Se connecter / S'enregistrer
Votre question

AIDEZ MOI SVP vius NOKIA.....

Tags :
  • Nokia
  • Sécurité
Dernière réponse : dans Sécurité et virus
3 Novembre 2007 13:03:27

Bonjour..
J'ai ouvert le fichier NOKIA Qu'on m'a envoyé sur msn et depuis mon ordi beug... (pb incessante, erreur de script, msn qui marche mal....)
Est ce que qqun pourrait m'aider ??
J'ai télécharger le logiciel msn.fixet je vous envoie le rapport....
Merci d'avance..

MSNFix 1.560

C:\Documents and Settings\Propri‚taire\Bureau\MSNFix
Fix exécuté le 03/11/2007 - 12:53:14,67 By Propri‚taire
mode normal

************************ Recherche les fichiers présents

... C:\PROGRA~1\WinAble\winable.exe
... C:\WINDOWS\mrofinu*.exe

************************ MSNCHK ***** /!\ beta test /!\



************************ Recherche les dossiers présents

... C:\PROGRA~1\WinAble\




************************ Suppression des fichiers

/!\ ... C:\PROGRA~1\WinAble\winable.exe
/!\ ... C:\WINDOWS\mrofinu*.exe


************************ Suppression des dossiers

/!\ ... C:\PROGRA~1\WinAble\


************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


************************ Suppression des fichiers

.. OK ... C:\PROGRA~1\WinAble\winable.exe
.. OK ... C:\WINDOWS\mrofinu*.exe



************************ Fichiers suspects

Aucun Fichier trouvé


Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 03112007_12580959.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

Autres pages sur : aidez svp vius nokia

3 Novembre 2007 15:16:22

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:14:49, on 03/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\Alcohol\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\WindowsUpdate\hoxyp77798.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\COMMON~1\DOBE~1\taskmgr.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Documents and Settings\Propriétaire\Mes documents\?ecurity\?srss.exe
C:\Documents and Settings\Propriétaire\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Windows\rayiou.exe
C:\Program Files\Words\Words.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: Shell=Explorer.exe soundmon.exe
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\version69ie7fix.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BAA1A814-60DC-490E-DE5A-4CE678F2599D} - C:\WINDOWS\system32\wmc.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\version69ie7fix.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Windows FormatAd] C:\Program Files\Windows FormatAd\WinForm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hoxyp] C:\Program Files\WindowsUpdate\hoxyp77798.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Heth] "C:\PROGRA~1\COMMON~1\DOBE~1\taskmgr.exe" -vt yazb
O4 - HKCU\..\Run: [Lwj] "C:\Documents and Settings\Propriétaire\Mes documents\?ecurity\?srss.exe"
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Propriétaire\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Windows\rayiou.exe
O4 - HKCU\..\Run: [Words] C:\Program Files\Words\Words.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [McAfee Windows Protection] mcafee32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Microsoft Windows Update] scvvhost.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [McAfee Windows Protection] mcafee32.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Microsoft Windows Update] scvvhost.exe (User 'Default user')
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/75kd69fg.c...
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/Bridge-c139.ca...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusmarketing.com/actsetup.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildAppNonUS.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F44E562-1941-4123-BC1D-38BEA72A71FB}: NameServer = 80.10.246.2
O18 - Filter hijack: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - C:\WINDOWS\System32\mscgdc.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol\Alcohol 120\StarWind\StarWindService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Internet Explorer\prolyhdufsod.html

--
End of file - 12212 bytes
Contenus similaires
a b 8 Sécurité
3 Novembre 2007 20:18:02

Re,

Télécharge [#FF0000]DelDomains.inf[/#F] (de Mike Burgess) sur ton Bureau.
**Si tu utilises FireFox : fais un clic droit sur le lien et choisis "Enregistrer la cible du lien sous..."**
  • Fais un clique droit sur le fichier, puis choisis "Installer" du menu contextuel.
  • Le script s'installe rapidement et aucune confirmation ne sera affichée à l'écran, ceci est normal.
    3 Novembre 2007 23:15:48

    Voila DelDomains est installé !!
    Que dois je faire maintenant ?
    merci beaucoup pour ton aide...
    3 Novembre 2007 23:18:33


    j'ai pensé que ca pouvait t'interreser !!


    ; DelDomains.inf © 11-28-04 | Revised 01-15-06
    ; Created by: Mike Burgess Microsoft MVP
    ; http://mvps.org/winhelp2002/
    ;
    ; Warning: Deletes all entries in the Restricted & Trusted Zone list
    ; http://mvps.org/winhelp2002/restricted.htm
    ;
    ; Revised to include the EscDomains key
    ;
    ; To execute this file: in Explorer - right-click (this file)
    ; Select Install from the Menu.
    ; Note: you will not see any onscreen action.

    [version]
    signature="$CHICAGO$"

    [DefaultInstall]
    DelReg=DelTemps
    AddReg=AddTemps

    [DelTemps]
    HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
    HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
    HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
    HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
    HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains"

    ; Recreate the keys to avoid a restart

    [AddTemps]
    HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
    HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
    HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
    HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
    HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains"
    a b 8 Sécurité
    4 Novembre 2007 00:10:25

    Reposte un rapport Hijackthis.
    5 Novembre 2007 13:54:07

    merci pour tout ce que tu fais...


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:53:02, on 05/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\System32\nvsvc32.exe
    D:\Alcohol\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\HP\KBD\KBD.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\WINDOWS\system32\dslagent.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\WindowsUpdate\hoxyp77798.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\COMMON~1\DOBE~1\taskmgr.exe
    C:\Documents and Settings\Propriétaire\Mes documents\?ecurity\?srss.exe
    C:\Documents and Settings\Propriétaire\Application Data\WinTouch\WinTouch.exe
    C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Windows\rayiou.exe
    C:\Program Files\Words\Words.exe
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr9.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: (no name) - - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe soundmon.exe
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\version69ie7fix.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {BAA1A814-60DC-490E-DE5A-4CE678F2599D} - C:\WINDOWS\system32\wmc.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\version69ie7fix.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [Windows FormatAd] C:\Program Files\Windows FormatAd\WinForm.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [hoxyp] C:\Program Files\WindowsUpdate\hoxyp77798.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Heth] "C:\PROGRA~1\COMMON~1\DOBE~1\taskmgr.exe" -vt yazb
    O4 - HKCU\..\Run: [Lwj] "C:\Documents and Settings\Propriétaire\Mes documents\?ecurity\?srss.exe"
    O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Propriétaire\Application Data\WinTouch\WinTouch.exe
    O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Windows\rayiou.exe
    O4 - HKCU\..\Run: [Words] C:\Program Files\Words\Words.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [McAfee Windows Protection] mcafee32.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [Microsoft Windows Update] scvvhost.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [McAfee Windows Protection] mcafee32.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Microsoft Windows Update] scvvhost.exe (User 'Default user')
    O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/75kd69fg.c...
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/Bridge-c139.ca...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusmarketing.com/actsetup.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildAppNonUS.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2F44E562-1941-4123-BC1D-38BEA72A71FB}: NameServer = 80.10.246.2
    O18 - Filter hijack: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - C:\WINDOWS\System32\mscgdc.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol\Alcohol 120\StarWind\StarWindService.exe
    O24 - Desktop Component 0: (no name) - C:\Program Files\Internet Explorer\prolyhdufsod.html

    --
    End of file - 12127 bytes
    5 Novembre 2007 14:21:07

    avant d'accepter les fichiers sur msn penses à demander à la personne si c'est vraiment elle qui l'envoie ...
    a b 8 Sécurité
    5 Novembre 2007 15:17:46

    Re,

  • Télécharge combofix.exe (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    6 Novembre 2007 10:47:12

    ComboFix 07-11-05.2 - Propriétaire 2007-11-06 10:26:55.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.35 [GMT 1:00]
    Running from: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Propriétaire\Application Data\WinTouch\wintouch.cfg
    C:\Documents and Settings\Propriétaire\Application Data\WinTouch\WinTouch.exe
    C:\Documents and Settings\Propriétaire\Application Data\WinTouch\WTUninstaller.exe
    C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Outerinfo
    C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
    C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
    C:\Documents and Settings\Propriétaire\Mes documents\ECURIT~1
    C:\Documents and Settings\Propriétaire\Mes documents\ECURIT~1\?srss.exe
    C:\Program Files\Fichiers communs\Yazzle1122OinAdmin.exe
    C:\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe
    C:\Program Files\Internet Explorer\prolyhdufsod.html
    C:\Program Files\outerinfo
    C:\Program Files\outerinfo\FF\chrome.manifest
    C:\Program Files\outerinfo\FF\components\FF.dll
    C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
    C:\Program Files\outerinfo\FF\install.rdf
    C:\Program Files\outerinfo\OiUninstaller.exe
    C:\Program Files\outerinfo\outerinfo.ico
    C:\Program Files\outerinfo\Terms.rtf
    C:\Program Files\sks~1
    C:\Program Files\WinAble
    C:\Program Files\Words
    C:\Program Files\Words\list.txt
    C:\Program Files\Words\script.txt
    C:\Program Files\Words\UnInstall.exe
    C:\Program Files\Words\Words.exe
    C:\WINDOWS\b111.exe
    C:\WINDOWS\b128.exe
    C:\WINDOWS\b138.exe
    C:\WINDOWS\b143.exe
    C:\WINDOWS\b147.exe
    C:\WINDOWS\system32\cfg.dat
    C:\WINDOWS\system32\nxmfrjsb.dat
    C:\WINDOWS\system32\nxmfrjsb.exe
    C:\WINDOWS\system32\nxmfrjsb_navps.dat
    C:\WINDOWS\system32\version69ie7fix.dll
    C:\WINDOWS\system32\winnb58.dll
    C:\WINDOWS\system32\wmc.dll
    C:\WINDOWS\system32\wtssvit.exe
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_IPRIP
    -------\iprip


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-06 to 2007-11-06 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-06 10:24 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-03 15:13 <REP> d-------- C:\Program Files\Trend Micro
    2007-11-02 15:54 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Freetest 2
    2007-10-10 13:56 <REP> d-------- C:\Documents and Settings\Docs Manon\photo portable
    2007-10-09 19:50 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-06 09:25 --------- d-----w C:\Program Files\Wanadoo
    2007-10-31 07:55 --------- d-----w C:\Program Files\Common files
    2007-10-28 13:16 --------- d-----w C:\Program Files\Everest Poker
    2007-09-26 18:46 --------- d-----w C:\Program Files\TI Education
    2007-09-26 18:46 --------- d-----w C:\Program Files\Fichiers communs\TI Shared
    2007-09-26 18:44 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-09-24 16:58 --------- d-----w C:\Program Files\iTunes
    2007-09-24 16:58 --------- d-----w C:\Program Files\iPod
    2007-09-18 17:16 --------- d-----w C:\Program Files\eMule
    2007-09-15 01:02 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-09-13 20:20 --------- d-----w C:\Program Files\Windows Live Toolbar
    2007-09-13 20:19 --------- d-----w C:\Program Files\Windows Live Favorites
    2007-09-13 20:18 --------- dc----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
    2007-09-13 20:16 --------- d-----w C:\Program Files\MSN Messenger
    2007-09-12 09:23 --------- d-----w C:\Program Files\QuickTime
    2007-09-12 09:20 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2007-09-12 09:16 --------- dc----w C:\Documents and Settings\All Users\Application Data\Apple
    2007-09-12 09:16 --------- d-----w C:\Program Files\Apple Software Update
    2007-03-27 16:26 13,446,648 ----a-w C:\Program Files\avast.exe
    2007-03-03 11:38 14,993,976 ----a-w C:\Program Files\GoogleEarthWin_EARX.exe
    2007-02-13 17:33 359,112 ----a-w C:\Program Files\LimeWire.exe
    2006-02-03 16:37 17,943,552 ----a-w C:\Program Files\Ti connect.exe
    2005-11-16 13:56 8,274,695 ----a-w C:\Program Files\vlc-0.8.2-win32.exe
    2005-02-28 21:46 61,557 ----a-w C:\Documents and Settings\eMule\Uninstall.exe
    2005-02-11 18:39 4,378,624 ----a-w C:\Documents and Settings\eMule\emule.exe
    2004-09-04 15:42 196,608 ----a-w C:\Documents and Settings\eMule\LinkCreator.exe
    2003-05-19 09:47 988,398 ----a-w C:\Documents and Settings\Winrar 3.20 Sharereactor\wrar320.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}"= C:\WINDOWS\system32\version69ie7fix.dll [ ]

    [HKEY_CLASSES_ROOT\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}]
    [HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}"= C:\WINDOWS\system32\version69ie7fix.dll [ ]

    [HKEY_CLASSES_ROOT\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}]
    [HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VTTimer"="VTTimer.exe" [2003-05-08 07:32 C:\WINDOWS\system32\VTTimer.exe]
    "StorageGuard"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 15:01]
    "nwiz"="nwiz.exe" [2003-05-03 06:19 C:\WINDOWS\system32\nwiz.exe]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-03 06:19]
    "Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 15:36]
    "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 03:02]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 23:04]
    "HPHUPD05"="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 10:03]
    "HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 09:56]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 14:07]
    "CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 14:23]
    "AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 03:35 C:\WINDOWS\ALCXMNTR.EXE]
    "DSLAGENTEXE"="dslagent.exe" [2002-01-22 21:01 C:\WINDOWS\system32\dslagent.exe]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
    "Windows FormatAd"="C:\Program Files\Windows FormatAd\WinForm.exe" []
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-01-15 17:28]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 09:00]
    "hoxyp"="C:\Program Files\WindowsUpdate\hoxyp77798.exe" [2007-08-07 21:30]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVIEW"="nview.dll" [2003-05-03 06:19 C:\WINDOWS\system32\nview.dll]
    "MoneyAgent"="c:\Program Files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 18:00]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 23:21]
    "Heth"="C:\PROGRA~1\COMMON~1\DOBE~1\taskmgr.exe" [2007-10-30 08:49]
    "Lwj"="C:\Documents and Settings\Propriétaire\Mes documents\?ecurity\?srss.exe" []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "Microsoft Windows Update"=scvvhost.exe

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "McAfee Windows Protection"=mcafee32.exe
    "Microsoft MicroP Protocol"=wdgmr32.exe
    "Microsoft Windows Update"=scvvhost.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "AllowLegacyWebView"=1 (0x1)
    "AllowUnhashedWebView"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= C:\Program Files\Internet Explorer\prolyhdufsod.html
    FriendlyName=

    R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys
    R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys
    R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys
    R3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\ZDPNDIS5.SYS
    S2 gafwload;ECI Telecom USB ADSL Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys
    S3 PentaxUsb;PENTAX Optio 60 on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
    S3 PentaxVc;PENTAX Optio 60 Video Capture;C:\WINDOWS\system32\DRIVERS\CoachVc.sys
    S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable;C:\WINDOWS\system32\Drivers\SilvrLnk.sys
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    S3 wanusb;ECI Telecom USB ADSL WAN Modem;C:\WINDOWS\system32\DRIVERS\gwausb.sys
    S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\C:\WINDOWS\system32\ZDCndis5.SYS

    *Newly Created Service* - ZDPNDIS5
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-10-29 22:30:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    "2007-11-05 12:51:12 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-06 10:36:27
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-06 10:39:44 - machine was rebooted
    .
    --- E O F ---
    a b 8 Sécurité
    6 Novembre 2007 12:02:22

    Re,

    Télécharge Clean.zip (de Malekal),
    Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
    Ouvre le dossier clean, double-clique sur clean.cmd.
    Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
    6 Novembre 2007 18:02:46

    aS\System32\perfc009.dat -->01/11/2007 16:40:33
    C:\WINDOWS\System32\PerfStringBackup.INI -->01/11/2007 16:40:30
    C:\WINDOWS\System32\FreePokerBonus.ico -->30/10/2007 09:00:46
    C:\WINDOWS\System32\FNTCACHE.DAT -->05/10/2007 23:45:36
    C:\WINDOWS\System32\MRT.exe -->28/09/2007 06:19:39
    C:\WINDOWS\System32\TZLog.log -->12/09/2007 10:18:13
    C:\WINDOWS\System32\wpa.dbl -->22/08/2007 16:16:54
    C:\WINDOWS\System32\inetcomm.dll -->21/08/2007 07:17:23
    C:\WINDOWS\System32\wininet.dll -->20/08/2007 10:59:31
    C:\WINDOWS\System32\webcheck.dll -->20/08/2007 10:59:31
    C:\WINDOWS\System32\urlmon.dll -->20/08/2007 10:59:31
    C:\WINDOWS\System32\url.dll -->20/08/2007 10:59:31
    C:\WINDOWS\System32\occache.dll -->20/08/2007 10:59:31
    C:\WINDOWS\System32\mstime.dll -->20/08/2007 10:59:30
    C:\WINDOWS\System32\msrating.dll -->20/08/2007 10:59:30
    C:\WINDOWS\System32\mshtmled.dll -->20/08/2007 10:59:30
    C:\WINDOWS\System32\mshtml.dll -->20/08/2007 10:59:30
    C:\WINDOWS\System32\msfeedsbs.dll -->20/08/2007 10:59:30
    C:\WINDOWS\System32\msfeeds.dll -->20/08/2007 10:59:30
    C:\WINDOWS\System32\jsproxy.dll -->20/08/2007 10:59:30
    C:\WINDOWS\System32\inetcpl.cpl -->20/08/2007 10:59:30

    C:\WINDOWS\MF_C421.lfa -->31/07/2388 00:39:16
    C:\WINDOWS\WindowsUpdate.log -->06/11/2007 13:02:29
    C:\WINDOWS\QTFont.qfn -->06/11/2007 10:37:32
    C:\WINDOWS\0.log -->06/11/2007 10:36:00
    C:\WINDOWS\wiadebug.log -->06/11/2007 10:35:55
    C:\WINDOWS\wiaservc.log -->06/11/2007 10:35:51
    C:\WINDOWS\bootstat.dat -->06/11/2007 10:35:48
    C:\WINDOWS\SchedLgU.Txt -->05/11/2007 13:55:35
    C:\WINDOWS\msnfix.txt -->03/11/2007 12:58:20
    C:\WINDOWS\ModemLog_Conexant HSF V90 56K PCI Modem.txt -->02/11/2007 15:48:07
    C:\WINDOWS\catchme.exe -->29/10/2007 18:56:19
    C:\WINDOWS\tsitra1148.exe.tmp -->29/10/2007 08:36:31
    C:\WINDOWS\wmsetup.log -->24/10/2007 10:46:10
    C:\WINDOWS\setupapi.log -->14/10/2007 09:45:36
    C:\WINDOWS\setupact.log -->14/10/2007 09:45:36


    6 Novembre 2007 18:03:17

    C:\WINDOWS\System32\ftp.exe -->02/11/2007 15:46:15
    C:\WINDOWS\System32\MRT.exe -->28/09/2007 06:19:39
    C:\WINDOWS\catchme.exe -->29/10/2007 18:56:19
    C:\WINDOWS\tsitra1148.exe.tmp -->29/10/2007 08:36:31
    C:\WINDOWS\System32\inetcomm.dll -->21/08/2007 07:17:23
    C:\WINDOWS\System32\wininet.dll -->20/08/2007 10:59:31
    C:\WINDOWS\System32\webcheck.dll -->20/08/2007 10:59:31
    C:\WINDOWS\System32\urlmon.dll -->20/08/2007 10:59:31
    C:\WINDOWS\System32\url.dll -->20/08/2007 10:59:31
    C:\WINDOWS\System32\occache.dll -->20/08/2007 10:59:31
    C:\WINDOWS\System32\mstime.dll -->20/08/2007 10:59:30
    C:\WINDOWS\System32\msrating.dll -->20/08/2007 10:59:30
    C:\WINDOWS\System32\mshtmled.dll -->20/08/2007 10:59:30
    C:\WINDOWS\System32\mshtml.dll -->20/08/2007 10:59:30
    C:\WINDOWS\System32\msfeedsbs.dll -->20/08/2007 10:59:30
    C:\WINDOWS\System32\msfeeds.dll -->20/08/2007 10:59:30
    C:\WINDOWS\System32\jsproxy.dll -->20/08/2007 10:59:30

    6 Novembre 2007 18:04:10

    Je suis pas trop sur que cétait ca que tu demandais...
    Si c'est pas ca je referais la manipulation....
    merci pour tout..
    a b 8 Sécurité
    6 Novembre 2007 18:32:52

    Le rapport se trouve ici : C:\rapportclean.txt
    7 Novembre 2007 12:32:22

    06/11/2007 a 15:03:54,93

    *** Recherche des fichiers dans C:
    C:\StubInstaller.exe FOUND

    *** Recherche des fichiers dans C:\WINDOWS\
    C:\WINDOWS\ALCXMNTR.EXE FOUND
    C:\WINDOWS\EliteToolBar\ FOUND

    *** Recherche des fichiers dans C:\WINDOWS\system32
    C:\WINDOWS\system32\ftpupd.exe FOUND

    *** Recherche des fichiers dans C:\Program Files
    "C:\Program Files\Everest Poker\" FOUND
    "C:\Program Files\Every Toolbar 1.1\" FOUND
    "C:\Program Files\WildArcade\" FOUND
    7 Novembre 2007 12:34:44

    je voulais te poser une question, qqun m a dit que mon adresse msn était infécté et qu il fallait que je la supprime et que j'en refasse une autre...
    est ce que c'est possible ou pas ?
    a b 8 Sécurité
    7 Novembre 2007 13:20:09

    Re,

    Redémarre en mode sans échec

    Ouvre le dossier clean, double-clique sur clean.cmd.
    Choisis l'option 2 puis patiente.

    Redémarre normalement.

    Poste le rapport clean : C:\rapport_clean.txt
    10 Novembre 2007 11:58:20

    Désolé pour le retard...

    10/11/2007 a 11:56:42,89

    *** Recherche des fichiers dans C:

    *** Recherche des fichiers dans C:\WINDOWS\

    *** Recherche des fichiers dans C:\WINDOWS\system32

    *** Recherche des fichiers dans C:\Program Files
    *** Fin du rapport !
    a b 8 Sécurité
    10 Novembre 2007 12:20:59

    Refais un scan clean option 1 :) 
    11 Novembre 2007 23:21:08

    11/11/2007 a 23:19:17,95

    *** Recherche des fichiers dans C:

    *** Recherche des fichiers dans C:\WINDOWS\

    *** Recherche des fichiers dans C:\WINDOWS\system32

    *** Recherche des fichiers dans C:\Program Files
    a b 8 Sécurité
    12 Novembre 2007 16:39:05

    Reposte un rapport Hijackthis.
    12 Novembre 2007 19:59:59

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:59:57, on 12/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\System32\nvsvc32.exe
    D:\Alcohol\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\HP\KBD\KBD.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\WINDOWS\system32\dslagent.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\COMMON~1\DOBE~1\taskmgr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\?racle\?xplorer.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Windows Live Toolbar\msn_sl.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {B5A8A043-6189-1A0E-8B5A-4CE678F10B96} - C:\WINDOWS\system32\ncx.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\version69ie7fix.dll (file missing)
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [Windows FormatAd] C:\Program Files\Windows FormatAd\WinForm.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [hoxyp] C:\Program Files\WindowsUpdate\hoxyp77798.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Heth] "C:\PROGRA~1\COMMON~1\DOBE~1\taskmgr.exe" -vt yazb
    O4 - HKCU\..\Run: [Lwj] "C:\Documents and Settings\Propriétaire\Mes documents\?ecurity\?srss.exe"
    O4 - HKCU\..\Run: [Ldqtce] C:\WINDOWS\?racle\?xplorer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [McAfee Windows Protection] mcafee32.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [Microsoft Windows Update] scvvhost.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [McAfee Windows Protection] mcafee32.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Microsoft Windows Update] scvvhost.exe (User 'Default user')
    O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/75kd69fg.c...
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/Bridge-c139.ca...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusmarketing.com/actsetup.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildAppNonUS.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2F44E562-1941-4123-BC1D-38BEA72A71FB}: NameServer = 80.10.246.2
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol\Alcohol 120\StarWind\StarWindService.exe

    --
    End of file - 10994 bytes

    a b 8 Sécurité
    12 Novembre 2007 20:02:49

    Analyse le fichier suivant sur VirusTotal puis poste le rapport :
    C:\WINDOWS\system32\ncx.dll
    12 Novembre 2007 21:20:05

    Fichier ncx.dll reçu le 2007.11.12 20:33:23 (CET)
    Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE


    Résultat: 13/31 (41.94%)
    en train de charger les informations du serveur...
    Votre fichier est dans la file d'attente, en position: 5.
    L'heure estimée de démarrage est entre 51 et 73 secondes.
    Ne fermez pas la fenêtre avant la fin de l'analyse.
    L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
    Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
    Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
    les résultats seront affichés au fur et à mesure de leur génération.
    Formaté Impression des résultats
    Votre fichier a expiré ou n'existe pas.
    Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

    Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
    Email:


    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2007.11.13.0 2007.11.12 -
    AntiVir 7.6.0.34 2007.11.12 -
    Authentium 4.93.8 2007.11.10 -
    Avast 4.7.1074.0 2007.11.11 Win32:Agent-RY
    AVG 7.5.0.503 2007.11.12 Adware Generic2.VAB
    BitDefender 7.2 2007.11.12 Adware.Clickspring.Purityscan.AS
    CAT-QuickHeal 9.00 2007.11.12 -
    ClamAV 0.91.2 2007.11.12 -
    DrWeb 4.44.0.09170 2007.11.12 -
    eSafe 7.0.15.0 2007.11.08 Spyware.Purityscan
    eTrust-Vet 31.2.5289 2007.11.12 -
    Ewido 4.0 2007.11.12 -
    FileAdvisor 1 2007.11.12 -
    Fortinet 3.11.0.0 2007.10.19 -
    F-Prot 4.4.2.54 2007.11.10 -
    F-Secure 6.70.13030.0 2007.11.12 -
    Ikarus T3.1.1.12 2007.11.12 not-a-virus:AdWare.Win32.PurityScan.ak
    Kaspersky 7.0.0.125 2007.11.12 -
    McAfee 5161 2007.11.12 potentially unwanted program Adware-PurityScan
    Microsoft 1.3007 2007.11.12 Adware:Win32/ClickSpring.PuritySCAN
    NOD32v2 2653 2007.11.12 probably a variant of Win32/Adware.PurityScan
    Norman 5.80.02 2007.11.12 W32/PurityScan.dam
    Panda 9.0.0.4 2007.11.11 Adware/PurityScan
    Rising 20.18.02.00 2007.11.12 -
    Sophos 4.23.0 2007.11.12 ClickSpring
    Sunbelt 2.2.907.0 2007.11.12 VIPRE.Suspicious
    Symantec 10 2007.11.12 Adware.Purityscan
    TheHacker 6.2.9.124 2007.11.12 -
    VBA32 3.12.2.4 2007.11.11 -
    VirusBuster 4.3.26:9 2007.11.12 -
    Webwasher-Gateway 6.0.1 2007.11.12 -
    Information additionnelle
    File size: 60928 bytes
    MD5: 396955766b2e512bc3545a24bc485dbe
    SHA1: 45494f79f542d2ee1f2afb87151dc2d8acc3da4b
    packers: PECompact
    packers: PecBundle, PECompact
    packers: PE_Patch.PECompact, PecBundle, PECompact
    Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

    a b 8 Sécurité
    12 Novembre 2007 21:44:18

    J'aimerais vérifier qq chose :

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.

    Redémarre en mode sans échec

  • Ouvre le dossier SDFix qui vient d'être créé à la racine de ton dique dur (C:) et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis.
    14 Novembre 2007 11:45:32


    SDFix: Version 1.114

    Run by Propriétaire on 13/11/2007 at 20:27

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\PROGRA~1\SDFix

    Safe Mode:
    Checking Services:


    Infected ip6fw.sys Found!

    ip6fw.sys File Locations:

    "C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys" 29056 03/08/2004 23:00
    "C:\WINDOWS\system32\drivers\ip6fw.sys" 29056 03/08/2004 23:00

    Infected File Listed Below:

    ‰>!–»—€>– t»L—¾Ã–‹>˜¹ ¬<?uŠ< tªCâñ±° 8t°.ª¬<?uŠ< t - 1252,

    Trojan File copied to Backups Folder
    Attempting to replace ip6fw.sys with original version...

    Original ip6fw.sys Restored


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\SYSTEM32\MSUA.EXE - Deleted
    C:\WINDOWS\SYSTEM32\SDK0MC~1.EXE - Deleted
    C:\WINDOWS\SYSTEM32\IALMCOIN.DLL - Deleted
    C:\DOCUME~1\PROPRI~1\APPLIC~1\MICROS~1\WINDOWS\RAYIOU.EXE - Deleted
    C:\Documents and Settings\Propriétaire\Application Data\WinTouch\wintouch.cfg - Deleted
    C:\Documents and Settings\Propriétaire\Application Data\WinTouch\WTUninstaller.exe - Deleted
    C:\WINDOWS\tsitra1148.exe.tmp - Deleted
    C:\WINDOWS\system32\TFTP4500 - Deleted
    C:\WINDOWS\system32\TFTP5504 - Deleted


    Folder C:\Documents and Settings\Propriétaire\Application Data\WinTouch - Removed

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-13 21:55:20
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "p0"="D:\Alcohol\Alcohol 120\"
    "h0"=dword:00000000
    "ujdew"=hex:be,9a,21,f2,f0,03,9a,af,74,5a,5d,a1,e4,45,97,9a,64,fd,dd,f4,de,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "p0"="D:\Alcohol\Alcohol 120\"
    "h0"=dword:00000000
    "ujdew"=hex:be,9a,21,f2,f0,03,9a,af,74,5a,5d,a1,e4,45,97,9a,64,fd,dd,f4,de,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "p0"="D:\Alcohol\Alcohol 120\"
    "h0"=dword:00000000
    "ujdew"=hex:be,9a,21,f2,f0,03,9a,af,74,5a,5d,a1,e4,45,97,9a,64,fd,dd,f4,de,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:439f3518
    "s2"=dword:0be06ff3
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "p0"="D:\Alcohol\Alcohol 120\"
    "h0"=dword:00000000
    "ujdew"=hex:be,9a,21,f2,f0,03,9a,af,74,5a,5d,a1,e4,45,97,9a,64,fd,dd,f4,de,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40]

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
    "DisplayName"="Alcohol 120%"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
    "TracesProcessed"=dword:00000020
    "TracesSuccessful"=dword:0000001c

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    Remaining Files:
    ---------------

    File Backups: - C:\PROGRA~1\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Mon 2 Feb 2004 196 A.SHR --- "C:\BOOT.BAK"
    Thu 1 Nov 2007 230,400 ..SHR --- "C:\WINDOWS\?racle\?xplorer.exe"
    Fri 22 Apr 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Tue 30 Oct 2007 70,144 ..SHR --- "C:\Program Files\Common files\?dobe\taskmgr.exe"
    Tue 16 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
    Fri 22 Apr 2005 4,348 A..H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
    Tue 27 Dec 2005 20 A..H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
    Sat 12 Nov 2005 400 A..H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
    Tue 27 Dec 2005 1,536 A..H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv2lic.bak"

    Finished!

    14 Novembre 2007 11:47:13

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:46:40, on 14/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\System32\nvsvc32.exe
    D:\Alcohol\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\HP\KBD\KBD.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\WINDOWS\system32\dslagent.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\WindowsUpdate\hoxyp77798.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\COMMON~1\DOBE~1\taskmgr.exe
    C:\WINDOWS\?racle\?xplorer.exe
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {B5A8A043-6189-1A0E-8B5A-4CE678F10B96} - C:\WINDOWS\system32\ncx.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\version69ie7fix.dll (file missing)
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [Windows FormatAd] C:\Program Files\Windows FormatAd\WinForm.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [hoxyp] C:\Program Files\WindowsUpdate\hoxyp77798.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Heth] "C:\PROGRA~1\COMMON~1\DOBE~1\taskmgr.exe" -vt yazb
    O4 - HKCU\..\Run: [Lwj] "C:\Documents and Settings\Propriétaire\Mes documents\?ecurity\?srss.exe"
    O4 - HKCU\..\Run: [Ldqtce] C:\WINDOWS\?racle\?xplorer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [McAfee Windows Protection] mcafee32.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [Microsoft Windows Update] scvvhost.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [McAfee Windows Protection] mcafee32.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Microsoft Windows Update] scvvhost.exe (User 'Default user')
    O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/75kd69fg.c...
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/Bridge-c139.ca...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusmarketing.com/actsetup.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildAppNonUS.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2F44E562-1941-4123-BC1D-38BEA72A71FB}: NameServer = 80.10.246.2
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol\Alcohol 120\StarWind\StarWindService.exe
    O24 - Desktop Component 0: (no name) - C:\Program Files\Internet Explorer\prolyhdufsod.html

    --
    End of file - 11099 bytes
    14 Novembre 2007 17:04:49

    je fais ce que tu m as demandé...
    mon ordinateur va mieux mais il y a toujours plusieurs pub qui s'ouvrent ca me met "advertissemen by outerinfo" un truc comme ca...
    donc voila merci beuacoup..
    a b 8 Sécurité
    15 Novembre 2007 13:44:34

    Le rapport ?
    15 Novembre 2007 21:35:34



    AntiVir PersonalEdition Classic
    Report file date: mercredi 14 novembre 2007 21:23

    Scanning for 929559 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: Propriétaire
    Computer name: NOM-DOWNCO0B3WU

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 20:10:57
    ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 20:10:57
    ANTIVIR2.VDF : 7.0.0.198 1206272 Bytes 11/11/2007 20:10:57
    ANTIVIR3.VDF : 7.0.0.217 63488 Bytes 14/11/2007 20:10:57
    AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 14/11/2007 20:10:57
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Manual Selection
    Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: H:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mercredi 14 novembre 2007 21:23

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
    Scan process 'iexplore.exe' - '1' Module(s) have been scanned
    Scan process 'iexplore.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'Watch.exe' - '1' Module(s) have been scanned
    Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned
    Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
    Scan process 'Inactivity.exe' - '1' Module(s) have been scanned
    Scan process 'Toaster.exe' - '1' Module(s) have been scanned
    Scan process 'ComComp.exe' - '1' Module(s) have been scanned
    Scan process 'WLANUTL.exe' - '1' Module(s) have been scanned
    Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
    Scan process 'EspaceWanadoo.exe' - '1' Module(s) have been scanned
    Scan process 'еxplorer.exe' - '1' Module(s) have been scanned
    Scan process 'taskmgr.exe' - '1' Module(s) have been scanned
    Module is infected -> 'C:\PROGRA~1\COMMON~1\DOBE~1\taskmgr.exe'
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'dslagent.exe' - '1' Module(s) have been scanned
    Scan process 'HpqCmon.exe' - '1' Module(s) have been scanned
    Scan process 'hphmon05.exe' - '1' Module(s) have been scanned
    Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
    Scan process 'kbd.exe' - '1' Module(s) have been scanned
    Scan process 'WkUFind.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'StarWindService.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    Process 'taskmgr.exe' has been terminated
    C:\PROGRA~1\COMMON~1\DOBE~1\taskmgr.exe
    [DETECTION] Is the Trojan horse TR/Dldr.PurtiScan.A
    [INFO] A backup was created as '47ae59c3.qua' ( QUARANTINE )
    [INFO] The file was deleted!

    53 processes with 52 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [NOTE] No virus was found!

    Start scanning boot sectors:
    Boot sector 'A:\'
    [NOTE] In the drive 'A:\' no data medium is inserted!
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    C:\Program Files\WindowsUpdate\hoxyp77798.exe
    [DETECTION] Is the Trojan horse TR/Dldr.AW.awk
    [INFO] A backup was created as '47b359e1.qua' ( QUARANTINE )
    [INFO] The file was deleted!
    C:\Program Files\WindowsUpdate\hoxyp77798.exe
    [DETECTION] Is the Trojan horse TR/Dldr.AW.awk

    The registry was scanned ( '53' files ).


    Starting the file scan:

    Begin scan in 'A:\'
    Search path A:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'C:\' <HP_PAVILION>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\Propriétaire\jiji.html
    [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.AMR.5
    [INFO] The file was moved to '47a55b1f.qua'!
    C:\Documents and Settings\Propriétaire\ozz.html
    [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.AMR.1
    [INFO] The file was moved to '47b55b31.qua'!
    C:\Documents and Settings\Propriétaire\per.html
    [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.AMR.2
    [INFO] The file was moved to '47ad5b1c.qua'!
    C:\Documents and Settings\Propriétaire\xex.html
    [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.AMR.4
    [INFO] The file was moved to '47b35b1d.qua'!
    C:\Documents and Settings\Propriétaire\Bureau\Incoming\01 Track 1.wma
    [DETECTION] Is the Trojan horse TR/Wimad.A.Gen
    [INFO] The file was moved to '475b5b35.qua'!
    C:\Documents and Settings\Propriétaire\Bureau\Incoming\Track 9.wma
    [DETECTION] Is the Trojan horse TR/Wimad.A.Gen
    [INFO] The file was moved to '479c5be5.qua'!
    C:\Documents and Settings\Propriétaire\Bureau\MSNFix\03112007_12580959.zip
    [0] Archive type: ZIP
    --> backup/3d3t4t8n7l.exe
    [DETECTION] Is the Trojan horse TR/Dialer.VUY.4
    --> backup/b122.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.erf
    --> backup/carlton
    [DETECTION] Is the Trojan horse TR/Dialer.VUY.4
    --> backup/er-1-1148.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/k3d3t4t8n7l.exe
    [DETECTION] Is the Trojan horse TR/Dialer.VUY.4
    --> backup/LBTWiz.exe
    [DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
    --> backup/mrofinu1148.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backup/Nokia_19_jpg.zip
    [1] Archive type: ZIP
    --> www.Nokia_19_jpg-msn.com
    [DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
    --> backup/winable.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Adload.NI
    --> backup/wininstall.exe
    [DETECTION] Is the Trojan horse TR/Agent.crf.1
    --> backup/zr-1-1148.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '476c5c27.qua'!
    C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\41Q5BJDN\acdt-pid70[1].exe
    [DETECTION] Is the Trojan horse TR/Drop.Click.JF.7
    [INFO] The file was moved to '479f5d13.qua'!
    C:\Program Files\SDFix\backups\backups.zip
    [0] Archive type: ZIP
    --> backups/rayiou.exe
    [DETECTION] Is the Trojan horse TR/Gendal.35840
    --> backups/tsitra1148.exe.tmp
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    --> backups/WTUninstaller.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.buo.1
    [INFO] The file was moved to '479e63b5.qua'!
    C:\qoobox\Quarantine\catchme2007-11-06_103611.45.zip
    [0] Archive type: ZIP
    --> WinTouch.exe.1
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was moved to '47af64d1.qua'!
    C:\qoobox\Quarantine\C\Documents and Settings\Propriétaire\Application Data\WinTouch\WinTouch.exe.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was moved to '47a964da.qua'!
    C:\qoobox\Quarantine\C\Documents and Settings\Propriétaire\Application Data\WinTouch\WTUninstaller.exe.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.buo.1
    [INFO] The file was moved to '479064c5.qua'!
    C:\qoobox\Quarantine\C\Program Files\Fichiers communs\Yazzle1122OinAdmin.exe.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Age.70144.2
    [INFO] The file was moved to '47b564d4.qua'!
    C:\qoobox\Quarantine\C\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Purity.DZ.3
    [INFO] The file was moved to '463767a5.qua'!
    C:\qoobox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir
    [DETECTION] Contains detection pattern of the dropper DR/PurityScan.FK.157
    [INFO] The file was moved to '479064dd.qua'!
    C:\qoobox\Quarantine\C\Program Files\Words\Words.exe.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.77824
    [INFO] The file was moved to '47ad64e3.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\b128.exe.vir
    [DETECTION] Is the Trojan horse TR/Drop.Purity.DZ.3
    [INFO] The file was moved to '476d64a6.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\b138.exe.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.22016.4
    [INFO] The file was moved to '476e64a7.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\b143.exe.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.csb
    [INFO] The file was moved to '476f64a7.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\version69ie7fix.dll.vir
    [DETECTION] Is the Trojan horse TR/Agent.BRU
    [INFO] The file was moved to '47ad64dd.qua'!
    C:\WINDOWS\Downloaded Program Files\actsetup.dll
    [DETECTION] Is the Trojan horse TR/Drop.BHO.A
    [INFO] The file was moved to '47af65ea.qua'!
    C:\WINDOWS\Downloaded Program Files\ATPartners.inf
    [DETECTION] Is the Trojan horse TR/Dldr.Rameh.C
    [INFO] The file was moved to '478b65dc.qua'!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <HP_RECOVERY>
    Begin scan in 'E:\'
    Search path E:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'F:\'
    Search path F:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'G:\'
    Search path G:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'H:\'
    Search path H:\ could not be opened!
    Le périphérique n'est pas prêt.



    End of the scan: mercredi 14 novembre 2007 22:39
    Used time: 1:15:45 min

    The scan has been done completely.

    7150 Scanning directories
    373965 Files were scanned
    37 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    2 files were deleted
    0 files were repaired
    24 files were moved to quarantine
    0 files were renamed
    3 Files cannot be scanned
    373928 Files not concerned
    18820 Archives were scanned
    3 Warnings
    1 Notes


    a b 8 Sécurité
    16 Novembre 2007 17:59:16

    Reposte un rapport Hijackthis.
    16 Novembre 2007 21:17:33

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:17:22, on 16/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\System32\nvsvc32.exe
    D:\Alcohol\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\HP\KBD\KBD.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\WINDOWS\system32\dslagent.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    C:\WINDOWS\?racle\?xplorer.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {B5A8A043-6189-1A0E-8B5A-4CE678F10B96} - C:\WINDOWS\system32\ncx.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\version69ie7fix.dll (file missing)
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [Windows FormatAd] C:\Program Files\Windows FormatAd\WinForm.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Heth] "C:\PROGRA~1\COMMON~1\DOBE~1\taskmgr.exe" -vt yazb
    O4 - HKCU\..\Run: [Lwj] "C:\Documents and Settings\Propriétaire\Mes documents\?ecurity\?srss.exe"
    O4 - HKCU\..\Run: [Ldqtce] C:\WINDOWS\?racle\?xplorer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [McAfee Windows Protection] mcafee32.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [Microsoft Windows Update] scvvhost.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [McAfee Windows Protection] mcafee32.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Microsoft Windows Update] scvvhost.exe (User 'Default user')
    O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/75kd69fg.c...
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/Bridge-c139.ca...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusmarketing.com/actsetup.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildAppNonUS.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2F44E562-1941-4123-BC1D-38BEA72A71FB}: NameServer = 80.10.246.2
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol\Alcohol 120\StarWind\StarWindService.exe
    O24 - Desktop Component 0: (no name) - C:\Program Files\Internet Explorer\prolyhdufsod.html

    --
    End of file - 11305 bytes
    a b 8 Sécurité
    17 Novembre 2007 13:08:15

    Re,

    Analyse le fichier suivant sur VirusTotal puis poste le rapport :
    C:\WINDOWS\system32\ncx.dll
    18 Novembre 2007 13:13:39

    Fichier ncx.dll reçu le 2007.11.17 13:18:39 (CET)
    Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE


    Résultat: 15/32 (46.88%)
    en train de charger les informations du serveur...
    Votre fichier est dans la file d'attente, en position: 3.
    L'heure estimée de démarrage est entre 44 et 63 secondes.
    Ne fermez pas la fenêtre avant la fin de l'analyse.
    L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
    Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
    Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
    les résultats seront affichés au fur et à mesure de leur génération.
    Formaté Impression des résultats
    Votre fichier a expiré ou n'existe pas.
    Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

    Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
    Email:


    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2007.11.17.0 2007.11.16 -
    AntiVir 7.6.0.34 2007.11.16 -
    Authentium 4.93.8 2007.11.17 -
    Avast 4.7.1074.0 2007.11.16 Win32:Agent-RY
    AVG 7.5.0.503 2007.11.17 Adware Generic2.VAB
    BitDefender 7.2 2007.11.17 Adware.Clickspring.Purityscan.AS
    CAT-QuickHeal 9.00 2007.11.17 -
    ClamAV 0.91.2 2007.11.17 -
    DrWeb 4.44.0.09170 2007.11.17 -
    eSafe 7.0.15.0 2007.11.14 Spyware.Purityscan
    eTrust-Vet 31.2.5302 2007.11.17 -
    Ewido 4.0 2007.11.16 -
    FileAdvisor 1 2007.11.17 Low threat detected
    Fortinet 3.11.0.0 2007.10.19 -
    F-Prot 4.4.2.54 2007.11.16 -
    F-Secure 6.70.13030.0 2007.11.16 -
    Ikarus T3.1.1.12 2007.11.17 not-a-virus:AdWare.Win32.PurityScan.ak
    Kaspersky 7.0.0.125 2007.11.17 not-a-virus:AdWare.Win32.PurityScan.gl
    McAfee 5165 2007.11.16 potentially unwanted program Adware-PurityScan
    Microsoft 1.3007 2007.11.17 Adware:Win32/ClickSpring.PuritySCAN
    NOD32v2 2665 2007.11.17 probably a variant of Win32/Adware.PurityScan
    Norman 5.80.02 2007.11.16 W32/PurityScan.dam
    Panda 9.0.0.4 2007.11.17 Adware/PurityScan
    Prevx1 V2 2007.11.17 -
    Rising 20.18.51.00 2007.11.17 -
    Sophos 4.23.0 2007.11.17 ClickSpring
    Sunbelt 2.2.907.0 2007.11.17 VIPRE.Suspicious
    Symantec 10 2007.11.17 Trojan.Adclicker
    TheHacker 6.2.9.132 2007.11.16 -
    VBA32 3.12.2.5 2007.11.16 -
    VirusBuster 4.3.26:9 2007.11.16 -
    Webwasher-Gateway 6.0.1 2007.11.16 -
    Information additionnelle
    File size: 60928 bytes
    MD5: 396955766b2e512bc3545a24bc485dbe
    SHA1: 45494f79f542d2ee1f2afb87151dc2d8acc3da4b
    packers: PECompact
    Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=3...
    packers: PecBundle, PECompact
    packers: PE_Patch.PECompact, PecBundle, PECompact
    Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
    a b 8 Sécurité
    18 Novembre 2007 21:41:45

    Re,

    Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES

    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: (no name) - {B5A8A043-6189-1A0E-8B5A-4CE678F10B96} - C:\WINDOWS\system32\ncx.dll
    O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\version69ie7fix.dll (file missing)
    O4 - HKCU\..\Run: [Heth] "C:\PROGRA~1\COMMON~1\DOBE~1\taskmgr.exe" -vt yazb
    O4 - HKCU\..\Run: [Lwj] "C:\Documents and Settings\Propriétaire\Mes documents\?ecurity\?srss.exe"
    O4 - HKCU\..\Run: [Ldqtce] C:\WINDOWS\?racle\?xplorer.exe


    Supprime ce fichier :
    C:\WINDOWS\system32\ncx.dll
    25 Novembre 2007 17:09:42

    re
    je peux pas supprimer le fichier car ca me dit que c'est un fichier systéme ou je sais pas quoi...
    j'ai fixé toutes les lignes et depuis ca internet ne marche plus...??
    la je suis sur l'ordi de mes parents..
    Il y a une personne qui doit venir normalement cette semaine pour réparer internet..
    a b 8 Sécurité
    25 Novembre 2007 21:12:44

    On n'a touché à rien concernant Internet.
    Reposte un rapport Hijackthis.
    6 Janvier 2008 17:12:35

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:11:16, on 06/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\System32\nvsvc32.exe
    D:\Alcohol\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\Program Files\Microsoft Works\MSWorks.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [Microsoft MicroP Protocol] wdgmr32.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Microsoft Windows Update] scvvhost.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Microsoft MicroP Protocol] wdgmr32.exe (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol\Alcohol 120\StarWind\StarWindService.exe

    --
    End of file - 3157 bytes
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS