:\Documents and Settings\PAT\Cookies\pat@laredoute.solution.weborama[2].txt Risk: Medium Name: TrackingCookie.2o7 Path: C:\Documents and Settings\PAT\Cookies\pat@aolfr.122.2o7[1].txt Risk: Medium Name: TrackingCookie.2o7 Path: C:\Documents and Settings\PAT\Cookies\pat@2o7[1].txt Risk: Medium Name: TrackingCookie.Weborama Path: C:\Documents and Settings\PAT\Cookies\pat@weborama[2].txt Risk: Medium Name: TrackingCookie.Atdmt Path: C:\Documents and Settings\PAT\Cookies\pat@atdmt[2].txt Risk: Medium Name: TrackingCookie.Advertising Path: C:\Documents and Settings\PAT\Cookies\pat@advertising[2].txt Risk: Medium Name: TrackingCookie.Bluestreak Path: C:\Documents and Settings\PAT\Cookies\pat@bluestreak[1].txt Risk: Medium Name: TrackingCookie.Weborama Path: C:\Documents and Settings\PAT\Cookies\pat@cetelem.solution.weborama[2].txt Risk: Medium Name: TrackingCookie.Smartadserver Path: C:\Documents and Settings\PAT\Cookies\pat@smartadserver[2].txt Risk: Medium Name: TrackingCookie.Weborama Path: C:\Documents and Settings\PAT\Cookies\pat@emiratespromos2008.solution.weborama[2].txt Risk: Medium Name: TrackingCookie.Serving-sys Path: C:\Documents and Settings\PAT\Cookies\pat@serving-sys[1].txt Risk: Medium Name: TrackingCookie.Serving-sys Path: C:\Documents and Settings\PAT\Cookies\pat@bs.serving-sys[2].txt Risk: Medium Name: TrackingCookie.Webtrends Path: C:\Documents and Settings\PAT\Cookies\pat@m.webtrends[2].txt Risk: Medium Name: TrackingCookie.Weborama Path: C:\Documents and Settings\PAT\Cookies\pat@nestle.solution.weborama[2].txt Risk: Medium Name: TrackingCookie.Adviva Path: C:\Documents and Settings\Administrateur\Cookies\administrateur@adviva[1].txt Risk: Medium Name: TrackingCookie.Serving-sys Path: C:\Documents and Settings\Administrateur\Cookies\administrateur@bs.serving-sys[2].txt Risk: Medium Name: TrackingCookie.Serving-sys Path: C:\Documents and Settings\Administrateur\Cookies\administrateur@serving-sys[2].txt Risk: Medium Name: TrackingCookie.Doubleclick Path: C:\Documents and Settings\Administrateur\Cookies\administrateur@doubleclick[1].txt Risk: Medium Name: TrackingCookie.Smartadserver Path: C:\Documents and Settings\Administrateur\Cookies\administrateur@smartadserver[1].txt Risk: Medium Name: TrackingCookie.Bluestreak Path: C:\Documents and Settings\Administrateur\Cookies\administrateur@bluestreak[2].txt Risk: Medium Name: TrackingCookie.Webtrends Path: C:\Documents and Settings\Administrateur\Cookies\administrateur@m.webtrends[2].txt Risk: Medium Name: TrackingCookie.Tradedoubler Path: C:\Documents and Settings\Administrateur\Cookies\administrateur@tradedoubler[2].txt Risk: Medium Name: TrackingCookie.Mediaplex Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@mediaplex[1].txt Risk: Medium Name: TrackingCookie.Bluestreak Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@bluestreak[2].txt Risk: Medium Name: TrackingCookie.Advertising Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@advertising[1].txt Risk: Medium Name: TrackingCookie.Smartadserver Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@www.smartadserver[1].txt Risk: Medium Name: TrackingCookie.Serving-sys Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@bs.serving-sys[1].txt Risk: Medium Name: TrackingCookie.Weborama Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@weborama[2].txt Risk: Medium Name: TrackingCookie.Pointroll Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@ads.pointroll[2].txt Risk: Medium Name: TrackingCookie.Comclick Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@fl01.ct2.comclick[2].txt Risk: Medium Name: TrackingCookie.Atdmt Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@atdmt[1].txt Risk: Medium Name: TrackingCookie.Estat Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@estat[1].txt Risk: Medium Name: TrackingCookie.Casalemedia Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@casalemedia[1].txt Risk: Medium Name: TrackingCookie.Revenue Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@revenue[2].txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@ad.yieldmanager[1].txt Risk: Medium Name: TrackingCookie.Doubleclick Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@doubleclick[2].txt Risk: Medium Name: TrackingCookie.Serving-sys Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@serving-sys[1].txt Risk: Medium Name: TrackingCookie.Information Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@searchportal.information[2].txt Risk: Medium Name: TrackingCookie.Overture Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@overture[1].txt Risk: Medium Name: TrackingCookie.Hitbox Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@ehg-telecomitalia.hitbox[1].txt Risk: Medium Name: TrackingCookie.Hitbox Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@hitbox[2].txt Risk: Medium Name: TrackingCookie.Adtech Path: C:\Deckard\System Scanner\20080328114845\backup\DOCUME~1\Anne\LOCALS~1\Temp\Cookies\anne@adtech[2].txt Risk: Medium

rapport malware Malwarebytes' Anti-Malware 1.09 Version de la base de données: 560 Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 98376 Temps écoulé: 21 minute(s), 4 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 26 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\avifile32.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\avisynthex32.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\aviwrap32.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\browserad.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\changeurl_30.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\msa64chk.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\msapasrc.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\123messenger.per (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\ntnut.exe (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\shdocpe.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\shdocpl.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\winsb.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\system32\MSNSA32.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\system32\SIPSPI32.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\Installer\id53.exe (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\apphelp32.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\asferror32.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\asycfilt32.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\athprxy32.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\ati2dvaa32.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\ati2dvag32.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\audiosrv32.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\autodisc32.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\licencia.txt (Malware.Trace) -> No action taken. C:\WINDOWS\telefonos.txt (Malware.Trace) -> No action taken. C:\WINDOWS\textos.txt (Malware.Trace) -> No action taken.

rapport malware Malwarebytes' Anti-Malware 1.09 Version de la base de données: 560 Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 98376 Temps écoulé: 21 minute(s), 4 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 26 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\avifile32.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\avisynthex32.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\aviwrap32.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\browserad.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\changeurl_30.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\msa64chk.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\msapasrc.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\123messenger.per (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\ntnut.exe (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\shdocpe.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\shdocpl.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\winsb.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\system32\MSNSA32.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\system32\SIPSPI32.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\Installer\id53.exe (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\apphelp32.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\asferror32.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\asycfilt32.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\athprxy32.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\ati2dvaa32.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\ati2dvag32.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\audiosrv32.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\autodisc32.dll (Fake.Dropped.Malware) -> No action taken. C:\WINDOWS\licencia.txt (Malware.Trace) -> No action taken. C:\WINDOWS\telefonos.txt (Malware.Trace) -> No action taken. C:\WINDOWS\textos.txt (Malware.Trace) -> No action taken.

pour le nota dont tu fais état, je suis d'accord avec toi: mais à part quelque survole de site de classe X , rien de crack ou autres. De plus après chaque visite où il y a un potentiel de risque je lance antivir après. mais force est de constater que cela n'est pas suffisant alors on va supprimer ces visites et j'espère en avoir fini avec ses ennuis. Quoiqu'il en soit merci pour tout ce que tu fais, toi et tes collègues bien entendu.

rapport antivir: Avira AntiVir Personal Report file date: dimanche 25 mai 2008 14:08 Scanning for 1286436 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Save mode Username: Anne Computer name: PORTABLE2 Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 15/04/2008 11:22:38 AVSCAN.DLL : 8.1.1.0 53505 Bytes 15/04/2008 11:22:38 LUKE.DLL : 8.1.2.9 151809 Bytes 15/04/2008 11:22:38 LUKERES.DLL : 8.1.2.1 12033 Bytes 15/04/2008 11:22:38 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 19:27:16 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 21:42:08 ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 00:25:32 ANTIVIR3.VDF : 7.0.4.88 158720 Bytes 25/05/2008 13:53:08 Engineversion : 8.1.0.46 AEVDF.DLL : 8.1.0.5 102772 Bytes 15/04/2008 11:22:38 AESCRIPT.DLL : 8.1.0.33 266618 Bytes 15/05/2008 23:26:30 AESCN.DLL : 8.1.0.18 119156 Bytes 15/05/2008 23:26:26 AERDL.DLL : 8.1.0.20 418165 Bytes 25/04/2008 18:07:18 AEPACK.DLL : 8.1.1.5 364918 Bytes 15/05/2008 23:26:22 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 19/04/2008 12:36:34 AEHEUR.DLL : 8.1.0.29 1253750 Bytes 15/05/2008 23:26:08 AEHELP.DLL : 8.1.0.14 115063 Bytes 19/04/2008 12:36:24 AEGEN.DLL : 8.1.0.21 303477 Bytes 15/05/2008 23:25:54 AEEMU.DLL : 8.1.0.6 430451 Bytes 07/05/2008 23:25:14 AECORE.DLL : 8.1.0.29 168311 Bytes 15/05/2008 23:25:48 AVWINLL.DLL : 1.0.0.7 14593 Bytes 15/04/2008 11:22:38 AVPREF.DLL : 8.0.0.1 25857 Bytes 15/04/2008 11:22:38 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 18:16:24 AVREG.DLL : 8.0.0.0 30977 Bytes 15/04/2008 11:22:38 AVARKT.DLL : 1.0.0.23 307457 Bytes 15/04/2008 11:22:38 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 15/04/2008 11:22:38 SQLITE3.DLL : 3.3.17.1 339968 Bytes 15/04/2008 11:22:38 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 15/04/2008 11:22:38 NETNT.DLL : 8.0.0.1 7937 Bytes 15/04/2008 11:22:38 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 15/04/2008 11:22:34 RCTEXT.DLL : 8.0.32.0 86273 Bytes 15/04/2008 11:22:34 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: repair Secondary action.................: delete Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Start of the scan: dimanche 25 mai 2008 14:08 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'Explorer.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '47' files ). Starting the file scan: Begin scan in 'C:\' <ACER> C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <ACERDATA> End of the scan: dimanche 25 mai 2008 15:05 Used time: 56:52 min The scan has been done completely. 5020 Scanning directories 364438 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 364438 Files not concerned 7085 Archives were scanned 1 Warnings 0 Notes

rapport HJ: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:53:24, on 25/05/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\keyhook.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\WINDOW~3\MESSEN~1\msnmsgr.exe C:\WINDOWS\system32\sistray.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\acer\eRecovery\Monitor.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wanadoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WINDOW~3\MESSEN~1\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: WiziWYG XP Startup.lnk = C:\Program Files\Praxisoft\WiziWYG XP\WiziWYGXP.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?91bb5a865fe846ecac54c8549e222c2e O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?91bb5a865fe846ecac54c8549e222c2e O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150063111484 O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing) -- End of file - 9357 bytes

j'ai pas de firefox je pense que les fichiers qui reste sont des traces de ce qu'il y avait avant J'ai repris ce PC avec l'ntreprise et il se peut que le ménage ait été mal fait que fais je?

rapport de otmove C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT7.tmp moved successfully. OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05252008_120047

re, donc le rapport SDFIX: SDFix: Version 1.185 Run by Anne on 25/05/2008 at 10:17 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-25 10:28:59 Windows 5.1.2600 Service Pack 3 FAT NTAPI scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger" "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer" "C:\\Program Files\\Visicom Media\\FTPExpert2\\FTPxpert.exe"="C:\\Program Files\\Visicom Media\\FTPExpert2\\FTPxpert.exe:*:Enabled:AceFTP v2" "C:\\WINDOWS\\System32\\mmc.exe"="C:\\WINDOWS\\System32\\mmc.exe:*:Disabled:Microsoft Management Console" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Fri 9 Mar 2007 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK32.dll" Fri 4 Apr 2008 1,572,864 A..H. --- "C:\Documents and Settings\NetworkService\NTUSER.DAT.bak_jv16pt" Fri 4 Apr 2008 1,572,864 A..H. --- "C:\Documents and Settings\LocalService\NTUSER.DAT.bak_jv16pt" Fri 4 Apr 2008 12,582,912 A..H. --- "C:\Documents and Settings\Anne\ntuser.dat.bak_jv16pt" Sat 24 Jun 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT7.tmp" Tue 6 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp" Wed 9 Aug 2006 0 ...H. --- "C:\Documents and Settings\Anne\Application Data\Microsoft\Word\~WRL0201.tmp" Wed 9 Aug 2006 0 ...H. --- "C:\Documents and Settings\Anne\Application Data\Microsoft\Word\~WRL0664.tmp" Wed 9 Aug 2006 0 ...H. --- "C:\Documents and Settings\Anne\Application Data\Microsoft\Word\~WRL3410.tmp" Sat 5 Apr 2008 0 ...H. --- "C:\Documents and Settings\Anne\Application Data\Microsoft\Word\~WRL2879.tmp" Sun 4 Feb 2007 262,144 A..H. --- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.bak_jv16pt" Sun 4 Feb 2007 262,144 A..H. --- "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.bak_jv16pt" Fri 4 Apr 2008 262,144 A..H. --- "C:\Documents and Settings\Anne\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.bak_jv16pt" Wed 12 Mar 2008 7,318 A..H. --- "C:\Documents and Settings\Anne\Application Data\Microsoft\Office\Shortcut Bar\Off46.tmp" Finished! et le rapport HJ: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:33:20, on 25/05/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\keyhook.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\WINDOW~3\MESSEN~1\msnmsgr.exe C:\WINDOWS\system32\sistray.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\acer\eRecovery\Monitor.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wanadoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WINDOW~3\MESSEN~1\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: WiziWYG XP Startup.lnk = C:\Program Files\Praxisoft\WiziWYG XP\WiziWYGXP.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?91bb5a865fe846ecac54c8549e222c2e O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?91bb5a865fe846ecac54c8549e222c2e O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150063111484 O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing) -- End of file - 9414 bytes A+

Bonjour Ogu, voici le lien demandé. Pour le reste je m'y mets de suite Merci Amicalement http://forum.zebulon.fr/resolu-t141702.html

Bonjour Greywolf, je te remercie pour ces explications mais n'étant pas spécialiste je décroche. Par contre je peux indiquer que j'ai eu un souci il y a peu de temps avec MSOutlook qui envoyait plus de message que je n'en mettait dans la boite! Peut etre un lien avec ce qui arrive aujourd'hui? pourtant on avait nettoyer le PC avec un de vos collègues. Amicalement Pat