evelynem

exactement ce que je voulais merci bcp thorgal !!!!!

bonjour a tous J'espere poster dans le bon forum. mon moniteur a des pixels morts : existe-t-il un logiciel qui puisse les reparer ? si oui, est-ce fiable ? je dois racheter un autre moniteur : existe-t-il un moniteur au moins 24pouces avec ces deux criteres 1) contour BLANC (ben oui le salon est blanc !) 2) moniteur qui pivote (en mode portrait) merci pour vos reponses ! bonne journee

Ok. Merci pour tes précisions ! bonne soirée.

bon, mon mon problème de site ancienne version, laissons de côté. En revanche (et je ne t'embête plus après !) pourquoi pour le monde.fr l'adresse ip en directe ne fonctionnerait pas ? pourtant, lorsque je tape www.lemonde.fr, le DNS (pas le hosts, ici) la tranforme bien en IP ! donc ça reviendrait au même ! Tu m'as parlé de redirection (CDN). Je veux bien. Mais la PREMIERE direction (si je puis dire) qu'on me fournit avec l'adresse www.lemonde.fr, c'est bien une IP classique ? si oui, alors elle devrait marcher en direct ! si non, c'est de quel type ? une ip avec un port ? encore merci pour tes réponses !!!

merci de ta réponse rapide ! si j'ai bien compris ta réponse, l'ip ne marche pas mais comme je redirige l'ip vers le nom résolu alors ça marche ! Le seul problème c'est que j'avais un adresse www QUI NE MARCHAIT PAS DIRECTEMENT (ça me faisait arriver sur une ancienne version de mon site) Mais en mettant l'ip + le nom en clair (la meme adresse que ci-dessus !) dans le HOSTS, ça marche !!!!! là je suis largué as-tu une explication ? Par ailleurs si je veux me connecter directement au site www.lemonde.fr (l'ip est 86.64.177.139), y a-t-il un moyen de se connecter par l'iP ? merci

bonsoir à tous Ya des choses que je comprends pas, et ça m'énerve un peu. Je suis pas informaticien mais j'aime bien comprendre (un peu) ce qui se passe. Donc si qqun voulait bien m'éclairer un peu : CE QUE JE SAIS DEJA: lorsque je veux me connecter à mon site, je rentre son adresse en clair. OK Si je veux l'IP de mon site : je lance un ping www.monsite.fr. et je la récupère. OK lorsque je rentre dans le navigateur (ie6) l'adresse IP récupérée : ça ne marche pas. J'ai lu que c'est parceque l'adresse IP est celle d'un serveur mutualisé donc forcément ya pas que moi (mon site) qui utilise cette IP MA QUESTION : pourquoi lorsque j'édite le fichier HOSTS et que j'ajoute une ligne IP du SITE www.monsite.fr alors dans ce cas, lorsque je rentre le nom en clair dans ie6, ça marche; la connection s'établie bien avec le site !!! pourtant le fichier hosts ne fait qu'une redirection/traduction du nom en clair en adresse IP (sans passer par le DNS !) DONC POURQUOI l'IP DIRECTE NE MARCHE PAS MAIS la redirection par le HOSTS MARCHE ? merci déjà de m'avoir lu jusque là !!! cordialement

bonsoir et merci bcp votre aide ! voici les rapports demandés : MERCI ENCORE ! oups j'allais oublier : l'édition du registre par REGEDIT est bloquée ! ******************************************************************************** ** SmitFraudFix v2.323 Rapport fait à 18:44:36,71, 05/06/2008 Executé à partir de C:\Documents and Settings\lederberger\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\ezSP_Px.exe C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\lederberger »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\lederberger\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\LEDERB~1\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Carte VIA PCI 10/100Mo Fast Ethernet - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{6B90D948-AABE-4977-856E-DB5BB5D20D9F}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{6B90D948-AABE-4977-856E-DB5BB5D20D9F}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin ******************************************************************************** ** SDFix: Version 1.188 Run by Administrateur on 05/06/2008 at 18:56 Microsoft Windows XP [version 5.1.2600] Running From: C:\DOCUME~1\LEDERB~1\Bureau\sdfix\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Missing Security Center Service Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-05 19:08:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Microprose\\Risk II\\RiskII.exe"="C:\\Program Files\\Microprose\\Risk II\\RiskII.exe:*:Disabled:Risk II" "C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Disabled:BF1942" "C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe"="C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" Remaining Files : Files with Hidden Attributes : Sun 25 May 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Donn‚es d'application\U3\temp\Launchpad Removal.exe" Thu 1 May 2008 56,618 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti1B7.tmp" Wed 15 May 2002 310,835 A..H. --- "C:\Program Files\THQ\Britney\binkw32.dll" Tue 25 Jun 2002 901,120 A..H. --- "C:\Program Files\THQ\Britney\Britney.exe" Wed 15 May 2002 258,048 A..H. --- "C:\Program Files\THQ\Britney\gaudio.dll" Mon 12 Feb 2007 3,096,576 A..H. --- "C:\System Volume Information\_restore{2F073BF3-EDD2-4FFB-91CD-221DACCE2B69}\RP576\A0984158.exe" Mon 12 Feb 2007 3,096,576 A..H. --- "C:\System Volume Information\_restore{2F073BF3-EDD2-4FFB-91CD-221DACCE2B69}\RP588\A1052567.exe" Wed 5 Jan 2005 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Mon 8 May 2006 4,789,792 A..H. --- "C:\Documents and Settings\lederberger\Mes documents\Naftoli (D)\setup.exe" Wed 12 Jun 2002 4,608 A..H. --- "C:\Program Files\THQ\Britney\data\WKeyKill.dll" Thu 5 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8171d23d6d072d8b50d065ca55a754fb\BIT3DB.tmp" Thu 5 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT3B0.tmp" Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\lederberger\Application Data\U3\temp\Launchpad Removal.exe" Fri 16 Jul 1999 54 A.SH. --- "C:\Documents and Settings\lederberger\Application Data\iPodSoft\iPod Agent\1.1.2.0\WinIPA.sys" Sun 2 Jan 2005 1,314,816 A.SH. --- "C:\Documents and Settings\lederberger\Mes documents\rouh\Mes documents\Mes images\seem\SIV8A.tmp" Finished! ******************************************************************************** ** Malwarebytes' Anti-Malware 1.14 Version de la base de données: 828 21:09:39 05/06/2008 mbam-log-6-5-2008 (21-09-24).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 309819 Temps écoulé: 1 hour(s), 33 minute(s), 18 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

Bonjour à tous quelques temps sans mettre à jour l'antivirus et voilà le résultat : un pc infecté. Qui pourrait m'aider à éradiquer tout ça ? cordialement; ************************************************************************ RAPPORT HIJACK : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:49:59, on 04/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\ezSP_Px.exe C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\macromed\flash\GetFlash.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [bron-Spizaetus] "C:\WINDOWS\INF\norBtok.exe" O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\lederberger\Local Settings\Application Data\smss.exe" O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [svcshare] C:\WINDOWS\system32\drivers\spoclsv.exe O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Exif Launcher.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/LEDERB~1/LOCALS~1/Temp/msohtml1/03/clip_image002.jpg -- End of file - 7264 bytes ************************************************************************ RAPPORT ANTIVIR : Avira AntiVir Personal Report file date: mercredi 4 juin 2008 18:34 Scanning for 1310630 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: LEDERBER-B52E3F Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58 ANTIVIR2.VDF : 7.0.4.120 2206720 Bytes 01/06/2008 16:32:08 ANTIVIR3.VDF : 7.0.4.146 99840 Bytes 05/06/2008 16:32:09 Engineversion : 8.1.0.51 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.37 270715 Bytes 04/06/2008 16:32:33 AESCN.DLL : 8.1.0.20 119157 Bytes 04/06/2008 16:32:31 AERDL.DLL : 8.1.0.20 418165 Bytes 04/06/2008 16:32:30 AEPACK.DLL : 8.1.1.5 364918 Bytes 04/06/2008 16:32:28 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 04/06/2008 16:32:25 AEHEUR.DLL : 8.1.0.29 1253750 Bytes 04/06/2008 16:32:24 AEHELP.DLL : 8.1.0.15 115063 Bytes 04/06/2008 16:32:15 AEGEN.DLL : 8.1.0.25 307573 Bytes 04/06/2008 16:32:14 AEEMU.DLL : 8.1.0.6 430451 Bytes 04/06/2008 16:32:12 AECORE.DLL : 8.1.0.30 168311 Bytes 04/06/2008 16:32:10 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mercredi 4 juin 2008 18:34 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'hpqgalry.exe' - '1' Module(s) have been scanned Scan process 'SPUVolumeWatcher.exe' - '1' Module(s) have been scanned Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned Scan process 'QuickDCF.exe' - '1' Module(s) have been scanned Scan process 'CalCheck.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'SERVIC~1.EXE' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'msmsgs.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'QTTask.exe' - '1' Module(s) have been scanned Scan process 'issch.exe' - '1' Module(s) have been scanned Scan process 'DATALA~1.EXE' - '1' Module(s) have been scanned Scan process 'ezSP_Px.exe' - '1' Module(s) have been scanned Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 44 processes with 44 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '35' files ). Starting the file scan: Begin scan in 'C:\' <lederb> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\setup.exe [DETECTION] Is the Trojan horse TR/Proxy.Delf.CA [NOTE] The file was moved to '48bac491.qua'! C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\48bac491.qua [0] Archive type: HIDDEN --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\48bac491.qua [DETECTION] Is the Trojan horse TR/Proxy.Delf.CA [NOTE] The file was moved to '48a8c498.qua'! C:\Documents and Settings\lederb\Mes documents\Ma musique\project x\Partish\ossef 1\Oad moshkovitz\Nouveau dossier (3)\Nouveau dossier (2)\Nouveau dossier\Neshama\m_b_d\My Playlists\My Music\MORDEHAY BEN DAVID\MAAMINIM BNEI MAAMINIM\MAAMINIM BNEI MAAMINIM.exe [DETECTION] Contains detection pattern of the worm WORM/VB.ay.2 [NOTE] The file was moved to '4887c7f2.qua'! C:\Documents and Settings\lederb\Mes documents\Ma musique\project x\Partish\ossef 1\Oad moshkovitz\Nouveau dossier (3)\Nouveau dossier (2)\Nouveau dossier\Neshama\m_b_d\My Playlists\My Music\MORDEHAY BEN DAVID\Mona II\Mona I\Moche Rosenblum\Chema Kolénou\Chema Kolénou.exe [DETECTION] Contains detection pattern of the worm WORM/VB.ay.2 [NOTE] The file was moved to '48abc81e.qua'! C:\Documents and Settings\lederb\Mes documents\Ma musique\project x\Partish\ossef 1\Oad moshkovitz\Nouveau dossier (3)\Nouveau dossier (2)\Nouveau dossier\Neshama\m_b_d\My Playlists\My Music\MORDEHAY BEN DAVID\Mona II\Mona I\Moche Rosenblum\michael shtreicher\01 KOACH HATFILA\01 KOACH HATFILA.exe [DETECTION] Contains detection pattern of the worm WORM/VB.ay.2 [NOTE] The file was moved to '4866c7e8.qua'! C:\Documents and Settings\lederb\Mes documents\Ma musique\project x\Partish\ossef 1\Oad moshkovitz\Nouveau dossier (3)\Nouveau dossier (2)\Nouveau dossier\Neshama\m_b_d\My Playlists\My Music\MORDEHAY BEN DAVID\Mona II\Mona I\Moche Rosenblum\michael shtreicher\02 KOACH HATORA\02 KOACH HATORA.exe [DETECTION] Contains detection pattern of the worm WORM/VB.ay.2 [NOTE] The file was moved to '4866c7ea.qua'! C:\Documents and Settings\lederb\Mes documents\Ma musique\project x\Partish\ossef 1\Oad moshkovitz\Nouveau dossier (3)\Nouveau dossier (2)\Nouveau dossier\Neshama\m_b_d\My Playlists\My Music\MORDEHAY BEN DAVID\Mona II\Mona I\Moche Rosenblum\michael shtreicher\Zemiros\Zemiros.exe [DETECTION] Contains detection pattern of the worm WORM/VB.ay.2 [NOTE] The file was moved to '48b3c920.qua'! C:\Données d'application\U3\0000188A1672E3C1\Loading.htm [DETECTION] Contains detection pattern of the HTML script virus HTML/Fujacks.iFrame [NOTE] The file was moved to '48a7ca78.qua'! C:\Program Files\Adobe\Acrobat 5.0\Reader\Lisezmoi.html [DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen [NOTE] The file was moved to '48b9cbc6.qua'! C:\Program Files\Adobe\Acrobat 5.0\Reader\ReadMe.html [DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen [NOTE] The file was moved to '48a7cbc2.qua'! C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\WEBBUY\HTML\template1.html [DETECTION] Contains detection pattern of the HTML script virus HTML/Fujacks.iFrame [NOTE] The file was moved to '48b3cbc8.qua'! C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\WEBBUY\HTML\template2.html [DETECTION] Contains detection pattern of the HTML script virus HTML/Fujacks.iFrame [NOTE] The file was moved to '49d848f1.qua'! C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\WEBBUY\HTML\template5.html [DETECTION] Contains detection pattern of the HTML script virus HTML/Fujacks.iFrame [NOTE] The file was moved to '48b3cbca.qua'! C:\Program Files\AviSynth 2.5\Docs\english\advancedtopics.htm [DETECTION] Contains detection pattern of the HTML script virus HTML/Fujacks.iFrame [NOTE] The file was moved to '48bccbe9.qua'! C:\Program Files\AviSynth 2.5\Docs\english\changelist.htm [DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen [NOTE] The file was moved to '48a7cbed.qua'! C:\Program Files\AviSynth 2.5\Docs\english\corefilters.htm [DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen [NOTE] The file was moved to '48b8cbf4.qua'! C:\Program Files\AviSynth 2.5\Docs\english\externalplugins.htm [DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen [NOTE] The file was moved to '48bacbfd.qua'! C:\Program Files\AviSynth 2.5\Docs\english\index.htm [DETECTION] Contains detection pattern of the HTML script virus HTML/Fujacks.iFrame [NOTE] The file was moved to '48aacbf4.qua'! C:\Program Files\AviSynth 2.5\Docs\english\overview.htm [DETECTION] Contains detection pattern of the HTML script virus HTML/Fujacks.iFrame [NOTE] The file was moved to '48abcbfc.qua'! C:\Program Files\AviSynth 2.5\Docs\english\quick_ref.htm [DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen [NOTE] The file was moved to '48afcbfc.qua'! C:\Program Files\PopCap Games\Peggle Deluxe\readme.html [DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen [NOTE] The file was moved to '48a7d2fb.qua'! C:\System Volume Information\_restore{2F073BF3-EDD2-4FFB-91CD-221DACCE2B69}\RP576\A0972103.exe [DETECTION] Is the Trojan horse TR/Proxy.Delf.CA [NOTE] The file was moved to '487fd42e.qua'! C:\System Volume Information\_restore{2F073BF3-EDD2-4FFB-91CD-221DACCE2B69}\RP576\A0974123.exe [DETECTION] Is the Trojan horse TR/Proxy.Delf.CA [NOTE] The file was moved to '487fd430.qua'! C:\System Volume Information\_restore{2F073BF3-EDD2-4FFB-91CD-221DACCE2B69}\RP576\A0974148.exe [DETECTION] Is the Trojan horse TR/Proxy.Delf.CA [NOTE] The file was moved to '487fd434.qua'! C:\System Volume Information\_restore{2F073BF3-EDD2-4FFB-91CD-221DACCE2B69}\RP593\A1120350.exe [DETECTION] Contains detection pattern of the worm WORM/VB.ay.2 [NOTE] The file was moved to '4910b150.qua'! C:\System Volume Information\_restore{2F073BF3-EDD2-4FFB-91CD-221DACCE2B69}\RP593\A1120351.exe [DETECTION] Contains detection pattern of the worm WORM/VB.ay.2 [NOTE] The file was moved to '4877d5de.qua'! C:\WINDOWS\system32\drivers\spoclsv.exe [DETECTION] Is the Trojan horse TR/Proxy.Delf.CA [NOTE] The file was moved to '48b5d771.qua'! End of the scan: mercredi 4 juin 2008 19:55 Used time: 1:21:11 min The scan has been done completely. 11888 Scanning directories 462846 Files were scanned 980 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 980 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 461866 Files not concerned 1136 Archives were scanned 2 Warnings 980 Notes

slt angélique; VOICI LE RAPPORT OBTENU File/Folder C:\Documents and Settings\MIMOUNI\Local Settings\Application Data\smss.exe not found. < EmptyTemp > File delete failed. C:\DOCUME~1\MIMOUNI\LOCALS~1\Temp\~DF686B.tmp scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05122008_174322 Files moved on Reboot... C:\DOCUME~1\MIMOUNI\LOCALS~1\Temp\~DF686B.tmp moved successfully. pour info, comment s'appelle la 2e infection que j'avais ?

BON faut pas sortir de plytechnique pour ça ! j'ai cree un dossier DESKTOP et j'ai copié cleanx et ça a marché !! ####################################################################### Brontok Worm Removal Tool - (Version - 06.09.17B) by sUBs ####################################################################### Current date: 12/05/2008 Current time: 15:11:19,51 === PRE RUN ANALYSIS =================================== === POST RUN ANALYSIS ================================== NOTE The post-run analysis portion should be empty. If it's not, reboot and run the tool a second time. 15:11:21,39 ====================================================== est-ce bon ? encore merci !!!

merci pour ta reponse rapide !!! en lançant cleanX, j'ai un message d'erreur (après le message 'alerte) qui est windows ne trouve pas le fichier .....\desktop\cleanx-II.txt pourtant cleanx est BIEN sur le bureau que puis je faire ? merci

Bonjour à tous; j'ai été infecté par une clé usb d'un collègue (merci le collègue!) j'ai lancé panda et antivir malheureusement le virus BRONTOK.AG que j'ai eu n'a pas été entièrerement effacé mon pc est devenu bien lent au démarage en plus de l'erreur "eksplorasi absent" j'ai donc : nettoyé le PC avec ccleaner refait passer un coup d'antivir (rapport ci après) fait un hijack en mode sans échec et effectivement ya plein de ligne O1 suspectes entre autres MERCI D'AVOIR LA GENTILLESSE (car c'est le terme) DE M'AIDER ! $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ rapport hijack Logfile of HijackThis v1.99.1 Scan saved at 13:28:53, on 12/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.exe C:\Documents and Settings\MIMOUNI\Bureau\hijak\Hijak.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe" O1 - Hosts: <HTML><HEAD><TITLE>Yahoo!</TITLE> O1 - Hosts: </HEAD><BODY BGCOLOR=white vlink=blue> O1 - Hosts: <!-- following code added by server. PLEASE REMOVE --> O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE --><center> O1 - Hosts: <table width=675 cellpadding=0 cellspacing=2 border=0> O1 - Hosts: <tr> O1 - Hosts: <td width=1% valign=top><a href="http://www.yahoo.com"><img src=http://us.i1.yimg.com/us.yimg.com/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo"></a></td> O1 - Hosts: <td align=right><font face=arial size=-1><a href="/404/*http://www.yahoo.com">Yahoo!</a> - <a href="http://help.yahoo.com">Help</a></font><hr size=1 noshade></td> O1 - Hosts: </tr> O1 - Hosts: </table> O1 - Hosts: <br> O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=3> O1 - Hosts: <tr> O1 - Hosts: <td bgcolor=003399 colspan=2> O1 - Hosts: <font face=Arial size=+1 color=white><b>Sorry, the page you requested was not found.</b></font> O1 - Hosts: </td> O1 - Hosts: </tr></table> O1 - Hosts: <br> O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=1> O1 - Hosts: <tr> O1 - Hosts: <td valign=top width=229 bgcolor=ffffff> O1 - Hosts: <table width="100%" cellpadding=1 cellspacing=0 border=0 bgcolor=dcdcdc><tr> O1 - Hosts: <td valign=top align=center><table width="100%" cellpadding=3 cellspacing=0 border=0 bgcolor=ffffff> O1 - Hosts: <tr bgcolor=dcdcdc><td><font face=arial><b>Search Yahoo!</b></font></td></tr> O1 - Hosts: <tr bgcolor=white><td valign=top align=center> O1 - Hosts: <form action="http://search.yahoo.com/search"> O1 - Hosts: <input size="14" name="p" value=""> O1 - Hosts: <input type="SUBMIT" value="Search"> O1 - Hosts: <font face=arial size=-2> <a href="http://search.yahoo.com/search/options?p=">advanced search</a> <a href="http://buzz.yahoo.com">most popular</a></font> O1 - Hosts: </form></td></tr></table> O1 - Hosts: <table width=100% border=0 cellspacing=0 cellpadding=3 bgcolor=ffffff> O1 - Hosts: <tr bgcolor=ccccff><td> O1 - Hosts: <FONT face=arial size=+1>Yahoo! Web Hosting</font> O1 - Hosts: </td></tr> O1 - Hosts: <tr><td> O1 - Hosts: <a href=http://webhosting.yahoo.com/ps/wh/prod/><img align=left src=http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/j_advan48.gif width=48 height=48 border=0 alt="Yahoo! Web Hosting"></a> O1 - Hosts: <font face=arial size=-1>Yahoo! Web Hosting has <a href="http://webhosting.yahoo.com/ps/wh/prod/">three affordable plans</a> to meet your needs - starting at just $11.95. O1 - Hosts: </td></tr> O1 - Hosts: <tr><td align=right> O1 - Hosts: <b><font face=arial size=-1><a href=http://webhosting.yahoo.com/ps/wh/prod/>Learn more...</a></font></b> O1 - Hosts: </td></tr> O1 - Hosts: </table> O1 - Hosts: </td></tr></table> O1 - Hosts: </td> O1 - Hosts: <td width=1> </td> O1 - Hosts: <td valign=top align=center width=445> O1 - Hosts: <script language="JavaScript" type="text/javascript" O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sr"> O1 - Hosts: </script> O1 - Hosts: <!-- IFRAME FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=NO WIDTH=425 HEIGHT=600 SRC="http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=425x600&section=244637&pub_redirect=http%3A%2F%2Frd.prismadata.com%2Fcl%2Fpixel.gif%3Frd%3D" --><!-- /IFRAME --> O1 - Hosts: <noscript> O1 - Hosts: <iframe O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sh&bg=ffffff" O1 - Hosts: width=470 height=580 marginwidth=0 marginheight=0 hspace=0 O1 - Hosts: vspace=0 frameborder=0 scrolling=no> O1 - Hosts: </iframe> O1 - Hosts: </noscript> O1 - Hosts: </td> O1 - Hosts: </tr> O1 - Hosts: </table> O1 - Hosts: <br> O1 - Hosts: <table cellpadding=0 cellspacing=0 border=0 width=675><tr><td bgcolor=a0b8c8> O1 - Hosts: <table cellpadding=1 cellspacing=1 border=0 width="100%"> O1 - Hosts: <tr valign=top bgcolor=ffffff><td align=center> O1 - Hosts: <font face=arial size=-2><A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://address.yahoo.com/">Address Book</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://alerts.yahoo.com/">Alerts</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://auctions.yahoo.com/">Auctions</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://billpay.yahoo.com/">Bill Pay</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://bookmarks.yahoo.com/">Bookmarks</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://briefcase.yahoo.com/">Briefcase</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://broadcast.yahoo.com/">Broadcast</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://calendar.yahoo.com/">Calendar</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://chat.yahoo.com/">Chat</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://classifieds.yahoo.com/">Classifieds</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://clubs.yahoo.com/">Clubs</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://companion.yahoo.com/">Companion</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://experts.yahoo.com/">Experts</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://games.yahoo.com/">Games</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://greetings.yahoo.com/">Greetings</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://geocities.yahoo.com/">Home Pages</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://invites.yahoo.com/">Invites</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://mail.yahoo.com/">Mail</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://maps.yahoo.com/">Maps</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://members.yahoo.com/">Member Directory</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://messenger.yahoo.com/">Messenger</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://my.yahoo.com/">My Yahoo!</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://news.yahoo.com/">News</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://paydirect.yahoo.com/">PayDirect</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://people.yahoo.com/">People Search</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://personals.yahoo.com/">Personals</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://photos.yahoo.com/">Photos</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://shopping.yahoo.com/">Shopping</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://sports.yahoo.com/">Sports</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://finance.yahoo.com/">Stock Quotes</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://tv.yahoo.com/">TV</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://travel.yahoo.com/">Travel</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://weather.yahoo.com/">Weather</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://www.yahooligans.com/">Yahooligans</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://yp.yahoo.com/">Yellow Pages</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://docs.yahoo.com/docs/family/more.html">more...</A> O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O6 "USB002" /M "Stylus D88" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\MIMOUNI\Local Settings\Application Data\smss.exe" O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://192.168.1.115/img/NetCamPlayerWeb11g.ocx O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ rapport antivir Avira AntiVir Personal Report file date: lundi 12 mai 2008 12:11 Scanning for 1260844 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: EVELYNE Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58 ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 10:03:35 ANTIVIR3.VDF : 7.0.4.25 125952 Bytes 11/05/2008 10:03:36 Engineversion : 8.1.0.42 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.31 262522 Bytes 12/05/2008 10:03:47 AESCN.DLL : 8.1.0.16 119156 Bytes 12/05/2008 10:03:46 AERDL.DLL : 8.1.0.20 418165 Bytes 05/05/2008 09:35:34 AEPACK.DLL : 8.1.1.4 364918 Bytes 05/05/2008 09:35:31 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 05/05/2008 09:35:27 AEHEUR.DLL : 8.1.0.26 1237366 Bytes 12/05/2008 10:03:45 AEHELP.DLL : 8.1.0.14 115063 Bytes 05/05/2008 09:35:16 AEGEN.DLL : 8.1.0.20 299380 Bytes 12/05/2008 10:03:40 AEEMU.DLL : 8.1.0.6 430451 Bytes 12/05/2008 10:03:38 AECORE.DLL : 8.1.0.28 168310 Bytes 12/05/2008 10:03:37 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: lundi 12 mai 2008 12:11 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'NSMdtr.exe' - '1' Module(s) have been scanned Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'SNDSrvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'TPSBattM.exe' - '1' Module(s) have been scanned Scan process 'ApntEx.exe' - '1' Module(s) have been scanned Scan process 'msmsgs.exe' - '1' Module(s) have been scanned Scan process 'TOSCDSPD.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'E_FATIABE.EXE' - '1' Module(s) have been scanned Scan process 'OrderReminder.exe' - '1' Module(s) have been scanned Scan process 'TFncKy.exe' - '1' Module(s) have been scanned Scan process 'hkcmd.exe' - '1' Module(s) have been scanned Scan process 'igfxtray.exe' - '1' Module(s) have been scanned Scan process 'ccApp.exe' - '1' Module(s) have been scanned Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned Scan process 'NDSTray.exe' - '1' Module(s) have been scanned Scan process 'TvsTray.exe' - '1' Module(s) have been scanned Scan process 'SmoothView.exe' - '1' Module(s) have been scanned Scan process 'TPSMain.exe' - '1' Module(s) have been scanned Scan process 'TCtrlIOHook.exe' - '1' Module(s) have been scanned Scan process 'ZoomingHook.exe' - '1' Module(s) have been scanned Scan process 'FnKeyHook.exe' - '1' Module(s) have been scanned Scan process 'TPTray.exe' - '1' Module(s) have been scanned Scan process 'CeEKey.exe' - '1' Module(s) have been scanned Scan process 'agrsmmsg.exe' - '1' Module(s) have been scanned Scan process 'ltmoh.exe' - '1' Module(s) have been scanned Scan process 'PadExe.exe' - '1' Module(s) have been scanned Scan process 'Apoint.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'SymWSC.exe' - '1' Module(s) have been scanned Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'navapsvc.exe' - '1' Module(s) have been scanned Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'ccEvtMgr.exe' - '1' Module(s) have been scanned Scan process 'ccSetMgr.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'ccProxy.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 57 processes with 57 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '48' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP39\A0017095.dll [DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738 [NOTE] The file was deleted! End of the scan: lundi 12 mai 2008 12:41 Used time: 29:46 min The scan has been done completely. 2654 Scanning directories 157473 Files were scanned 1 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 1 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 157472 Files not concerned 6376 Archives were scanned 2 Warnings 1 Notes