Se connecter / S'enregistrer
Votre question

au sujet des crazy girls, serial players & co

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
12 Janvier 2008 09:59:14

j'ai lu la réponse postée sur le forum, et j'ai efféctué l'analyse avec hijackthis, ça urge, je vs serai gré de m'aider parceque c'est 1ordi de bureau :pt1cable: 
voila ce que j'ai obtenu ds le logfile:

Logfile of HijackThis v1.99.1
Scan saved at 09:10:42, on 12/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\lnaccess.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://fr.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
O1 - Hosts: "http://www.w3.org/TR/html4/loose.dtd">
O1 - Hosts: <html>
O1 - Hosts: <head>
O1 - Hosts: <script LANGUAGE="JavaScript">
O1 - Hosts: <!--
O1 - Hosts: if (window != top)
O1 - Hosts: top.location.href = location.href;
O1 - Hosts: // -->
O1 - Hosts: </script>
O1 - Hosts: <title>Site Unavailable</title>
O1 - Hosts: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
O1 - Hosts: <style type="text/css">
O1 - Hosts: body{text-align:center;}
O1 - Hosts: .geohead {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;width:750px;margin:10px 0 10px 0;height:35px;}
O1 - Hosts: .geohead #geologo {width:270px;display:block; float:left; }
O1 - Hosts: .geohead #rightside {width:480px;display:block; float:right;border-bottom:1px solid #999999; height:27px;}
O1 - Hosts: .geohead #rightside #welcome {width:50%;display:block; float:left; text-align:left;}
O1 - Hosts: .geohead #rightside #wlinks {width:50%;display:block; float:right; text-align:right;}
O1 - Hosts: .ftr { margin:0px; color:#404040; font:x-small Arial,sans-serif; text-align:center; width:750px;}
O1 - Hosts: .bodywrap{display:block;height:470px;}
O1 - Hosts: .bodycnt{width:510px; display:block; float:left; background-color:#EEE9F5; height:auto; text-align:left; font-family:Arial, Helvetica, sans-serif;font-size:13px; color:#000000; padding:20px 20px 35px 20px;}
O1 - Hosts: .title { font-family:Arial, Helvetica, sans-serif; font-weight:bold; font-size:24px; color:#7C56A9}
O1 - Hosts: .adcnt{width:172px; display:block; float:right; text-align:left;cursor:p ointer;cursor:hand;}
O1 - Hosts: .adcnt td {text-align:left;}
O1 - Hosts: .adsubt{font-size:10px; font-family:verdana; font-weight:bold; color:#b4b4b4; cursor:D efault;margin-top:5px;}
O1 - Hosts: .ybadge { font-family: Verdana, Arial, Helvetica, sans-serif; font-size:10px; color: #666666; margin-top:10px;}
O1 - Hosts: .ybadge img {margin-top:6px;}
O1 - Hosts: .adtable {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;border: 1px solid #d6dbe7; background-color:#eff7ff; padding:3px; margin-bottom:10px; width:172px;}
O1 - Hosts: .adttl{font-weight:bold;margin-bottom:3px;}
O1 - Hosts: .addescr{color:#6b6b6b; margin-bottom:3px;}
O1 - Hosts: .adlink a {color:#008200; text-decoration:none;}
O1 - Hosts: </style>
O1 - Hosts: </head>
O1 - Hosts: <body>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE -->
O1 - Hosts: <div id="maincnt">
O1 - Hosts: <div class="geohead"><div id="geologo"><a href="http://geocities.yahoo.com"><img height=33 alt="Yahoo! GeoCities" src="http://us.i1.yimg.com/us.yimg.com/i/us/nt/ma/ma_geo_1.g..." width=259 border=0></a></div>
O1 - Hosts: <div id="rightside"><div id="wlinks"><a href="http://geocities.yahoo.com">GeoCities Home</a> - <a href="http://www.yahoo.com">Yahoo!</a> - <a href="http://help.yahoo.com/help/us/geo/">Help</a></div>
O1 - Hosts: </div></div>
O1 - Hosts: <div class="bodywrap">
O1 - Hosts: <div class="bodycnt">
O1 - Hosts: <div class="title">Sorry, this GeoCities site is currently unavailable.</div>
O1 - Hosts: <p>The GeoCities web site you were trying to view has temporarily exceeded its data transfer limit. Please try again later. </p>
O1 - Hosts: <p>Are you the site owner?
O1 - Hosts: Avoid service interruptions in the future by increasing your data transfer limit!
O1 - Hosts: <a href="http://help.yahoo.com/help/us/geo/transfer/transfer-05...." target="_blank">Find out how.</a> </p>
O1 - Hosts: <p><a href="http://help.yahoo.com/help/us/geo/transfer/" target="_blank">Learn more about data transfer.</a></p>
O1 - Hosts: </div>
O1 - Hosts: <div class="adcnt">
O1 - Hosts: <a target="_top" href="http://geocities.yahoo.com"><img src="http://us.i1.yimg.com/us.yimg.com/i/us/smbiz/b/geo_mast..." alt="Yahoo! GeoCities" border="0" height="15" hspace="0" vspace="0" width="141"></a>
O1 - Hosts: <div class="adsubt">SPONSORED LINKS</div>
O1 - Hosts: <!--<table width="172" border="0" bgcolor="#FFFFFF" class="adtable"><tr><td align=left>-->
O1 - Hosts: <div class="adtable">
O1 - Hosts: <div class="adttl" title="Reliable plans include domain & 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27166/*http://smallbusiness.yahoo.com/webhosting" target="_blank">Yahoo! Web Hosting<br>
O1 - Hosts: $25 Setup Waived</a></div>
O1 - Hosts: <div class="addescr" title="Reliable plans include domain & 24x7 support.">Reliable plans include domain & 24x7 support.</div>
O1 - Hosts: <div class="adlink" title="Reliable plans include domain & 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27166/*http://smallbusiness.yahoo.com/webhosting" target="_blank">webhosting.yahoo.com</a></div>
O1 - Hosts: </div>
O1 - Hosts: <div class="adtable">
O1 - Hosts: <div class="adttl" title="Reliable plans include domain & 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27176/*http://smallbusiness.yahoo.com/domains/" target="_blank">Domain Names from Yahoo! only $9.95/yr</a></div>
O1 - Hosts: <div class="addescr" title="Includes starter web page, email & domain forwarding, 24x7 support.">Includes starter web page, email & domain forwarding, 24x7 support.</div>
O1 - Hosts: <div class="adlink" title="Includes starter web page, email & domain forwarding, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27176/*http://smallbusiness.yahoo.com/domains/" target="_blank">domains.yahoo.com</a></div>
O1 - Hosts: </div>
O1 - Hosts: <div class="adtable">
O1 - Hosts: <div class="adttl" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27184/*http://smallbusiness.yahoo.com/mail" target="_blank">Yahoo! Business Email<br> Domain Included</a></div>
O1 - Hosts: <div class="addescr" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning.">Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning.</div>
O1 - Hosts: <div class="adlink" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27184/*http://smallbusiness.yahoo.com/mail" target="_blank">smallbusiness.yahoo.com</a></div>
O1 - Hosts: </div>
O1 - Hosts: <div class="adtable">
O1 - Hosts: <div class="adttl" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=/27190/*http://smallbusiness.yahoo.com/merchant" target="_blank">Ecommerce from Yahoo!<br> 1 Month Free</a></div>
O1 - Hosts: <div class="addescr" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support.">$50 setup fee waived. A reliable ecommerce plan, 24x7 support.</div>
O1 - Hosts: <div class="adlink" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=/27190/*http://smallbusiness.yahoo.com/merchant" target="_blank">smallbusiness.yahoo.com</a></div>
O1 - Hosts: </div>
O1 - Hosts: <div class="ybadge">
O1 - Hosts: Get your own web site at <br><a target="_top" href="http://geocities.yahoo.com">Yahoo! GeoCities</a>
O1 - Hosts: <a href="http://smallbusiness.yahoo.com/webhosting/" target="_top"><img src="http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/badge_host..." alt="Hosted by Yahoo! Web Hosting" align="middle" border="0" height="31" width="88"></a>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: <div class=ftr>
O1 - Hosts: <hr size=1 width=100%>
O1 - Hosts: Copyright ©
O1 - Hosts: 2005 Yahoo! Inc. All rights reserved<br>
O1 - Hosts: <a href="http://privacy.yahoo.com/privacy/us/geo/">Privacy Policy</a>
O1 - Hosts: - <a href="http://docs.yahoo.com/info/copyright/copyright.html">Copyright Policy</a>
O1 - Hosts: - <a href="http://docs.yahoo.com/info/guidelines/community.html">Guidelines</a>
O1 - Hosts: - <a href="http://docs.yahoo.com/info/terms/geoterms.html">Terms of Service</a>
O1 - Hosts: - <a href="http://help.yahoo.com/help/us/geo/">Help</a>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </body>
O1 - Hosts: </html>
O1 - Hosts: <!-- text below generated by server. PLEASE REMOVE --></object></layer></div></span></style></noscript></table></script></applet>
O1 - Hosts: <IMG SRC="http://geo.yahoo.com/serv?s=19190039&t=1163241458&f=us-..." ALT=1 WIDTH=1 HEIGHT=1>
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\ElnorB.exe"
O4 - HKLM\..\Run: [SKYNET Personal FireWall] C:\Program Files\Windows Media Player\svchost.exe
O4 - HKLM\..\Run: [vdlaiahwem] c:\windows\system32\vdlaiahwem.exe vdlaiahwem
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\Administrateur\Local Settings\Application Data\smss.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RegPowerClean] "C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\lnaccess.exe /res
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - ?p=ZCxdm595YYDZ
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm (file missing)
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.ca...
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6EDA8D9-0374-4FE3-9186-D048B8C610C8}: NameServer = 192.168.0.1,223.223.223.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8D41D75-2B92-4BA0-9390-476910B4790F}: NameServer = 41.221.20.244 213.140.2.21
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Autres pages sur : sujet crazy girls serial players amp

12 Janvier 2008 13:01:33

Bonjour ,

tu es très infecté ...

Télécharge R-Hosts [:eric_71:13] < ici

double clique sur R-Hosts.exe
Puis clique sur Restaurer , valide par [OK]

-----------------------------------------------------------------

Telecharge Navilog1 [:eric_71:16] < ici

enregistre le sur ton Bureau
double clic sur Navilog1.exe ( le .exe peut ne pas apparaitre )
Il s%u2019éxécutera automatiquement
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)
suis les invites et choisis l'option 1 puis valide

n'utilise pas les options 2,3 ou 4
attend jusqu'a " analyse terminé le ........... "
appuie sur une touche comme demandé

Copie / Colle le rapport généré ( C:\fixnavi.txt )
13 Janvier 2008 11:50:01

voila ce que j'ai obtenu:


Search Navipromo version 3.4.0 commencé le 13/01/2008 à 11:27:30,35

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 09.01.2008 à 20h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***


Instant Access


*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***

C:\Program Files\Instant Access trouvé !


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




*** Recherche dossiers dans "C:\Documents and Settings\Administrateur\application data" ***



*** Recherche dossiers dans "C:\Documents and Settings\Administrateur\MENUDM~1\PROGRA~1" ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

!! Fichier(s)/processus caché(s) différent(s) !!
!! Résultat Catchme non pris en compte par Navilog1 !!


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

Fichiers trouvés :

ysefbyeaa.exe trouvé !
ysefbyeaa.dat trouvé !
ysefbyeaa_nav.dat trouvé !
ysefbyeaa_navps.dat trouvé !

* Recherche dans "C:\Documents and Settings\Administrateur\local settings\application data" *



*** Recherche fichiers ***


C:\WINDOWS\Downloaded Program Files\IaLdr32.inf trouvé !
C:\WINDOWS\pack.epk trouvé !
C:\WINDOWS\system32\linkprd.exe trouvé !


*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :

vdlaiahwem.dat trouvé !
ysefbyeaa.dat trouvé !
vdlaiahwem_nav.dat trouvé !
ysefbyeaa_nav.dat trouvé !
linkprd.exe trouvé !
lnaccess.exe trouvé !

* Dans "C:\Documents and Settings\Administrateur\local settings\application data" :


3)Recherche Certificats :

Certificat Egroup trouvé !

4)Recherche fichiers connus :



*** Analyse terminée le 13/01/2008 à 11:39:21,50 ***
Contenus similaires
Pas de réponse à votre question ? Demandez !
13 Janvier 2008 11:58:49

bonjour
jai telecherger R-hosts maisquan je clik sur restaure il n'y a rein il me demande de confirmer et puis rien ?
merci pour votre aide
13 Janvier 2008 19:48:04


Re ,

Double clique sur le raccourci Navilog1
Choisis cette fois ci l'option 2 et valide
Il va t’informer qu’il va Redémarrer l’ordinateur

Ferme toutes les fenêtres !
si tu as des documents personnels ouverts , Enregistre les !

Appuie sur une touche comme demandé
( s’il ne redémarre pas automatiquement , redémarre manuellement )

attend jusqu'à ce message :
" Nettoyage Terminé le ..... "

Sauvegarde le rapport sur ton Bureau
ton bureau va réapparaître
( si ce n’est pas le cas , appuie sur Ctrl+Alt+Suppr , dans l’onglet Processus , clique sur Fichier , choisis Executer et tape explorer puis valide )

poste le rapport sauvegardé ( C:\cleannavi.txt )
et un nouveau rapport Hijackthis

14 Janvier 2008 10:34:03

bonjour
voila ce que j'ai obtenu: pour Navilog1 - option 2

Clean Navipromo version 3.4.0 commencé le 14/01/2008 à 9:51:14,40

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 09.01.2008 à 20h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Mode suppression automatique



*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans C:\WINDOWS\System32 *

ysefbyeaa.exe trouvé !
Copie ysefbyeaa.exe réalisée avec succès !
ysefbyeaa.exe supprimé !

ysefbyeaa.dat trouvé !
Copie ysefbyeaa.dat réalisée avec succès !
ysefbyeaa.dat supprimé !

ysefbyeaa_nav.dat trouvé !
Copie ysefbyeaa_nav.dat réalisée avec succès !
ysefbyeaa_nav.dat supprimé !

ysefbyeaa_navps.dat trouvé !
Copie ysefbyeaa_navps.dat réalisée avec succès !
ysefbyeaa_navps.dat supprimé !


* Suppression dans "C:\Documents and Settings\Administrateur\local settings\application data" *



*** Suppression dossiers dans C:\WINDOWS ***


*** Suppression dossiers dans C:\Program Files ***

C:\Program Files\Instant Access ...suppression...
C:\Program Files\Instant Access supprimé !


*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***


*** Suppression dossiers dans "C:\Documents and Settings\Administrateur\application data" ***


*** Suppression dossiers dans "C:\Documents and Settings\Administrateur\MENUDM~1\PROGRA~1" ***


*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***



*** Suppression fichiers ***

C:\WINDOWS\Downloaded Program Files\IaLdr32.inf supprimé !
C:\WINDOWS\pack.epk supprimé !
C:\WINDOWS\system32\linkprd.exe supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Administrateur\local settings\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans C:\WINDOWS\system32 *

vdlaiahwem.dat trouvé !
Copie vdlaiahwem.dat réalisée avec succès !
vdlaiahwem.dat supprimé !

vdlaiahwem_nav.dat trouvé !
Copie vdlaiahwem_nav.dat réalisée avec succès !
vdlaiahwem_nav.dat supprimé !

lnaccess.exe trouvé !
Copie lnaccess.exe réalisée avec succès !
lnaccess.exe supprimé !

vdlaiahwem_navps.dat trouvé !
Copie vdlaiahwem_navps.dat réalisée avec succès !
vdlaiahwem_navps.dat supprimé !


* Dans "C:\Documents and Settings\Administrateur\local settings\application data" *


*** Sauvegarde du Registre vers dossier Backupnavi ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !

*** Nettoyage terminé le 14/01/2008 à 9:55:29,51 ***

Clean Navipromo version 3.4.0 commencé le 14/01/2008 à 9:51:14,40

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 09.01.2008 à 20h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Mode suppression automatique



*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans C:\WINDOWS\System32 *

ysefbyeaa.exe trouvé !
Copie ysefbyeaa.exe réalisée avec succès !
ysefbyeaa.exe supprimé !

ysefbyeaa.dat trouvé !
Copie ysefbyeaa.dat réalisée avec succès !
ysefbyeaa.dat supprimé !

ysefbyeaa_nav.dat trouvé !
Copie ysefbyeaa_nav.dat réalisée avec succès !
ysefbyeaa_nav.dat supprimé !

ysefbyeaa_navps.dat trouvé !
Copie ysefbyeaa_navps.dat réalisée avec succès !
ysefbyeaa_navps.dat supprimé !


* Suppression dans "C:\Documents and Settings\Administrateur\local settings\application data" *



*** Suppression dossiers dans C:\WINDOWS ***


*** Suppression dossiers dans C:\Program Files ***

C:\Program Files\Instant Access ...suppression...
C:\Program Files\Instant Access supprimé !


*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***


*** Suppression dossiers dans "C:\Documents and Settings\Administrateur\application data" ***


*** Suppression dossiers dans "C:\Documents and Settings\Administrateur\MENUDM~1\PROGRA~1" ***


*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***



*** Suppression fichiers ***

C:\WINDOWS\Downloaded Program Files\IaLdr32.inf supprimé !
C:\WINDOWS\pack.epk supprimé !
C:\WINDOWS\system32\linkprd.exe supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Administrateur\local settings\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans C:\WINDOWS\system32 *

vdlaiahwem.dat trouvé !
Copie vdlaiahwem.dat réalisée avec succès !
vdlaiahwem.dat supprimé !

vdlaiahwem_nav.dat trouvé !
Copie vdlaiahwem_nav.dat réalisée avec succès !
vdlaiahwem_nav.dat supprimé !

lnaccess.exe trouvé !
Copie lnaccess.exe réalisée avec succès !
lnaccess.exe supprimé !

vdlaiahwem_navps.dat trouvé !
Copie vdlaiahwem_navps.dat réalisée avec succès !
vdlaiahwem_navps.dat supprimé !


* Dans "C:\Documents and Settings\Administrateur\local settings\application data" *


*** Sauvegarde du Registre vers dossier Backupnavi ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !

*** Nettoyage terminé le 14/01/2008 à 9:55:29,51 ***

****************************************
voila ce que j'ai obtenu: pour le nouveau rapport Hijachthis

Logfile of HijackThis v1.99.1
Scan saved at 09:58:43, on 14/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\temp1.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://fr.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\ElnorB.exe"
O4 - HKLM\..\Run: [SKYNET Personal FireWall] C:\Program Files\Windows Media Player\svchost.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\Administrateur\Local Settings\Application Data\smss.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RegPowerClean] "C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - ?p=ZCxdm595YYDZ
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm (file missing)
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.ca...
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6EDA8D9-0374-4FE3-9186-D048B8C610C8}: NameServer = 192.168.0.1,223.223.223.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

merci bpc pour votre aide
14 Janvier 2008 20:58:31


Re ,

Télécharge SDFix [:eric_71:14] < ici
Enregistre le sur ton Bureau

Double clique sur SDFix.exe ( le .exe peut ne pas apparaitre )
Choisis Install pour l'extraire sur ton Bureau
Redémarre en mode sans échec : >> Comment démarrer en mode Sans Echec <<
Double clic sur le dossier SDFix
puis double clique sur RunThis.bat ( le .bat peut ne pas apparaitre )
Appuie sur Y pour le lancer , laisse le s'éxécuter
Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
Il est possible que le redémarrage soit plus long que d'habitude
Une fois ton Bureau chargé ,il affichera Finished
Appuie sur une touche pour finir l'exécution et charger les icônes de ton Bureau

Un rapport est généré , Copie / colle le dans ta réponse

tu trouveras aussi ce rapport dans le dossier SDFix ( Report.txt )
et un nouveau rapport Hijackthis

15 Janvier 2008 10:50:30

bonjour
voici le rapport

SDFix: Version 1.126

Run by Administrateur on 15/01/2008 at 10:08

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\~WRD1613.TMP - Deleted
C:\autorun.inf - Deleted
C:\WINDOWS\autorun.inf - Deleted
C:\WINDOWS\svchost.ini - Deleted
C:\WINDOWS\svchost.exe - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 10:17:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 19


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"C:\\Program Files\\Windows Media Player\\svchost.exe"="C:\\Program Files\\Windows Media Player\\svchost.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"="C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe:*:D isabled:javaw"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:D isabled:Veoh Client"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sat 13 May 2006 1,211 A.SHR --- "C:\copy.exe"
Sat 20 May 2006 70,207 A.SHR --- "C:\host.exe"
Fri 5 Jan 2007 49,242 ..SHR --- "C:\RavMon.exe"
Sat 13 May 2006 1,211 A.SHR --- "C:\WINDOWS\xcopy.exe"
Wed 7 Mar 2007 26,112 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\~WRL2287.tmp"
Wed 7 Mar 2007 26,112 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\~WRL2418.tmp"
Tue 6 Mar 2007 26,112 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\~WRL2843.tmp"
Tue 25 Dec 2007 38,400 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\~WRL3157.tmp"
Sun 7 May 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 17 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 14 Mar 2006 262,144 ...H. --- "C:\Program Files\Nero\Nero PhotoShow 4\data\DVDMPEG2Enc.dll"
Tue 14 Mar 2006 84,604 ...H. --- "C:\Program Files\Nero\Nero PhotoShow 4\data\movie_maker.exe"
Tue 14 Mar 2006 61,440 ...H. --- "C:\Program Files\Nero\Nero PhotoShow 4\data\NeASL.dll"
Tue 14 Mar 2006 95,892 ...H. --- "C:\Program Files\Nero\Nero PhotoShow 4\data\Nero PhotoShow Express.exe"
Sat 22 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT2.tmp"
Sat 15 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b04031f0b83ee952189dd8beb4ee929a\BIT2.tmp"
Tue 6 Nov 2007 31,232 ...H. --- "C:\Documents and Settings\Administrateur\Application Data\Microsoft\Word\~WRL1262.tmp"
Tue 6 Nov 2007 31,232 ...H. --- "C:\Documents and Settings\Administrateur\Application Data\Microsoft\Word\~WRL3068.tmp"
Sat 11 Nov 2006 46,592 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\commandes, budget et autres\~WRL1261.tmp"
Mon 15 Jan 2007 32,768 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\expositions, inaugurations, celebrations et autres\~WRL3044.tmp"
Mon 18 Sep 2006 51,712 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\s‚minaires ateliers et autres\~WRL1445.tmp"
Sat 11 Nov 2006 46,592 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\commandes, budget et autres\~WRL1261.tmp"
Mon 15 Jan 2007 32,768 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\expositions, inaugurations, celebrations et autres\~WRL3044.tmp"
Mon 18 Sep 2006 51,712 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\s‚minaires ateliers et autres\~WRL1445.tmp"
Sun 7 May 2006 4,348 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Sun 10 Sep 2006 20 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Wed 17 May 2006 312 ...H. --- "C:\Documents and Settings\Administrateur\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Sun 10 Sep 2006 1,536 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\Ma musique\Sauvegarde de la licence\drmv2lic.bak"
Wed 7 Feb 2007 119,296 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL0341.tmp"
Wed 7 Feb 2007 119,808 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL0579.tmp"
Wed 28 Feb 2007 122,880 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL0601.tmp"
Wed 7 Feb 2007 120,320 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL0778.tmp"
Wed 7 Feb 2007 119,296 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL0995.tmp"
Wed 28 Feb 2007 122,880 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL1203.tmp"
Wed 28 Feb 2007 120,320 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL1218.tmp"
Wed 28 Feb 2007 119,808 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL1529.tmp"
Wed 28 Feb 2007 118,784 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL1570.tmp"
Wed 7 Feb 2007 119,808 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL1608.tmp"
Wed 7 Feb 2007 119,808 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL1609.tmp"
Wed 28 Feb 2007 119,296 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL1611.tmp"
Wed 28 Feb 2007 118,784 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL1686.tmp"
Wed 28 Feb 2007 121,856 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL1830.tmp"
Wed 28 Feb 2007 122,880 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL1965.tmp"
Wed 7 Feb 2007 118,272 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL2143.tmp"
Wed 28 Feb 2007 119,296 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL2534.tmp"
Wed 28 Feb 2007 118,784 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL2563.tmp"
Wed 7 Feb 2007 119,296 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL2581.tmp"
Wed 28 Feb 2007 118,784 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL2590.tmp"
Wed 7 Feb 2007 119,296 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL2681.tmp"
Wed 7 Feb 2007 119,296 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL2693.tmp"
Wed 7 Feb 2007 119,808 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL2794.tmp"
Wed 7 Feb 2007 118,784 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL3046.tmp"
Wed 28 Feb 2007 122,880 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL3049.tmp"
Wed 28 Feb 2007 122,880 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL3083.tmp"
Wed 7 Feb 2007 119,808 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL3104.tmp"
Wed 7 Feb 2007 119,808 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL3144.tmp"
Wed 28 Feb 2007 119,808 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL3176.tmp"
Wed 28 Feb 2007 119,296 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL3287.tmp"
Wed 7 Feb 2007 119,808 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL3475.tmp"
Wed 7 Feb 2007 118,784 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL3686.tmp"
Wed 28 Feb 2007 122,880 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL3704.tmp"
Wed 28 Feb 2007 122,880 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL3883.tmp"
Wed 7 Feb 2007 119,808 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Communiqu‚\Audience\~WRL3968.tmp"
Sun 18 Mar 2007 30,208 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Visite\listes des journalistes+ op‚rateurs\~WRL0411.tmp"
Wed 7 Feb 2007 119,296 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL0341.tmp"
Wed 7 Feb 2007 119,808 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL0579.tmp"
Wed 28 Feb 2007 122,880 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL0601.tmp"
Wed 7 Feb 2007 120,320 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL0778.tmp"
Wed 7 Feb 2007 119,296 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL0995.tmp"
Wed 28 Feb 2007 122,880 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL1203.tmp"
Wed 28 Feb 2007 120,320 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL1218.tmp"
Wed 28 Feb 2007 119,808 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL1529.tmp"
Wed 28 Feb 2007 118,784 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL1570.tmp"
Wed 7 Feb 2007 119,808 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL1608.tmp"
Wed 7 Feb 2007 119,808 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL1609.tmp"
Wed 28 Feb 2007 119,296 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL1611.tmp"
Wed 28 Feb 2007 118,784 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL1686.tmp"
Wed 28 Feb 2007 121,856 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL1830.tmp"
Wed 28 Feb 2007 122,880 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL1965.tmp"
Wed 7 Feb 2007 118,272 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL2143.tmp"
Wed 28 Feb 2007 119,296 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL2534.tmp"
Wed 28 Feb 2007 118,784 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL2563.tmp"
Wed 7 Feb 2007 119,296 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL2581.tmp"
Wed 28 Feb 2007 118,784 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL2590.tmp"
Wed 7 Feb 2007 119,296 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL2681.tmp"
Wed 7 Feb 2007 119,296 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL2693.tmp"
Wed 7 Feb 2007 119,808 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL2794.tmp"
Wed 7 Feb 2007 118,784 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL3046.tmp"
Wed 28 Feb 2007 122,880 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL3049.tmp"
Wed 28 Feb 2007 122,880 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL3083.tmp"
Wed 7 Feb 2007 119,808 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL3104.tmp"
Wed 7 Feb 2007 119,808 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL3144.tmp"
Wed 28 Feb 2007 119,808 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL3176.tmp"
Wed 28 Feb 2007 119,296 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL3287.tmp"
Wed 7 Feb 2007 119,808 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL3475.tmp"
Wed 7 Feb 2007 118,784 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL3686.tmp"
Wed 28 Feb 2007 122,880 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL3704.tmp"
Wed 28 Feb 2007 122,880 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL3883.tmp"
Wed 7 Feb 2007 119,808 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Communiqu‚\Audience\~WRL3968.tmp"
Sun 18 Mar 2007 30,208 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Visite\listes des journalistes+ op‚rateurs\~WRL0411.tmp"
Wed 7 Mar 2007 27,648 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Visite\internationales\SuŠde\~WRL0001.tmp"
Sat 10 Mar 2007 27,648 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Visite\internationales\SuŠde\~WRL0003.tmp"
Sat 10 Mar 2007 28,160 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Visite\internationales\SuŠde\~WRL0005.tmp"
Sat 10 Mar 2007 28,160 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Visite\internationales\SuŠde\~WRL0268.tmp"
Sat 10 Mar 2007 28,160 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Visite\internationales\SuŠde\~WRL0806.tmp"
Sat 10 Mar 2007 28,160 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Visite\internationales\SuŠde\~WRL3388.tmp"
Wed 7 Mar 2007 155,648 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Visite\nationales\alger\~WRL0215.tmp"
Tue 6 Mar 2007 152,576 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Visite\nationales\alger\~WRL0699.tmp"
Wed 7 Mar 2007 155,136 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Visite\nationales\alger\~WRL1134.tmp"
Wed 7 Mar 2007 155,648 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Visite\nationales\alger\~WRL1138.tmp"
Wed 7 Mar 2007 155,648 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Visite\nationales\alger\~WRL1977.tmp"
Wed 7 Mar 2007 154,112 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Visite\nationales\alger\~WRL2039.tmp"
Wed 7 Mar 2007 154,112 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Visite\nationales\alger\~WRL2670.tmp"
Wed 7 Mar 2007 155,648 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Visite\nationales\alger\~WRL2687.tmp"
Wed 7 Mar 2007 154,112 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Visite\nationales\alger\~WRL2709.tmp"
Mon 25 Sep 2006 150,016 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Visite\nationales\alger\~WRL2983.tmp"
Wed 7 Mar 2007 155,648 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Visite\nationales\alger\~WRL3067.tmp"
Wed 7 Mar 2007 155,648 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Visite\nationales\alger\~WRL3092.tmp"
Wed 7 Mar 2007 154,624 A..H. --- "C:\Documents and Settings\Administrateur\Bureau\documents_micro_aps\Visite\nationales\alger\~WRL3455.tmp"
Wed 7 Mar 2007 27,648 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Visite\internationales\SuŠde\~WRL0001.tmp"
Sat 10 Mar 2007 27,648 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Visite\internationales\SuŠde\~WRL0003.tmp"
Sat 10 Mar 2007 28,160 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Visite\internationales\SuŠde\~WRL0005.tmp"
Sat 10 Mar 2007 28,160 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Visite\internationales\SuŠde\~WRL0268.tmp"
Sat 10 Mar 2007 28,160 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Visite\internationales\SuŠde\~WRL0806.tmp"
Sat 10 Mar 2007 28,160 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Visite\internationales\SuŠde\~WRL3388.tmp"
Wed 7 Mar 2007 155,648 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Visite\nationales\alger\~WRL0215.tmp"
Tue 6 Mar 2007 152,576 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Visite\nationales\alger\~WRL0699.tmp"
Wed 7 Mar 2007 155,136 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Visite\nationales\alger\~WRL1134.tmp"
Wed 7 Mar 2007 155,648 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Visite\nationales\alger\~WRL1138.tmp"
Wed 7 Mar 2007 155,648 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Visite\nationales\alger\~WRL1977.tmp"
Wed 7 Mar 2007 154,112 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Visite\nationales\alger\~WRL2039.tmp"
Wed 7 Mar 2007 154,112 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Visite\nationales\alger\~WRL2670.tmp"
Wed 7 Mar 2007 155,648 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Visite\nationales\alger\~WRL2687.tmp"
Wed 7 Mar 2007 154,112 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Visite\nationales\alger\~WRL2709.tmp"
Mon 25 Sep 2006 150,016 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Visite\nationales\alger\~WRL2983.tmp"
Wed 7 Mar 2007 155,648 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Visite\nationales\alger\~WRL3067.tmp"
Wed 7 Mar 2007 155,648 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Visite\nationales\alger\~WRL3092.tmp"
Wed 7 Mar 2007 154,624 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\documents_micro_aps\Visite\nationales\alger\~WRL3455.tmp"

Finished!
************
et le nouveau rapport Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 10:42:02, on 15/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://fr.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\ElnorB.exe"
O4 - HKLM\..\Run: [SKYNET Personal FireWall] C:\Program Files\Windows Media Player\svchost.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\Administrateur\Local Settings\Application Data\smss.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RegPowerClean] "C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - ?p=ZCxdm595YYDZ
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm (file missing)
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.ca...
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6EDA8D9-0374-4FE3-9186-D048B8C610C8}: NameServer = 192.168.0.1,223.223.223.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8D41D75-2B92-4BA0-9390-476910B4790F}: NameServer = 41.221.20.244 213.140.2.21
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

merci


15 Janvier 2008 21:31:56


Re , il y en à encore

Désactive tes protections ( antivirus , ... ) tu les réactivera ensuite

Télécharge ComboFix [:eric_71] < ici

Enregistre le sur ton Bureau et pas ailleurs !
Double clique combofix.exe ( le .exe peut ne pas apparaitre )
Pour démarrer , tape [1] puis valide , attend la fin du scan
il peut y avoir un Redémarrage du PC !

Copie / Colle le rapport généré ( C:\Combofix.txt )

26 Janvier 2008 11:54:34

voici le rapport demandé

ComboFix 08-01-16.4 - Administrateur 2008-01-26 11:12:48.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.188 [GMT 1:00]
Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\Program Files\internet explorer\svchost.exe
C:\WINDOWS\svchost.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-26 to 2008-01-26 ))))))))))))))))))))))))))))))))))))
.

2008-01-26 09:57 . 2008-01-26 09:57 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SiteAdvisor
2008-01-19 16:17 . 2008-01-26 09:57 22,678 --a------ C:\WINDOWS\system32\Config.MPF
2008-01-19 12:40 . 2006-08-22 18:09 1,802 --a------ C:\WINDOWS\system32\subst.inf
2008-01-19 12:37 . 2008-01-26 10:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-16 14:08 . 2008-01-16 14:09 60,237 --a------ C:\WINDOWS\system32\tmp0_56163798755.bk
2008-01-16 09:22 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-15 10:03 . 2008-01-15 10:03 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-15 09:18 . 2007-01-05 13:58 49,242 -r-hs---- C:\RavMon.exe
2008-01-15 09:18 . 2008-01-19 16:16 22,016 --a------ C:\WINDOWS\MDM.EXE
2008-01-13 11:25 . 2008-01-14 09:55 <REP> d-------- C:\Program Files\Navilog1
2008-01-12 10:15 . 2008-01-12 10:18 <REP> d-------- C:\Program Files\RegCleaner
2008-01-08 14:00 . 2008-01-08 14:00 <REP> d-------- C:\WINDOWS\868D789699D44513BC622B3AD3E24926.TMP
2008-01-08 12:58 . 2008-01-16 14:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-12-26 11:48 . 2007-12-31 08:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 14:40 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Ahead
2008-01-08 13:21 --------- d-----w C:\Program Files\Google
2008-01-08 13:01 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-01-08 12:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-08 12:52 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-08 12:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-08 11:13 --------- d-----w C:\Program Files\AxBx
2007-12-26 09:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-24 14:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-24 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-15 11:09 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Skype
2007-12-02 08:17 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28 728,576 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-16_ 9.38.57.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-05 02:00:00 171,008 ----a-w C:\WINDOWS\system32\perfs.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 03:00 15360]
"Yahoo! Pager"="~C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Tok-Cirrhatus"="C:\Documents and Settings\Administrateur\Local Settings\Application Data\smss.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 09:09 68856]
"RegPowerClean"="C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe" [2007-04-12 15:24 22880256]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [2006-05-10 20:52 249856]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 11:02 103712]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-09-30 17:41 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-09-30 17:37 126976]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 09:08 143360]
"SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 19:01 525824]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 08:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 08:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 08:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 08:00 455168]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-17 09:43 98304]
"Bron-Spizaetus"="C:\WINDOWS\ShellNew\ElnorB.exe" [ ]
"EoEngine"="" []
"EoWeather"="" []
"EoClock"="" []
"EoComputer"="" []
"EoRss"="" []
"EoNet"="" []
"EoSudoku"="" []
"EoPhoto"="" []
"SKYNET Personal FireWall"="C:\Program Files\Windows Media Player\svchost.exe" [ ]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 16:51 36864]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 19:28 155648]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 11:02 103712]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [ ]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 03:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-01 10:46:49]
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-01 10:46:49]
DSLMON.lnk - C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe [2006-10-10 11:49:39]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-02-14 09:21:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-05 03:00]
R3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys [2003-12-01 08:36]
S2 OneStep Search Service;OneStep Search Service;"C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service []
S3 slnt;Realtek RTL8139D Family Fast Ethernet NIC;C:\WINDOWS\system32\DRIVERS\slnt.sys [2005-06-09 15:08]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03301297-1bf8-11dc-87c1-007304430b3e}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a0e61f6-8207-11db-86d5-007304430b3e}]
\Shell\AutoRun\command - RAVMON.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f87579b-b3a0-11dc-889a-007304430b3e}]
\Shell\AutoRun\command - E:\RavMon.exe
\Shell\explore\Command - E:\RavMon.exe -e
\Shell\open\Command - E:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2dedc649-5dc3-11db-86a5-007304430b3e}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31f0b90e-2ec8-11dc-87dd-007304430b3e}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45df0efe-bf62-11dc-88a8-007304430b3e}]
\Shell\AutoRun\command - E:\RunDll32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{483783b4-433c-11dc-8801-007304430b3e}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f2a7940-8d08-11db-86e1-007304430b3e}]
\Shell\AutoRun\command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73418e75-2ac3-11db-864e-007304430b3e}]
\Shell\AutoRun\command - E:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9078cfea-ac8f-11dc-8892-007304430b3e}]
\Shell\Auto\command - E:\GH0ST.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL GH0ST.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e68b9fea-b6d7-11dc-889c-007304430b3e}]
\Shell\AutoRun\command - E:\RavMon.exe
\Shell\explore\Command - E:\RavMon.exe -e
\Shell\open\Command - E:\RavMon.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-26 16:15:02 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-01-26 09:17:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 11:14:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-26 11:15:00
ComboFix-quarantined-files.txt 2008-01-26 10:14:51
ComboFix2.txt 2008-01-16 09:01:13
.
2008-01-10 10:39:47 --- E O F ---

aprés avoir redémaré le PC j'ai recu le message suivant:
Alerte sécurité Windows
pour vous aider à protéger votre ordinateur , le Pare-feu windows a bloqué certaines fonctionnalités de ce programme
voulez vous continuer à bloquer ce programme?
Nom: Windows live messenger
Editeur: Microsoft corporation
maintenir le blocage débloquer



un second message similaire sauf que le Nom est JAVAW et l'éditeur est inconnu

une autre question s'il vous plait: que conseillez-vous comme meilleur anti virus?
29 Janvier 2008 12:47:53

c'est fais et merci pour votre bpc pour votre aide.
mais dite moi svp comment créer une connection au réseau locale, j'ai un PC connecté à ADSL - vitesse 2.0Mbits/s, je voudrais créer une connection au réseau locale j'ai éssayé mais je n'arrive pas ..... merci
29 Janvier 2008 14:28:11

merci pour votre aide, j'ai installer antivire , et voici le rapport demandé:

ComboFix 08-01-29.3 - Administrateur 2008-01-29 14:15:58.6 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.171 [GMT 1:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Autorun.inf
C:\WINDOWS\svchost.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-28 to 2008-01-29 ))))))))))))))))))))))))))))))))))))
.

2008-01-29 13:41 . 2008-01-29 13:41 <REP> d-------- C:\Program Files\Avira
2008-01-26 09:57 . 2008-01-26 09:57 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SiteAdvisor
2008-01-19 16:17 . 2008-01-26 09:57 22,678 --a------ C:\WINDOWS\system32\Config.MPF
2008-01-19 12:40 . 2006-08-22 18:09 1,802 --a------ C:\WINDOWS\system32\subst.inf
2008-01-19 12:37 . 2008-01-26 10:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-16 14:08 . 2008-01-16 14:09 60,237 --a------ C:\WINDOWS\system32\tmp0_56163798755.bk
2008-01-15 10:03 . 2008-01-15 10:03 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-15 09:18 . 2007-01-05 13:58 49,242 -r-hs---- C:\RavMon.exe
2008-01-15 09:18 . 2008-01-29 11:09 22,016 --a------ C:\WINDOWS\MDM.EXE
2008-01-13 11:25 . 2008-01-14 09:55 <REP> d-------- C:\Program Files\Navilog1
2008-01-12 10:15 . 2008-01-12 10:18 <REP> d-------- C:\Program Files\RegCleaner
2008-01-08 14:00 . 2008-01-08 14:00 <REP> d-------- C:\WINDOWS\868D789699D44513BC622B3AD3E24926.TMP
2008-01-08 12:58 . 2008-01-16 14:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 12:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-01-14 14:40 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Ahead
2008-01-08 13:21 --------- d-----w C:\Program Files\Google
2008-01-08 13:01 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-01-08 12:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-08 12:52 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-08 12:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-08 11:13 --------- d-----w C:\Program Files\AxBx
2007-12-26 09:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-24 14:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-24 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-15 11:09 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Skype
2007-12-02 08:17 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28 728,576 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 03:00 15360]
"Yahoo! Pager"="~C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Tok-Cirrhatus"="C:\Documents and Settings\Administrateur\Local Settings\Application Data\smss.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 09:09 68856]
"RegPowerClean"="C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe" [2007-04-12 15:24 22880256]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [2006-05-10 20:52 249856]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 11:02 103712]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-09-30 17:41 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-09-30 17:37 126976]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 09:08 143360]
"SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 19:01 525824]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 08:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 08:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 08:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 08:00 455168]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-17 09:43 98304]
"Bron-Spizaetus"="C:\WINDOWS\ShellNew\ElnorB.exe" [ ]
"EoEngine"="" []
"EoWeather"="" []
"EoClock"="" []
"EoComputer"="" []
"EoRss"="" []
"EoNet"="" []
"EoSudoku"="" []
"EoPhoto"="" []
"SKYNET Personal FireWall"="C:\Program Files\Windows Media Player\svchost.exe" [ ]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 16:51 36864]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 19:28 155648]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 11:02 103712]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 03:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-01 10:46:49 110592]
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-01 10:46:49 110592]
DSLMON.lnk - C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe [2006-10-10 11:49:39 929870]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-02-14 09:21:24 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-05 03:00]
R3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys [2003-12-01 08:36]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
S2 OneStep Search Service;OneStep Search Service;"C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service []
S3 slnt;Realtek RTL8139D Family Fast Ethernet NIC;C:\WINDOWS\system32\DRIVERS\slnt.sys [2005-06-09 15:08]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03301297-1bf8-11dc-87c1-007304430b3e}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a0e61f6-8207-11db-86d5-007304430b3e}]
\Shell\AutoRun\command - RAVMON.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f87579b-b3a0-11dc-889a-007304430b3e}]
\Shell\AutoRun\command - E:\RavMon.exe
\Shell\explore\Command - E:\RavMon.exe -e
\Shell\open\Command - E:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2dedc649-5dc3-11db-86a5-007304430b3e}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31f0b90e-2ec8-11dc-87dd-007304430b3e}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45df0efe-bf62-11dc-88a8-007304430b3e}]
\Shell\AutoRun\command - E:\RunDll32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{483783b4-433c-11dc-8801-007304430b3e}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f2a7940-8d08-11db-86e1-007304430b3e}]
\Shell\AutoRun\command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73418e75-2ac3-11db-864e-007304430b3e}]
\Shell\AutoRun\command - E:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9078cfea-ac8f-11dc-8892-007304430b3e}]
\Shell\Auto\command - E:\GH0ST.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL GH0ST.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e68b9fea-b6d7-11dc-889c-007304430b3e}]
\Shell\AutoRun\command - E:\RavMon.exe
\Shell\explore\Command - E:\RavMon.exe -e
\Shell\open\Command - E:\RavMon.exe

*Newly Created Service* - ANTIVIRSCHEDULER
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - AVGIO
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - AVIPBB
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-26 16:15:02 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-01-29 13:17:06 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-29 14:19:56
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-01-29 14:20:41
ComboFix-quarantined-files.txt 2008-01-29 13:20:30
ComboFix2.txt 2008-01-26 10:15:01
.
2008-01-10 10:39:47 --- E O F ---
29 Janvier 2008 21:33:53

Re ,

Séléctionne l'encadré ci dessous en entier , puis clique droit , choisis Copier

DirLook::
C:\WINDOWS\868D789699D44513BC622B3AD3E24926.TMP

File::
C:\RavMon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\ShellNew\ElnorB.exe

Folder::
C:\Program Files\Macrogaming\SweetIM

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03301297-1bf8-11dc-87c1-007304430b3e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a0e61f6-8207-11db-86d5-007304430b3e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f87579b-b3a0-11dc-889a-007304430b3e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2dedc649-5dc3-11db-86a5-007304430b3e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31f0b90e-2ec8-11dc-87dd-007304430b3e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{483783b4-433c-11dc-8801-007304430b3e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f2a7940-8d08-11db-86e1-007304430b3e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73418e75-2ac3-11db-864e-007304430b3e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e68b9fea-b6d7-11dc-889c-007304430b3e}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EoEngine"=-
"EoWeather"=-
"EoClock"=-
"EoComputer"=-
"EoRss"=-
"EoNet"=-
"EoSudoku"=-
"EoPhoto"=-
"Bron-Spizaetus"=-
"NWEReboot"=-

Colle le dans le Bloc-Notes
Enregistre le sur ton Bureau et nomme le CFScript ( type fichier texte )
Fait glisser le fichier CFScript sur le fichier ComboFix.exe comme ceci :



Un menu va apparaitre , tape 1 puis valide
Laisse faire le scan et poste le rapport généré ( C:\ComboFix.txt )

Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS