FEMOL

Un administrateur peut-il indiqué que ce sujet est fermé et déplacé vers le site de Pierre13! Merci.

La dernière action entreprise a vraiment eu un effet devastateur sur mon PC. On dirait comme si un nouveau boot.ini a été crée. Ma partition D a complètement été effacé. Word ne marche plus. Je n'ai plus aucun programme installé dans Demarrer -> Programmes. De meme j'ai perdu tout mon marque page. Quelqu'un peut-il me venir en aide et me dire comment je fais pour récupérer mon PC dans l'état n-1. Un backup a t'il été fait lors de la dernière intervention USBFIX? Merci de votre aide.

J'ai payé premium. Elle est reactivée. Je relance une analyse complete. Voici en attendant ce que Hijack donne. Tu ne m'a pas répondu sur le fait de savoir si je peux ou pas récupérer ce que je ne vois plus: Directoire complet "mes documents" et tout mon marque page, car humain que je suis je n'ai naturellement pas fait de sauvegarde!!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:51:06, on 26/03/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINNT\system32\drivers\CDAC11BA.EXE C:\Cadence\license_manager\lmgrd.exe C:\Cadence\license_manager\lmgrd.exe D:\Program Files\Executive Software\DiskeeperLite\DKService.exe C:\Cadence\license_manager\cdslmd.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\WINNT\system32\hasplms.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINNT\system32\lxddcoms.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Notes\ntmulti.exe C:\WINNT\system32\NA_Service.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINNT\system32\NA_XWAY.exe C:\WINNT\System32\svchost.exe C:\padspwr\Security\License_Management\lmgrd.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINNT\System32\svchost.exe c:\winnt\system32\SUSS.EXE C:\WINNT\system32\UsbConnect.exe C:\WINNT\system32\usbconsole.exe C:\Program Files\Avira\AntiVir Desktop\avmailc.exe C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\WINNT\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe D:\Program Files\Winamp\winampa.exe C:\WINNT\system32\ctfmon.exe C:\padspwr\Security\License_Management\psidaemon.exe C:\Program Files\Orange\IEWInternet\Launcher\Launcher.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files\Orange\IEWInternet\systray\systrayapp.exe C:\Program Files\Orange\IEWInternet\connectivity\connectivitymanager.exe C:\Program Files\Orange\IEWInternet\PhoneTools\TextMessaging.exe C:\Program Files\Orange\IEWInternet\Deskboard\deskboard.exe C:\Program Files\Orange\IEWInternet\connectivity\CoreCom\CoreCom.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HJT\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [igfxTray] C:\WINNT\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [CardDetectorZTEMF636] C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINNT\system32\GPhotos.scr/200 O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://intranaut O15 - Trusted Zone: metaweb.aut.schneider-electric.com O15 - Trusted Zone: unity-intranets-d.aut.schneider-electric.com O15 - Trusted Zone: unity-intranets.aut.schneider-electric.com O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} - http://www.solidworks.com/plugins/edrawing...cfm?Release=rel O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aut.schneider-electric.com O17 - HKLM\Software\..\Telephony: DomainName = aut.schneider-electric.com O17 - HKLM\System\CCS\Services\Tcpip\..\{279E7A2C-B766-4A82-9F71-6C9ACC64A76F}: NameServer = 194.51.3.56 10.11.12.14 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aut.schneider-electric.com O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira Pare-feu (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE O23 - Service: Cadence License Manager - Macrovision Corporation - C:\Cadence\license_manager\lmgrd.exe O23 - Service: CVSNT Locking Service 2.5.03.2382 (cvslock) - Unknown owner - C:\Program Files\CVSNT\cvslock.exe O23 - Service: CVSNT Dispatch service 2.5.03.2382 (cvsnt) - March Hare Software Ltd - C:\Program Files\CVSNT\cvsservice.exe O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Program Files\Executive Software\DiskeeperLite\DKService.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINNT\system32\hasplms.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINNT\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe O23 - Service: lxdd_device - - C:\WINNT\system32\lxddcoms.exe O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Notes\ntmulti.exe O23 - Service: NetAccess Service (NA_Service) - Schneider Automation SAS - C:\WINNT\system32\NA_Service.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: PowerPCB License Server - Unknown owner - C:\padspwr\Security\License_Management\lmgrd.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: Usb PLC (UsbConnect) - Schneider Automation - C:\WINNT\system32\UsbConnect.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 11459 bytes

Avec quoi veux tu que je fasse l'analyse du PC? Hijack? Y a t'il moyen pour moi de récupérer mon directoire complet de travail? Plus exactement une archive est-elle faite? Un point de restauration? Comment puis je récupérer tout mon marque page? Est ce perdu tout cela? Ca serait cool que je puisse effectivement récupéré au moins mon directoire et le marque page. En tout cas le PC présente peau neuve!!

Perdu aussi tout mon marque page!!! Normal?

Oups! Alors pour une desinfection c'est une sacré desinfection!!!!! Voici le fichier demandé crée par UsbFix: ############################## | UsbFix V6.100 | User : FMolina () # SO-FMOLINA Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8 Start at: 16:20:30 | 26/03/2010 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com Intel® Pentium® M processor 1.73GHz Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2 Internet Explorer 6.0.2900.2180 Windows Firewall Status : Disabled AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | (!) Outdated ] FW : Avira Pare-feu[ (!) Disabled ]9.0.1.32 C:\ -> Disque fixe local # 28.51 Go (9.91 Go free) [sYSTEM] # NTFS D:\ -> Disque fixe local # 46.02 Go (13.8 Go free) [DATA] # NTFS E:\ -> Disque CD-ROM # 0 Mo (0 Mo free) [Audio CD] # CDFS F:\ -> Disque CD-ROM H:\ -> Disque amovible # 3.69 Go (3.45 Go free) # FAT32 J:\ -> Disque fixe local # 232.83 Go (181.48 Go free) [WD Passport] # FAT32 V:\ -> Connexion réseau W:\ -> Connexion réseau X:\ -> Connexion réseau ################## | Elements infectieux | Supprimé ! D:\DATA\Profiles\FMolina\LOCALS~1\Temp\xmlUpdater.exe C:\autorun.inf -> fichier appelé : "C:\husyu8n.exe" ( Absent ! ) Supprimé ! C:\autorun.inf Supprimé ! C:\DATA Supprimé ! C:\Recycler\S-1-5-21-291443943-770071669-1042822891-4385 Supprimé ! C:\Recycler\S-1-5-21-291443943-770071669-1042822891-5415 D:\autorun.inf -> fichier appelé : "D:\husyu8n.exe" ( Absent ! ) Supprimé ! D:\autorun.inf (!) Non supprimé ! D:\DATA Supprimé ! D:\Recycler\S-1-5-21-1292428093-1957994488-839522115-500 Supprimé ! D:\Recycler\S-1-5-21-1615418984-1167946718-885933672-500 Supprimé ! D:\Recycler\S-1-5-21-291443943-770071669-1042822891-4385 Supprimé ! D:\Recycler\S-1-5-21-291443943-770071669-1042822891-5415 Supprimé ! J:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665 ################## | Registre | Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "MSConfig" ################## | Mountpoints2 | Supprimé ! HKCU\...\Explorer\MountPoints2\C\Shell\AutoRun\Command Supprimé ! HKCU\...\Explorer\MountPoints2\D\Shell\AutoRun\Command Supprimé ! HKCU\...\Explorer\MountPoints2\{0cb029b8-1b81-11dc-a851-0013ce5eaa98}\Shell\AutoRun\Command Supprimé ! HKCU\...\Explorer\MountPoints2\{111a569a-bd41-11de-aae8-0013ce5eaa98}\Shell\AutoRun\Command Supprimé ! HKCU\...\Explorer\MountPoints2\{111a569b-bd41-11de-aae8-0013ce5eaa98}\Shell\AutoRun\Command Supprimé ! HKCU\...\Explorer\MountPoints2\{111a569e-bd41-11de-aae8-0013ce5eaa98}\Shell\AutoRun\Command Supprimé ! HKCU\...\Explorer\MountPoints2\{111a569f-bd41-11de-aae8-0013ce5eaa98}\Shell\AutoRun\Command Supprimé ! HKCU\...\Explorer\MountPoints2\{365c216c-a59e-11dd-a9d0-0013ce5eaa98}\Shell\AutoRun\Command Supprimé ! HKCU\...\Explorer\MountPoints2\{9755ea10-2544-11de-aa15-0013ce5eaa98}\Shell\AutoRun\Command Supprimé ! HKCU\...\Explorer\MountPoints2\{a1dd16e0-c791-11de-aafe-0013ce5eaa98}\Shell\AutoRun\Command Supprimé ! HKCU\...\Explorer\MountPoints2\{ad5af468-96b0-11dd-a9c6-0013ce5eaa98}\Shell\AutoRun\Command Supprimé ! HKCU\...\Explorer\MountPoints2\{b9d2d0e5-1d2b-11de-aa13-0013ce5eaa98}\Shell\AutoRun\Command Supprimé ! HKCU\...\Explorer\MountPoints2\{c3fef5e0-569e-11de-aa3f-0013ce5eaa98}\Shell\AutoRun\Command Supprimé ! HKCU\...\Explorer\MountPoints2\{e4d10b75-f931-11de-ab60-0013ce5eaa98}\Shell\AutoRun\Command Supprimé ! HKCU\...\Explorer\MountPoints2\{e7a1a5f6-0bf4-11de-aa06-0013ce5eaa98}\Shell\AutoRun\Command Supprimé ! HKCU\...\Explorer\MountPoints2\{f1762d00-e5c7-11de-ab37-0013ce5eaa98}\Shell\AutoRun\Command Supprimé ! HKCU\...\Explorer\MountPoints2\{f1762d01-e5c7-11de-ab37-0013ce5eaa98}\Shell\AutoRun\Command Supprimé ! HKCU\...\Explorer\MountPoints2\{f1762d04-e5c7-11de-ab37-0013ce5eaa98}\Shell\AutoRun\Command ################## | Listing des fichiers présent | [26/11/2009 19:45|--a------|736] C:\.bash_history [24/10/2009 12:17|--a------|10992405] C:\40609_1.zip [21/10/2009 20:41|--a------|164352] C:\9A510350 [30/11/2009 12:48|--a------|7397] C:\allegro.jrl [02/12/2009 14:27|--a------|478] C:\allegro_librarian.jrl [27/11/2006 18:19|--a------|23040] C:\ANALYSIS OF CARROS PRODUCTION.doc [24/09/2008 13:16|--a------|184823] C:\Attestation.pdf [24/04/2006 09:31|--a------|1307] C:\AUD_CIM.INI [09/06/2005 12:58|--a------|0] C:\AUTOEXEC.BAT [16/12/2008 15:59|--a------|126668] C:\board33.txt [15/09/2009 15:52|--a------|119296] C:\Board_problem.xls [25/03/2010 13:38|-rahs----|207] C:\boot.ini [30/03/2009 19:28|--a------|973] C:\bootCPUESO.TXT [09/06/2005 14:42|---hs----|512] C:\BOOTSECT.DOS [05/03/2009 16:47|--a------|371688] C:\cal.hex [17/09/2009 12:32|--a------|1382] C:\calib.csv [17/09/2009 12:40|--a------|22016] C:\calib.xls [09/06/2005 12:58|--a------|0] C:\CONFIG.SYS [02/12/2009 14:06|--a------|1054] C:\dbdoctor_ui.jrl [07/11/2009 21:36|--a------|43] C:\devices.dml [03/10/2008 13:41|--a------|154] C:\eco.err [30/06/2009 14:00|--a------|117760] C:\Fichier porte standard.erdw [14/04/2006 13:24|--a------|0] C:\fich_meta_artwork.wrk [23/09/2008 08:24|--a------|54784] C:\franck_CV3.doc [02/10/2008 16:13|--a------|117760] C:\FsVST16_DA.doc [02/10/2008 16:13|--a------|130560] C:\FsVST17_C&RT.doc [24/02/2010 19:19|--a------|2949405] C:\GTC7_CILAS_ModeBlock_ok.mcs [11/07/2006 15:42|--a------|21] C:\InfoHPSY.txt [09/06/2005 12:58|-rahs----|0] C:\IO.SYS [02/06/2006 16:54|--a------|1737] C:\ipconfig.txt [27/04/2002 13:04|--a------|565201] C:\lame-3.92.zip [01/08/2007 09:11|--a------|253952] C:\LMS_908R_lre.BIN [13/11/2006 17:31|--a------|2] C:\log1.txt [08/03/2010 17:05|--a------|222] C:\lxdd.log [06/01/2009 19:27|--a------|540202] C:\MASTER 32220-221-0B60_VME64X 21 slot.pdf [16/09/2009 13:26|--a------|142883] C:\mpgth000.log [16/09/2009 13:11|--a------|13567] C:\MPUsbSIn.log [09/06/2005 12:58|-rahs----|0] C:\MSDOS.SYS [17/03/2009 07:27|--a------|100352] C:\NDF01_MOLINA Franck_xxx.xls [27/03/2007 13:17|-rahs----|47564] C:\NTDETECT.COM [27/03/2007 13:17|-rahs----|250032] C:\ntldr [17/03/2009 07:54|--a------|87040] C:\OM01_MOLINA Franck_xxx.xls [17/03/2009 07:54|--a------|87040] C:\OM01_MOLINA Franck_xyz.xls [01/03/2010 19:14|--a------|257] C:\PACsFile002.dll [02/12/2009 16:53|--a------|171] C:\pad_designer.jrl [?|?|?] C:\pagefile.sys [15/10/2008 18:39|--a------|585904] C:\Probleme.pdf [24/04/2007 12:55|--a------|46] C:\Program1.dml [07/02/2007 14:44|--a------|285] C:\Raccourci vers SYSTEM ©.lnk [27/03/2008 02:49|--a------|41512] C:\rapport.txt [07/07/2009 12:12|--a------|11043] C:\RECUP.DOC [01/02/2010 22:14|--a------|85149] C:\RECUP1.DOC [08/09/2009 18:13|--a------|32768] C:\Remarques CILAS & GTC.xls [24/09/2008 11:42|--a------|429813] C:\SCAN0513_000.pdf [16/11/2005 09:35|--a------|0] C:\search.ini [10/04/2009 13:11|--a------|40926] C:\SHWSVR.tar.gz [07/11/2009 21:43|--a------|1700] C:\signoise.log [07/11/2009 21:42|--a------|205] C:\sigwave.jrl [07/11/2009 21:43|--a------|11892] C:\sigxp.jrl [01/07/2009 12:26|--a------|114211] C:\sp80564.dxf [19/01/2009 15:17|--a------|2046496] C:\Sphere.mcs [07/11/2009 21:42|--a------|173] C:\sweep_rpt_tab.txt [25/03/2010 14:08|--a------|2550] C:\TB.txt [25/03/2010 13:55|--a------|23438] C:\TB_option1.txt [25/03/2010 14:09|--a------|2550] C:\TB_Option2.txt [01/07/2009 01:01|--a------|919] C:\TEMPineContents.txt [14/04/2006 13:24|--a------|49] C:\temp_meta.bat [22/04/2009 16:29|--a------|2359350] C:\test voltage.bmp [05/02/2010 03:14|--ahs----|5632] C:\Thumbs.db [16/06/2009 22:08|--a------|25088] C:\Un bien belle histoire..doc [24/05/2001 11:59|--a------|162304] C:\UNWISE.EXE [17/12/2008 23:00|--a------|836010] C:\VLT-ICD-ESO-16100-3421_iss6.pdf [30/01/2009 13:21|--a------|157246] C:\Voie Haute tension.pdf [08/11/2002 10:55|--a------|152] C:\windows [07/11/2006 18:17|--a------|11736] C:\_viminfo [23/08/2009 13:54|--ah-----|162] C:\~$anck_CV3.doc [01/02/2010 22:14|--ah-----|162] C:\~$RECUP1.DOC [31/07/2007 13:42|--a------|369098752] D:\fmolina.nsf [29/02/2004 16:44|--a------|52576] D:\orange.bmp [08/01/2009 22:33|--a------|203] D:\Raccourci vers Lecteur CD.lnk [26/03/2010 16:54|--a------|8255] D:\UsbFix.txt [01/01/1995 01:00|-r-------|44] E:\Track01.cda [01/01/1995 01:03|-r-------|44] E:\Track02.cda [01/01/1995 01:07|-r-------|44] E:\Track03.cda [01/01/1995 01:10|-r-------|44] E:\Track04.cda [01/01/1995 01:14|-r-------|44] E:\Track05.cda [01/01/1995 01:18|-r-------|44] E:\Track06.cda [01/01/1995 01:21|-r-------|44] E:\Track07.cda [01/01/1995 01:26|-r-------|44] E:\Track08.cda [01/01/1995 01:31|-r-------|44] E:\Track09.cda [01/01/1995 01:35|-r-------|44] E:\Track10.cda [01/01/1995 01:39|-r-------|44] E:\Track11.cda [01/01/1995 01:43|-r-------|44] E:\Track12.cda [25/01/2010 11:10|--a------|1119770] H:\CODE - ShaktiWiki.pdf [26/01/2010 11:09|--a------|114003] H:\Photo_backplane_VPX_Ccode 011.JPG [26/01/2010 11:10|--a------|119803] H:\Photo_backplane_VPX_Ccode 012.JPG [26/01/2010 11:11|--a------|117126] H:\Photo_backplane_VPX_Ccode 013.JPG [26/01/2010 11:12|--a------|123252] H:\Photo_backplane_VPX_Ccode 014.JPG [26/01/2010 11:13|--a------|85404] H:\Photo_backplane_VPX_Ccode 002.JPG [26/01/2010 11:14|--a------|106578] H:\Photo_backplane_VPX_Ccode 003.JPG [26/01/2010 11:14|--a------|123709] H:\Photo_backplane_VPX_Ccode 004.JPG [26/01/2010 11:15|--a------|150202] H:\Photo_backplane_VPX_Ccode 005.JPG [26/01/2010 11:16|--a------|58090] H:\Photo_backplane_VPX_Ccode 006.JPG [26/01/2010 11:17|--a------|95263] H:\Photo_backplane_VPX_Ccode 008.JPG [26/01/2010 11:18|--a------|89015] H:\Photo_backplane_VPX_Ccode 009.JPG [26/01/2010 11:19|--a------|89993] H:\Photo_backplane_VPX_Ccode 010.JPG [19/01/2010 10:52|--a------|144590] H:\image_IG.png [26/01/2010 11:17|--a------|65160] H:\Photo_backplane_VPX_Ccode 007.jpg [31/01/2010 15:34|--a------|880182] H:\shakti_mechanics.bmp [01/02/2010 12:48|--a------|1211322] H:\jaeger_connector.bmp [01/02/2010 13:25|--a------|38000128] H:\UM_INGCIL0082696_GTC User and Installation Manual_121009.doc [01/02/2010 14:32|--a------|5713920] H:\VLT-TRE-ESO-16100-xxxx HO-CODE Test Campaign.doc [01/02/2010 14:43|--a------|1076588] H:\DSXE3PS67SS67SS106P73EN.pdf [02/02/2010 09:14|--a------|741942] H:\architect_old.bmp [03/06/2009 11:53|--a------|16767488] H:\DR01_INGCIL0082696_GTC_380Channels_4.1.doc [03/02/2010 10:17|--a------|12301] H:\Calendrier.pdf [02/02/2010 20:51|--a------|72192] H:\Bilan conso suite.xls [03/02/2010 10:56|--a------|19151760] H:\HVBoard _128_V1.0.pcb [04/02/2010 23:52|--a------|847070] H:\VPX_P3.bmp [05/02/2010 00:27|--a------|26624] H:\HVOUT_VPX_P3-P6.xls [02/02/2009 18:23|--a------|907501] H:\sop_manual_eng_050907-2.pdf [14/05/2009 13:56|--a------|4126777] H:\imp_ds_1225325899.pdf [07/02/2010 14:48|--a------|506695] H:\AssyBot2901952rC.pdf [07/02/2010 15:20|--a------|166471] H:\FAB2901952rC.pdf [07/02/2010 15:35|--a------|1179234] H:\BP hybrid VME64X-VPX (2+5)_SCH 1900001952-0000.pdf [11/08/2009 13:07|--a------|201548] H:\DFR000043100_electricity.pdf [09/02/2010 15:59|--a------|17920] H:\onera_capteurs.xls [10/02/2010 14:47|--a------|756917] H:\DSMA-N-403-09-P Sp‚cification Technique de Besoin CROR V2.1.pdf [12/02/2010 19:21|--a------|587873] H:\Compl‚ment-STB-essai-CROR.pdf [17/02/2010 12:07|--a------|26253] H:\ONERA.pdf [20/02/2010 16:31|--a------|5049856] H:\PTF_INGONE0323768_systŠme_acquisition_CROR_V1.0.doc [03/03/2010 10:44|--a------|44008448] H:\CCODE_DesignReportv3.0_070210.doc [17/10/2009 19:24|--a------|736962] H:\PIC_FIRMWARE_v1.4.zip [07/03/2010 13:34|--a------|303230] H:\frais_activit‚_shakti_022010.pdf [26/02/2010 00:21|--a------|230814] H:\Attestion demandeur d'emploi.pdf [18/03/2010 17:16|--a------|0] H:\CCODE_DesignReportv4.0.doc [18/03/2010 17:28|--a------|8839680] H:\~WRD0002.tmp [02/12/2008 16:22|--a------|24576] H:\Identifiants.doc [10/07/2009 21:52|--a------|86484] H:\(Avis de r_351ception - PayPal).pdf [04/11/2008 13:50|--a------|81203] H:\FAX FRANCK.pdf [10/07/2009 21:39|--a------|107462] H:\FINALISATION DE L'ACHAT VTT.pdf [27/07/2009 17:37|--a------|52736] J:\franck_CV3.doc [16/11/2007 09:04|--a------|4805120] J:\WDSync.exe [11/09/2009 17:36|--a------|339146] J:\drvtst.c [30/07/2009 11:15|--a------|55296] J:\franck_CV_270709.doc [27/07/2009 18:30|--a------|883064] J:\Coelho, Paulo - L'Alchimiste [Par TariLenwe ebook fr fran__ais].pdf [11/12/2009 19:01|--a------|42314] J:\VirtualDJ Local Database v6.xml [27/07/2009 20:02|--a------|509962] J:\Article_popsud.pdf [23/09/2009 16:48|--a------|3827750] J:\IHM_GTC_v1.0.0.5.rar ################## | Vaccination | # C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). # D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). # H:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). # J:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). ################## | Upload | Veuillez envoyer le fichier : D:\UsbFix_Upload_Me_FR.ACC.zip : http://chiquitine.changelog.fr/Sample/Upload.php Merci pour votre contribution . ################## | ! Fin du rapport # UsbFix V6.100 ! | Par contre tous le directoire Mes documents est completement vide! Je ne sais pas si c'est normal, mais c'est pas cool. J'avais tout mon directoire de travail et mes documents de travail a l'intérieur!!!! Fond d'écran completement disparu! Perdu tous les raccourcis sur le bureau et dans la barre de gestion!!!! Est ce normal?????

Bonne lecture pour le peer to peer! Voici le rapport de Usbfix: ############################## | UsbFix V6.100 | User : FMolina () # SO-FMOLINA Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8 Start at: 15:33:08 | 26/03/2010 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com Intel® Pentium® M processor 1.73GHz Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2 Internet Explorer 6.0.2900.2180 Windows Firewall Status : Disabled AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | (!) Outdated ] FW : Avira Pare-feu[ (!) Disabled ]9.0.1.32 C:\ -> Disque fixe local # 28.51 Go (9.99 Go free) [sYSTEM] # NTFS D:\ -> Disque fixe local # 46.02 Go (13.81 Go free) [DATA] # NTFS E:\ -> Disque CD-ROM # 0 Mo (0 Mo free) [Audio CD] # CDFS F:\ -> Disque CD-ROM H:\ -> Disque amovible # 3.69 Go (3.45 Go free) # FAT32 J:\ -> Disque fixe local # 232.83 Go (181.48 Go free) [WD Passport] # FAT32 V:\ -> Connexion réseau W:\ -> Connexion réseau X:\ -> Connexion réseau ################## | Elements infectieux | D:\DATA\Profiles\FMolina\LOCALS~1\Temp\xmlUpdater.exe C:\autorun.inf -> fichier appelé : "C:\husyu8n.exe" ( Absent ! ) C:\autorun.inf C:\DATA D:\autorun.inf -> fichier appelé : "D:\husyu8n.exe" ( Absent ! ) D:\autorun.inf D:\DATA ################## | Registre | [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "MSConfig" ################## | Mountpoints2 | HKCU\..\..\Explorer\MountPoints2\C Shell\AutoRun\command =husyu8n.exe Shell\open\Command =husyu8n.exe HKCU\..\..\Explorer\MountPoints2\D Shell\AutoRun\command =husyu8n.exe Shell\open\Command =husyu8n.exe HKCU\..\..\Explorer\MountPoints2\{0cb029b8-1b81-11dc-a851-0013ce5eaa98} Shell\AutoRun\command =F:\LaunchU3.exe HKCU\..\..\Explorer\MountPoints2\{111a569a-bd41-11de-aae8-0013ce5eaa98} Shell\AutoRun\command =H:\setup_vmc_lite.exe /checkApplicationPresence HKCU\..\..\Explorer\MountPoints2\{111a569b-bd41-11de-aae8-0013ce5eaa98} Shell\AutoRun\command =H:\setup_vmc_lite.exe /checkApplicationPresence HKCU\..\..\Explorer\MountPoints2\{111a569e-bd41-11de-aae8-0013ce5eaa98} Shell\AutoRun\command =H:\setup_vmc_lite.exe /checkApplicationPresence HKCU\..\..\Explorer\MountPoints2\{111a569f-bd41-11de-aae8-0013ce5eaa98} Shell\AutoRun\command =H:\setup_vmc_lite.exe /checkApplicationPresence HKCU\..\..\Explorer\MountPoints2\{365c216c-a59e-11dd-a9d0-0013ce5eaa98} Shell\AutoRun\command =F:\xih9.cmd Shell\explore\Command =F:\xih9.cmd Shell\open\Command =F:\xih9.cmd HKCU\..\..\Explorer\MountPoints2\{77a55a42-55b0-11da-a6dc-806d6172696f} Shell\AutoRun\command =husyu8n.exe Shell\open\Command =husyu8n.exe HKCU\..\..\Explorer\MountPoints2\{9755ea10-2544-11de-aa15-0013ce5eaa98} Shell\AutoRun\command =G:\setup_vmc_lite.exe /checkApplicationPresence HKCU\..\..\Explorer\MountPoints2\{a1dd16e0-c791-11de-aafe-0013ce5eaa98} Shell\AutoRun\command =H:\setup_vmc_lite.exe /checkApplicationPresence HKCU\..\..\Explorer\MountPoints2\{ad5af468-96b0-11dd-a9c6-0013ce5eaa98} Shell\AutoRun\command =G:\iqe68o.bat Shell\explore\Command =G:\iqe68o.bat Shell\open\Command =G:\iqe68o.bat HKCU\..\..\Explorer\MountPoints2\{b9d2d0e5-1d2b-11de-aa13-0013ce5eaa98} Shell\AutoRun\command =G:\iqe68o.bat Shell\explore\Command =G:\iqe68o.bat Shell\open\Command =G:\iqe68o.bat HKCU\..\..\Explorer\MountPoints2\{c3fef5e0-569e-11de-aa3f-0013ce5eaa98} Shell\AutoRun\command =G:\LaunchU3.exe -a HKCU\..\..\Explorer\MountPoints2\{e4d10b75-f931-11de-ab60-0013ce5eaa98} Shell\AutoRun\command =H:\AutoRun.exe HKCU\..\..\Explorer\MountPoints2\{e7a1a5f6-0bf4-11de-aa06-0013ce5eaa98} Shell\AutoRun\command =F:\2u.com Shell\explore\Command =F:\2u.com Shell\open\Command =F:\2u.com HKCU\..\..\Explorer\MountPoints2\{f1762d00-e5c7-11de-ab37-0013ce5eaa98} Shell\AutoRun\command =H:\setup_vmc_lite.exe /checkApplicationPresence HKCU\..\..\Explorer\MountPoints2\{f1762d01-e5c7-11de-ab37-0013ce5eaa98} Shell\AutoRun\command =H:\setup_vmc_lite.exe /checkApplicationPresence HKCU\..\..\Explorer\MountPoints2\{f1762d04-e5c7-11de-ab37-0013ce5eaa98} Shell\AutoRun\command =H:\setup_vmc_lite.exe /checkApplicationPresence ################## | Vaccin | ################## | ! Fin du rapport # UsbFix V6.100 ! |

voici d'ailleurs une image des dossiers mis en quarantaine: Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3911 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 25/03/2010 23:41:58 mbam-log-2010-03-25 (23-41-58).txt Type de recherche: Examen complet (C:\|D:\|H:\|J:\|) Eléments examinés: 891501 Temps écoulé: 7 hour(s), 15 minute(s), 55 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 3 Fichier(s) infecté(s): 6 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\CLSID\NOD32KVBIT (Trojan.Frethog) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Dossier(s) infecté(s): D:\Data\Profiles\FMolina\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully. D:\Data\Profiles\FMolina\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully. D:\Data\Profiles\FMolina\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully. Fichier(s) infecté(s): D:\Program Files\Steinberg\Cubase SX 3\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully. J:\Outils\Musique\Sony Soundforge 7.0 + Keygen + Patch Fr + Plugins\Sony-Soundforge-70+keygen-by-ZorRo\Sony.Sound.Forge.KeyGen\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. D:\Data\Profiles\FMolina\Application Data\RegistrySmart\Errors.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully. D:\Data\Profiles\FMolina\Application Data\RegistrySmart\Results.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully. D:\Data\Profiles\FMolina\Application Data\RegistrySmart\Registry Backups\2007-07-06_08-06-50.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\WINNT\AhnRpta.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.

Je m'excuse et je ne recommencerait pas. Comprend seulement que j'utilise mon PC pour travailler et je suis quelque peu inquiet de savoir que ma base de travail est spoliée. Je n'ai donc qu'une envie qui est de la voir vaccinée au plus vite et même si je regrette mon attitude elle reste somme toute bien humaine. Un peu comme un malade qui fait appel a un bon professeur et qui suite a un contact très positif, au premier abord, a l'impression qu'une réponse peu tarder sans effectivement prendre en compte le fait que le dit professeur peut-être occupé à d'autres taches.... Parenthèse refermée! Par contre j'ai bien effectué les consignes demandées, cad qu'après que les Malwares aient été détectés, j'ai bien affiché les résultats, est tout coché et j'ai bien cliqué sur la suppression de la sélection. MBMA m'a bien indiqué que les fichiers vérolés étaient mis en quarantaine. Je ne sais donc pas pourquoi dans le fichier copier-coller il est indiqué, aucune action!!!!

Impression de ne plus recevoir de mail tant sur Gmail que Yahoo? Grave Doctors?

Hé bien! Impressionnant!!! Après 7h15'55'' les gagnants sont Malwarebyte: Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3911 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 25/03/2010 23:41:40 mbam-log-2010-03-25 (23-41-37).txt Type de recherche: Examen complet (C:\|D:\|H:\|J:\|) Eléments examinés: 891501 Temps écoulé: 7 hour(s), 15 minute(s), 55 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 3 Fichier(s) infecté(s): 6 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\CLSID\NOD32KVBIT (Trojan.Frethog) -> No action taken. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> No action taken. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> No action taken. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken. Dossier(s) infecté(s): D:\Data\Profiles\FMolina\Application Data\RegistrySmart (Rogue.RegistrySmart) -> No action taken. D:\Data\Profiles\FMolina\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> No action taken. D:\Data\Profiles\FMolina\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> No action taken. Fichier(s) infecté(s): D:\Program Files\Steinberg\Cubase SX 3\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken. J:\Outils\Musique\Sony Soundforge 7.0 + Keygen + Patch Fr + Plugins\Sony-Soundforge-70+keygen-by-ZorRo\Sony.Sound.Forge.KeyGen\keygen.exe (Trojan.Downloader) -> No action taken. D:\Data\Profiles\FMolina\Application Data\RegistrySmart\Errors.stg (Rogue.RegistrySmart) -> No action taken. D:\Data\Profiles\FMolina\Application Data\RegistrySmart\Results.stg (Rogue.RegistrySmart) -> No action taken. D:\Data\Profiles\FMolina\Application Data\RegistrySmart\Registry Backups\2007-07-06_08-06-50.reg (Rogue.RegistrySmart) -> No action taken. C:\WINNT\AhnRpta.exe (Trojan.Backdoor) -> No action taken. HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:55:01, on 25/03/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINNT\system32\drivers\CDAC11BA.EXE C:\Cadence\license_manager\lmgrd.exe C:\Cadence\license_manager\lmgrd.exe D:\Program Files\Executive Software\DiskeeperLite\DKService.exe C:\Cadence\license_manager\cdslmd.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\WINNT\system32\hasplms.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINNT\system32\lxddcoms.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Notes\ntmulti.exe C:\WINNT\system32\NA_Service.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINNT\system32\NA_XWAY.exe C:\WINNT\System32\svchost.exe C:\padspwr\Security\License_Management\lmgrd.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINNT\System32\svchost.exe c:\winnt\system32\SUSS.EXE C:\WINNT\system32\UsbConnect.exe C:\WINNT\system32\usbconsole.exe C:\Program Files\Avira\AntiVir Desktop\avmailc.exe C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\WINNT\Explorer.EXE C:\WINNT\system32\wuauclt.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\padspwr\Security\License_Management\psidaemon.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe D:\Program Files\Winamp\winampa.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Orange\IEWInternet\Launcher\Launcher.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files\Orange\IEWInternet\systray\systrayapp.exe C:\Program Files\Orange\IEWInternet\connectivity\connectivitymanager.exe C:\Program Files\Orange\IEWInternet\PhoneTools\TextMessaging.exe C:\Program Files\Orange\IEWInternet\Deskboard\deskboard.exe C:\Program Files\Orange\IEWInternet\connectivity\CoreCom\CoreCom.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [igfxTray] C:\WINNT\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [CardDetectorZTEMF636] C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINNT\system32\GPhotos.scr/200 O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://intranaut O15 - Trusted Zone: metaweb.aut.schneider-electric.com O15 - Trusted Zone: unity-intranets-d.aut.schneider-electric.com O15 - Trusted Zone: unity-intranets.aut.schneider-electric.com O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} - http://www.solidworks.com/plugins/edrawing...cfm?Release=rel O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aut.schneider-electric.com O17 - HKLM\Software\..\Telephony: DomainName = aut.schneider-electric.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aut.schneider-electric.com O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira Pare-feu (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE O23 - Service: Cadence License Manager - Macrovision Corporation - C:\Cadence\license_manager\lmgrd.exe O23 - Service: CVSNT Locking Service 2.5.03.2382 (cvslock) - Unknown owner - C:\Program Files\CVSNT\cvslock.exe O23 - Service: CVSNT Dispatch service 2.5.03.2382 (cvsnt) - March Hare Software Ltd - C:\Program Files\CVSNT\cvsservice.exe O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Program Files\Executive Software\DiskeeperLite\DKService.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINNT\system32\hasplms.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINNT\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe O23 - Service: lxdd_device - - C:\WINNT\system32\lxddcoms.exe O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Notes\ntmulti.exe O23 - Service: NetAccess Service (NA_Service) - Schneider Automation SAS - C:\WINNT\system32\NA_Service.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: PowerPCB License Server - Unknown owner - C:\padspwr\Security\License_Management\lmgrd.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: Usb PLC (UsbConnect) - Schneider Automation - C:\WINNT\system32\UsbConnect.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 11513 bytes La balle est dans ton camps. Peux tu éclairer mes lanternes? Les virus trouvé dont notamment celui du registre étaient-ils dangereux? Avant cette intrusion, ma base de courriel sous Gmail a envoyé à tous mon carnet d'adresse un courrier en anglais qui j'imagine contenait le spyware. Que doivent-ils faire? Merci encore de tes conseils avisés. Comment fais tu pour interpréter le log de HijackThis? Merci encore. J'attends tes prochaines instructions. @+

Cela a été un peu long mais voici les rapports après suppression de Norton; effectivement ancienne installation. TB OPTION 1: -----------\\ ToolBar S&D 1.2.9 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : Intel® Pentium® M processor 1.73GHz ) BIOS : Phoenix ROM BIOS PLUS Version 1.10 A05 USER : FMolina ( Not Administrator ! ) BOOT : Normal boot Antivirus : AntiVir Desktop 9.0.1.32 (Not Activated) Firewall : Avira Pare-feu 9.0.1.32 (Not Activated) C:\ (Local Disk) - NTFS - Total:28 Go (Free:10 Go) D:\ (Local Disk) - NTFS - Total:46 Go (Free:12 Go) E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go) F:\ (CD or DVD) H:\ (USB) - FAT32 - Total:3773 Mo (Free:3 Go) V:\ (Network Disk) W:\ (Network Disk) X:\ (Network Disk) "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 ) Option : [1] ( 25/03/2010|13:43 ) -----------\\ Recherche de Fichiers / Dossiers ... C:\Program Files\DAEMON Tools Toolbar C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll C:\Program Files\DAEMON Tools Toolbar\Resources C:\Program Files\DAEMON Tools Toolbar\uninst.exe C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml C:\Program Files\DAEMON Tools Toolbar\Resources\about.ico C:\Program Files\DAEMON Tools Toolbar\Resources\AboutWindow.ico C:\Program Files\DAEMON Tools Toolbar\Resources\accept.ico C:\Program Files\DAEMON Tools Toolbar\Resources\AddRadioStation.ico C:\Program Files\DAEMON Tools Toolbar\Resources\as.ico C:\Program Files\DAEMON Tools Toolbar\Resources\as.png C:\Program Files\DAEMON Tools Toolbar\Resources\astro.ico C:\Program Files\DAEMON Tools Toolbar\Resources\astroburn_site.ico C:\Program Files\DAEMON Tools Toolbar\Resources\astroLite_16.ico C:\Program Files\DAEMON Tools Toolbar\Resources\astro_buy.ico C:\Program Files\DAEMON Tools Toolbar\Resources\astro_download.ico C:\Program Files\DAEMON Tools Toolbar\Resources\astro_feedback.ico C:\Program Files\DAEMON Tools Toolbar\Resources\astro_forum.ico C:\Program Files\DAEMON Tools Toolbar\Resources\astro_home.ico C:\Program Files\DAEMON Tools Toolbar\Resources\astro_lite.ico C:\Program Files\DAEMON Tools Toolbar\Resources\az.ico C:\Program Files\DAEMON Tools Toolbar\Resources\b1.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\b1.png C:\Program Files\DAEMON Tools Toolbar\Resources\BurnImage.ico C:\Program Files\DAEMON Tools Toolbar\Resources\burn_files.ico C:\Program Files\DAEMON Tools Toolbar\Resources\burn_image.ico C:\Program Files\DAEMON Tools Toolbar\Resources\burn_imgs.ico C:\Program Files\DAEMON Tools Toolbar\Resources\buy.ico C:\Program Files\DAEMON Tools Toolbar\Resources\cond000.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond001.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond003.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond004.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond005.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond006.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond007.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond008.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond009.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond010.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond011.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond019.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond020.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond021.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond022.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond023.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond024.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond025.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond026.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond037.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond038.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond039.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond040.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond041.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond046.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond048.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond050.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond051.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond052.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond053.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond054.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond055.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond056.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond057.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond058.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond059.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond060.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond061.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond062.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond063.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond064.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond065.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond066.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond067.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond068.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond069.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond075.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond076.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond077.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond078.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond079.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond080.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond084.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond085.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond086.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond087.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond088.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond089.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond090.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond091.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond092.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond093.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond094.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond095.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond108.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond109.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond110.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond111.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond112.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond113.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond120.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond121.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond122.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond126.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond127.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond128.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond129.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond130.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond131.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond132.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond133.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond134.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond135.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond136.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond137.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond138.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond140.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond141.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond142.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond143.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond148.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond149.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond152.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond154.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond155.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond156.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond157.gif C:\Program Files\DAEMON Tools Toolbar\Resources\Config.ico C:\Program Files\DAEMON Tools Toolbar\Resources\d.ico C:\Program Files\DAEMON Tools Toolbar\Resources\d2.ico C:\Program Files\DAEMON Tools Toolbar\Resources\daemon.ico C:\Program Files\DAEMON Tools Toolbar\Resources\daemon_search.ico C:\Program Files\DAEMON Tools Toolbar\Resources\daemon_search_site.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dot_disabled.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\dot_enabled.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\dot_on_over.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\download.ico C:\Program Files\DAEMON Tools Toolbar\Resources\ds.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dsearch.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dt-home.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dt.ico C:\Program Files\DAEMON Tools Toolbar\Resources\DTPro.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dtt16.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dtt32.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dt_about.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dt_buy.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dt_download.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dt_faq.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dt_feedback.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dt_forum.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dt_line.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dt_lite.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dt_manual.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dt_pro.ico C:\Program Files\DAEMON Tools Toolbar\Resources\Dwnl.ico C:\Program Files\DAEMON Tools Toolbar\Resources\emulation.ico C:\Program Files\DAEMON Tools Toolbar\Resources\favicon.ico C:\Program Files\DAEMON Tools Toolbar\Resources\features.ico C:\Program Files\DAEMON Tools Toolbar\Resources\feedback.ico C:\Program Files\DAEMON Tools Toolbar\Resources\forum.ico C:\Program Files\DAEMON Tools Toolbar\Resources\GameCentrix.ico C:\Program Files\DAEMON Tools Toolbar\Resources\GameCentrixCristals.ico C:\Program Files\DAEMON Tools Toolbar\Resources\GameCentrixDownload.ico C:\Program Files\DAEMON Tools Toolbar\Resources\GameCentrixPlayOnline.ico C:\Program Files\DAEMON Tools Toolbar\Resources\GameCentrixTop.ico C:\Program Files\DAEMON Tools Toolbar\Resources\GameS.ico C:\Program Files\DAEMON Tools Toolbar\Resources\GameSA.ico C:\Program Files\DAEMON Tools Toolbar\Resources\games_search.ico C:\Program Files\DAEMON Tools Toolbar\Resources\games_search_SA.ico C:\Program Files\DAEMON Tools Toolbar\Resources\gct16.ico C:\Program Files\DAEMON Tools Toolbar\Resources\gd.ico C:\Program Files\DAEMON Tools Toolbar\Resources\genre.xml C:\Program Files\DAEMON Tools Toolbar\Resources\globe.ico C:\Program Files\DAEMON Tools Toolbar\Resources\GrabImage.ico C:\Program Files\DAEMON Tools Toolbar\Resources\hb.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\hb.ico C:\Program Files\DAEMON Tools Toolbar\Resources\help.ico C:\Program Files\DAEMON Tools Toolbar\Resources\hide.ico C:\Program Files\DAEMON Tools Toolbar\Resources\home.ico C:\Program Files\DAEMON Tools Toolbar\Resources\ImageS.ico C:\Program Files\DAEMON Tools Toolbar\Resources\ImageSA.ico C:\Program Files\DAEMON Tools Toolbar\Resources\image_search.ico C:\Program Files\DAEMON Tools Toolbar\Resources\image_search_SA.ico C:\Program Files\DAEMON Tools Toolbar\Resources\ip.ico C:\Program Files\DAEMON Tools Toolbar\Resources\lang.xml C:\Program Files\DAEMON Tools Toolbar\Resources\lingvo.ico C:\Program Files\DAEMON Tools Toolbar\Resources\m.ico C:\Program Files\DAEMON Tools Toolbar\Resources\mail.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\mailc.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_disable.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\mail_disable.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\mail_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\mail_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\mail_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRadioConfig.ico C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRadioStation.ico C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRSCur.ico C:\Program Files\DAEMON Tools Toolbar\Resources\MenuTr.ico C:\Program Files\DAEMON Tools Toolbar\Resources\mount.ico C:\Program Files\DAEMON Tools Toolbar\Resources\mount_n_drive.ico C:\Program Files\DAEMON Tools Toolbar\Resources\next.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\next_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\next_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\next_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\none.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\none_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\noW.gif C:\Program Files\DAEMON Tools Toolbar\Resources\op.ico C:\Program Files\DAEMON Tools Toolbar\Resources\play.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\play.ico C:\Program Files\DAEMON Tools Toolbar\Resources\play_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\play_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\play_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\pragma.ico C:\Program Files\DAEMON Tools Toolbar\Resources\prev.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\prev_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\prev_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\prev_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\prod.ico C:\Program Files\DAEMON Tools Toolbar\Resources\Radio.ico C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBg.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBg.ico C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBgMask.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDisp.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDisp_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown.ico C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioE.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioG.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioL.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLDotMask.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLeft.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLeftMask.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLM.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioM.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioN.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioR.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioR.ico C:\Program Files\DAEMON Tools Toolbar\Resources\RadioRM.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioRU.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioW.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\rbcheck.ico C:\Program Files\DAEMON Tools Toolbar\Resources\rbtxt.ico C:\Program Files\DAEMON Tools Toolbar\Resources\refresh.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\Rss.ico C:\Program Files\DAEMON Tools Toolbar\Resources\Rss1.ico C:\Program Files\DAEMON Tools Toolbar\Resources\RssA.ico C:\Program Files\DAEMON Tools Toolbar\Resources\RssA1.ico C:\Program Files\DAEMON Tools Toolbar\Resources\rssClose.ico C:\Program Files\DAEMON Tools Toolbar\Resources\rssL.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\rssOpen.ico C:\Program Files\DAEMON Tools Toolbar\Resources\RssRefresh.ico C:\Program Files\DAEMON Tools Toolbar\Resources\s2.ico C:\Program Files\DAEMON Tools Toolbar\Resources\show.ico C:\Program Files\DAEMON Tools Toolbar\Resources\size.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\size_lr.ico C:\Program Files\DAEMON Tools Toolbar\Resources\size_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\size_rl.ico C:\Program Files\DAEMON Tools Toolbar\Resources\skins.ico C:\Program Files\DAEMON Tools Toolbar\Resources\spt.ico C:\Program Files\DAEMON Tools Toolbar\Resources\stop.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\stop.ico C:\Program Files\DAEMON Tools Toolbar\Resources\stop_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\stop_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\stop_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\style.ico C:\Program Files\DAEMON Tools Toolbar\Resources\SupportRequest.ico C:\Program Files\DAEMON Tools Toolbar\Resources\time.ico C:\Program Files\DAEMON Tools Toolbar\Resources\timer.ico C:\Program Files\DAEMON Tools Toolbar\Resources\TitleIcon.ico C:\Program Files\DAEMON Tools Toolbar\Resources\toolbar.xml C:\Program Files\DAEMON Tools Toolbar\Resources\trans.ico C:\Program Files\DAEMON Tools Toolbar\Resources\Trash.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_disable.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\u.ico C:\Program Files\DAEMON Tools Toolbar\Resources\unmount-all.ico C:\Program Files\DAEMON Tools Toolbar\Resources\vol.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\vol.ico C:\Program Files\DAEMON Tools Toolbar\Resources\vol_back.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\vol_dott.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\vol_dott_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\vol_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\vol_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\vol_mute.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\vol_mute_check.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\vol_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\wb.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m42.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m43.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\WebS.ico C:\Program Files\DAEMON Tools Toolbar\Resources\WebSa.ico C:\Program Files\DAEMON Tools Toolbar\Resources\web_resources.ico C:\Program Files\DAEMON Tools Toolbar\Resources\web_search.ico C:\Program Files\DAEMON Tools Toolbar\Resources\web_search_SA.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi0.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi1.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi10.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi11.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi12.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi13.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi14.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi2.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi3.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi4.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi5.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi6.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi7.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi8.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi9.ico C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\windows\\system32\\blank.htm" "Search Page"="http://www.google.com"'>http://www.google.com" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Start Page"="http://www.google.fr/ig?hl=fr"'>http://www.google.fr/ig?hl=fr" "Search Bar"="http://www.google.com/ie"'>http://www.google.com/ie"'>http://www.google.com/ie"'>http://www.google.com/ie" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://fr.yahoo.com/"'>http://fr.yahoo.com/" "Default_Search_URL"="http://www.google.com/ie" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Local Page"="C:\\windows\\system32\\blank.htm" "Start Page"="http://www.troner.net/" --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. D:\Data\Profiles\FMolina\Application Data\uTorrent\Beyond Compare.v2.5.1.250 + Crack +Serial[h33t].torrent D:\Data\Profiles\FMolina\Recent\Beyond Compare v2 5 1 250 Crack Serial[h33t].lnk 1 - "C:\ToolBar SD\TB_1.txt" - 25/03/2010|13:55 - Option : [1] -----------\\ Fin du rapport a 13:55:23.14 Et TB_Option2: -----------\\ ToolBar S&D 1.2.9 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : Intel® Pentium® M processor 1.73GHz ) BIOS : Phoenix ROM BIOS PLUS Version 1.10 A05 USER : FMolina ( Not Administrator ! ) BOOT : Normal boot Antivirus : AntiVir Desktop 9.0.1.32 (Not Activated) Firewall : Avira Pare-feu 9.0.1.32 (Not Activated) C:\ (Local Disk) - NTFS - Total:28 Go (Free:10 Go) D:\ (Local Disk) - NTFS - Total:46 Go (Free:12 Go) E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go) F:\ (CD or DVD) H:\ (USB) - FAT32 - Total:3773 Mo (Free:3 Go) V:\ (Network Disk) W:\ (Network Disk) X:\ (Network Disk) "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 ) Option : [2] ( 25/03/2010|13:59 ) -----------\\ SUPPRESSION Supprime! - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll Supprime! - C:\Program Files\DAEMON Tools Toolbar\Resources Supprime! - C:\Program Files\DAEMON Tools Toolbar\uninst.exe Supprime! - C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml Supprime! - C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml Supprime! - C:\Program Files\DAEMON Tools Toolbar -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\windows\\system32\\blank.htm" "Search Page"="http://www.google.com" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Start Page"="http://www.google.fr/ig?hl=fr" "Search Bar"="http://www.google.com/ie" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://fr.yahoo.com/" "Default_Search_URL"="http://www.google.com/ie" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Local Page"="C:\\windows\\system32\\blank.htm" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. D:\Data\Profiles\FMolina\Application Data\uTorrent\Beyond Compare.v2.5.1.250 + Crack +Serial[h33t].torrent D:\Data\Profiles\FMolina\Recent\Beyond Compare v2 5 1 250 Crack Serial[h33t].lnk 1 - "C:\ToolBar SD\TB_1.txt" - 25/03/2010|13:55 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 25/03/2010|14:08 - Option : [2] -----------\\ Fin du rapport a 14:08:55.53 Pour X raisons je n'utilise plus IE mais Firefox que je trouve bcp plus protégé. De même j'ai acheté AVIRA qui me sert de protection (Spyware/Pare-feu....) J'attends tes prochaines instructions. Merci

Ok. Je fais tout cela et je reviens rapidement vers toi. @+

Voici l'analyse: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:48:37, on 25/03/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINNT\system32\drivers\CDAC11BA.EXE C:\Cadence\license_manager\lmgrd.exe C:\Cadence\license_manager\lmgrd.exe D:\Program Files\Executive Software\DiskeeperLite\DKService.exe C:\Cadence\license_manager\cdslmd.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\WINNT\system32\hasplms.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINNT\system32\lxddcoms.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Notes\ntmulti.exe C:\WINNT\system32\NA_Service.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINNT\system32\NA_XWAY.exe C:\WINNT\System32\svchost.exe C:\padspwr\Security\License_Management\lmgrd.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINNT\System32\svchost.exe c:\winnt\system32\SUSS.EXE C:\WINNT\system32\UsbConnect.exe C:\WINNT\system32\usbconsole.exe C:\Program Files\Avira\AntiVir Desktop\avmailc.exe C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\WINNT\Explorer.EXE C:\padspwr\Security\License_Management\psidaemon.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe D:\Program Files\Winamp\winampa.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Orange\IEWInternet\Launcher\Launcher.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files\Orange\IEWInternet\systray\systrayapp.exe C:\Program Files\Orange\IEWInternet\connectivity\connectivitymanager.exe C:\Program Files\Orange\IEWInternet\PhoneTools\TextMessaging.exe C:\Program Files\Orange\IEWInternet\Deskboard\deskboard.exe C:\Program Files\Orange\IEWInternet\connectivity\CoreCom\CoreCom.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.troner.net/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [igfxTray] C:\WINNT\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [CardDetectorZTEMF636] C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINNT\system32\GPhotos.scr/200 O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://intranaut O15 - Trusted Zone: metaweb.aut.schneider-electric.com O15 - Trusted Zone: unity-intranets-d.aut.schneider-electric.com O15 - Trusted Zone: unity-intranets.aut.schneider-electric.com O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} - http://www.solidworks.com/plugins/edrawing...cfm?Release=rel O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aut.schneider-electric.com O17 - HKLM\Software\..\Telephony: DomainName = aut.schneider-electric.com O17 - HKLM\System\CCS\Services\Tcpip\..\{279E7A2C-B766-4A82-9F71-6C9ACC64A76F}: NameServer = 194.51.3.56 10.11.12.14 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aut.schneider-electric.com O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira Pare-feu (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE O23 - Service: Cadence License Manager - Macrovision Corporation - C:\Cadence\license_manager\lmgrd.exe O23 - Service: CVSNT Locking Service 2.5.03.2382 (cvslock) - Unknown owner - C:\Program Files\CVSNT\cvslock.exe O23 - Service: CVSNT Dispatch service 2.5.03.2382 (cvsnt) - March Hare Software Ltd - C:\Program Files\CVSNT\cvsservice.exe O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Program Files\Executive Software\DiskeeperLite\DKService.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINNT\system32\hasplms.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINNT\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe O23 - Service: lxdd_device - - C:\WINNT\system32\lxddcoms.exe O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Notes\ntmulti.exe O23 - Service: NetAccess Service (NA_Service) - Schneider Automation SAS - C:\WINNT\system32\NA_Service.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: PowerPCB License Server - Unknown owner - C:\padspwr\Security\License_Management\lmgrd.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: Usb PLC (UsbConnect) - Schneider Automation - C:\WINNT\system32\UsbConnect.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 11922 bytes Pardon pour l'affolement. C'est toujours quand on ne sait pas trop comment agir que l'on perd ses moyens! Merci en tout les cas.

Bonjour, Alors que j'utilisais mon compte d'adresse gmail, un message m'est apparu me disant de changer mon mot de passe car quelqu'un depuis la Chine s'était connecté sur ma boite courriel. Le N° d'IP de la machine m'étant donné j'ai pu effectivement constaté via un ping que cette machine était bien connectée. J'aimerai savoir si mon PC est infecté par un SPYWARE? Quelqu'un peut-il m'aider? J'ai télécharger HiJackThis. Comment dois je l'utiliser pour vous envoyer un rapport? Merci de votre aide.