ribouldinguette

C'est fait ! C'est tout bon alors ? Encore mille mercis, et bravo pour ce que tu fais !

OK, merci pour les précisions. Et pour le firewall tu me conseilles quoi alors ?

Merci pour les liens je regarde ça. Par contre pour le faux logiciel, je ne sais pas ce qui a pu se passer mais je je vois pas comment j'ai pu me faire avoir, je n'ai cliqué sur rien, le logiciel s'est installé tout seul (ou alors j'étais en train de faire une manip et au moment où j'ai appuyé sur enter ça a confirmé ? c'est une possibilité, j'ai souvent plusieurs trucs d'ouvert en même temps et je brasse de l'un à l'autre, j'ai peut-être pas vu qu'il y avait une fenêtre pas nette). Je suis assez prudente, j'ai déjà eu depuis 10 ans 5 ordis (pas que les miens je te rassure) à formater à cause de vilains virus. D'ailleurs, quand je pense à comment je suis prudente normalement, et à des gens que je connais qui viennent d'apprendre qu'il était judicieux d'avoir un antivirus (?!), mais qui pour l'instant n'ont aucun pb, je me dis que j'ai vraiment la poisse ! Bon sinon pour le firewall je veux bien un conseil oui. Je vais suivre tous tes conseils à la lettre et faire suivre autour de moi ! Ah et pour xp, j'ai regardé, tu m'as mis le lien vers un package pour informaticiens... Est-ce qu'il ne veut pas meiux que je m'oriente vers ça : http://www.microsoft.com/downloads/details...;DisplayLang=fr ?

Et sdfix je le trouve nu dans le menu démarrer ni dans ajout suppression de programme, et d'ailleurs je ne trouve pas dans c non plus _OTMoveIt non plus, il n'est pas dans c

Bon alors ça commence : après la commande dans exécuter je suis allée voir s'il y avait qoobox dans c, y a plus. Mais y a combofix avec dedans un fichier commande (?) ? Qu'est-ce que je fais, je dois le supprimer manuellement maintenant ?

Le voilà Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:27, on 2008-08-27 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\sony\vaio media music server\SSSvr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe C:\Program Files\Sony\HotKey Utility\HKserv.exe C:\WINDOWS\system32\ICO.EXE C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\Logi_MwX.Exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\Sony\HotKey Utility\HKWnd.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\D-Link AirPlus XtremeG+\AirPlus.exe C:\Program Files\powerpanel\Program\PcfMgr.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Outlook Express\msimn.exe C:\Documents and Settings\françoise\Bureau\hijack\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.upmf-grenoble.fr:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB003" /M "Stylus Photo RX520" O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: D-Link AirPlus XtremeG+ Configuration Utility.lnk = ? O4 - Global Startup: PowerPanel.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/ O15 - Trusted Zone: *.sony-europe.com O15 - Trusted Zone: *.sonystyle-europe.com O15 - Trusted Zone: *.vaio-link.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141056325588 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IomegaAccess - Unknown owner - C:\Program Files\Iomega\Tools_NT\IOMEGAACCESS.EXE (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe -- End of file - 9879 bytes

Bon et bien j'attends les dernières instructions alors... Merci !

Bon, faut que je m'absente, je serai de retour cet am en espérant pouvoir dire ce soir que je suis totalement réconciliée avec mon ordi ! Ah on a écrit en même temps, bon ben tant mieux. Alors "tout" serait réglé ?!!! (puis-je y croire ?)

mais qu'est-ce qu'il y a avec ce fichu shdocvw.dll ?!!! O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

et voilà, ça semble ok ! O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

voilà ! ================================================== Registry Key : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE15} Name : ButtonText Type : REG_SZ Data : ShopperReports - Compare travel rates Key Modified Time : 2006-12-10 18:27 Data Length : 38 ================================================== ================================================== Registry Key : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE15} Name : HotIcon Type : REG_SZ Data : C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll,202 Key Modified Time : 2006-12-10 18:27 Data Length : 60 ================================================== ================================================== Registry Key : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE15} Name : Icon Type : REG_SZ Data : C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll,201 Key Modified Time : 2006-12-10 18:27 Data Length : 60 ==================================================

Non non, le message d'erreur n'est apparu qu'au premier redémarrage de windows. Bon, je fais ça !

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:46, on 2008-08-27 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\sony\vaio media music server\SSSvr.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe C:\Program Files\Sony\HotKey Utility\HKserv.exe C:\WINDOWS\system32\ICO.EXE C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\Logi_MwX.Exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\D-Link AirPlus XtremeG+\AirPlus.exe C:\Program Files\powerpanel\Program\PcfMgr.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\WINDOWS\system32\svchost.exe C:\Program Files\Sony\HotKey Utility\HKWnd.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Outlook Express\msimn.exe C:\Documents and Settings\françoise\Bureau\hijack\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.upmf-grenoble.fr:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB003" /M "Stylus Photo RX520" O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: D-Link AirPlus XtremeG+ Configuration Utility.lnk = ? O4 - Global Startup: PowerPanel.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/ O15 - Trusted Zone: *.sony-europe.com O15 - Trusted Zone: *.sonystyle-europe.com O15 - Trusted Zone: *.vaio-link.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141056325588 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IomegaAccess - Unknown owner - C:\Program Files\Iomega\Tools_NT\IOMEGAACCESS.EXE (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe -- End of file - 10267 bytes

Me revoilà ! Voilà le rapport d'antivir ci-dessous, j'en fais quoi de ces troyens alors ?! Avira AntiVir Personal Report file date: 2008-08-27 00:03 Scanning for 1575260 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: SHS-LSE127 Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 2008-08-12 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 2008-06-26 08:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 07:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 2008-06-24 13:54:15 ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 2008-08-24 21:58:39 ANTIVIR3.VDF : 7.0.6.74 91136 Bytes 2008-08-26 21:58:41 Engineversion : 8.1.1.23 AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 09:58:21 AESCRIPT.DLL : 8.1.0.68 315770 Bytes 2008-08-26 21:58:51 AESCN.DLL : 8.1.0.23 119156 Bytes 2008-07-10 12:44:49 AERDL.DLL : 8.1.0.20 418165 Bytes 2008-04-24 12:37:48 AEPACK.DLL : 8.1.2.1 364917 Bytes 2008-07-15 12:58:35 AEOFFICE.DLL : 8.1.0.22 192890 Bytes 2008-08-26 21:58:49 AEHEUR.DLL : 8.1.0.50 1388918 Bytes 2008-08-26 21:58:48 AEHELP.DLL : 8.1.0.15 115063 Bytes 2008-07-10 12:44:48 AEGEN.DLL : 8.1.0.36 315764 Bytes 2008-08-26 21:58:43 AEEMU.DLL : 8.1.0.7 430452 Bytes 2008-07-31 08:33:21 AECORE.DLL : 8.1.1.8 172406 Bytes 2008-07-31 08:33:21 AEBB.DLL : 8.1.0.1 53617 Bytes 2008-07-10 12:44:48 AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 2008-08-26 21:58:41 AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, F:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: 2008-08-27 00:03 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'ApntEx.exe' - '1' Module(s) have been scanned Scan process 'HKWnd.exe' - '1' Module(s) have been scanned Scan process 'soffice.bin' - '1' Module(s) have been scanned Scan process 'soffice.exe' - '1' Module(s) have been scanned Scan process 'PcfMgr.exe' - '1' Module(s) have been scanned Scan process 'AIRPLUS.exe' - '1' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'BJMYPRT.EXE' - '1' Module(s) have been scanned Scan process 'wscntfy.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'LOGI_MWX.EXE' - '1' Module(s) have been scanned Scan process 'issch.exe' - '1' Module(s) have been scanned Scan process 'E_FATIAGE.EXE' - '1' Module(s) have been scanned Scan process 'LVComS.exe' - '1' Module(s) have been scanned Scan process 'ezSP_Px.exe' - '1' Module(s) have been scanned Scan process 'ico.exe' - '1' Module(s) have been scanned Scan process 'HKServ.exe' - '1' Module(s) have been scanned Scan process 'stacmon.exe' - '1' Module(s) have been scanned Scan process 'Apoint.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'UPnPFramework.exe' - '1' Module(s) have been scanned Scan process 'sv_httpd.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SSSvr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned Scan process 'cvpnd.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 48 processes with 48 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Master boot sector HD2 [iNFO] No virus was found! Master boot sector HD3 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Boot sector 'F:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '71' files ). Starting the file scan: Begin scan in 'C:\' <VAIO> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\QooBox\Quarantine\C\quarantine\sysrest32.exe.Vir.vir [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49278a57.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\a.exe.vir [DETECTION] Is the TR/Dldr.Small.abcz Trojan [NOTE] The file was moved to '49198a10.qua'! C:\System Volume Information\_restore{C756B886-BED8-4353-BE4B-5F7708792A96}\RP6\A0003043.exe [DETECTION] Is the TR/Agent.aakq Trojan [NOTE] The file was moved to '48e48a48.qua'! C:\System Volume Information\_restore{C756B886-BED8-4353-BE4B-5F7708792A96}\RP6\A0003044.scr [DETECTION] Is the TR/Peed.A.661 Trojan [NOTE] The file was moved to '48e48a4b.qua'! C:\System Volume Information\_restore{C756B886-BED8-4353-BE4B-5F7708792A96}\RP6\A0003045.exe [DETECTION] Is the TR/Dldr.Small.euf Trojan [NOTE] The file was moved to '48e48a4e.qua'! C:\System Volume Information\_restore{C756B886-BED8-4353-BE4B-5F7708792A96}\RP6\A0003046.exe [DETECTION] Is the TR/Dldr.FraudLoa.NC Trojan [NOTE] The file was moved to '48e48a51.qua'! C:\System Volume Information\_restore{C756B886-BED8-4353-BE4B-5F7708792A96}\RP7\A0003097.exe [DETECTION] Is the TR/Dldr.Small.abcz Trojan [NOTE] The file was moved to '48e48a58.qua'! C:\_OTMoveIt\MovedFiles\08182008_083937\WINDOWS\ABox.exe [DETECTION] Is the TR/Dldr.VB.fj Trojan [NOTE] The file was moved to '49238f66.qua'! Begin scan in 'D:\' <VAIO> Begin scan in 'F:\' <DD Externe> End of the scan: 2008-08-27 01:37 Used time: 1:33:30 Hour(s) The scan has been done completely. 9452 Scanning directories 445432 Files were scanned 8 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 8 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 445422 Files not concerned 8110 Archives were scanned 3 Warnings 8 Notes

Finalement chui pas encore au lit, j'ai maté david bowie à la télé... ...et en revenant : déjà 7 virus, enfin chevaux de troyes. Youpi ! Bon, tous en quarantaine et on va voir pour la suite, merci pour le lien, par contre j'ai pas trouvé comment paramétrer pour mettre automatiquement en quarantaine quand un virus est détecté. Je vais regarder ça.