Votre question

[resolu] - Problème : virus Nokia - 16

Tags :
  • Nokia
  • Sécurité
Dernière réponse : dans Sécurité et virus
25 Octobre 2007 21:35:14

Bonjours

J'ai attrappé le virus nokia via msn
suivant l'avis d'un ami j'ai telecharger msnfix qui a fait une analyse et m'a ouvert un rapport dans un bloc note mais je ne sais pas quoi faire de ça ...

j'ai lu que le probleme avait deja été traité mais je n'ai pas compris ce que je doit faire ensuite merci de m'aider ...


je mets ce qui c'est affiché dans le bloc note si ça peut aider :

MSNFix 1.554

C:\Documents and Settings\claire\Bureau\MSNFix
Fix exécuté le 25/10/2007 - 21:09:58,32 By claire
mode normal

************************ Recherche les fichiers présents

... C:\DOCUME~1\ALLUSE~1\MENUDM~1\carlton
... C:\Program Files\Fichiers communs\Carlson\carlton
... C:\k3d3t4t8n7l.exe
... C:\WINDOWS\LBTWiz.exe
... C:\WINDOWS\Nokia_19_jpg.zip
... C:\WINDOWS\system32\microsoft\backup.ftp
... C:\WINDOWS\system32\microsoft\backup.tftp
... C:\WINDOWS\Nokia_19_jpg.zip

************************ MSNCHK ***** /!\ beta test /!\

[!] C:\WINDOWS\Nokia_19_jpg.zip is INFECTED


************************ Recherche les dossiers présents

... C:\Program Files\Fichiers communs\Carlson\




************************ Suppression des fichiers




************************ Nettoyage du registre



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\WINDOWS\Nokia_19_jpg.zip] 8D6FF711360555CB684111B82830E234
[C:\k3d3t4t8n7l.exe] 58D628D57E70F37CF7EC0D1D65CB0442
[C:\Documents and Settings\claire\presets.ini] 31FC6F60D84A65CB838354D4F7E05ED7

==> SVP merci d'envoyer le fichier C:\DOCUME~1\claire\Bureau\Upload_Me.zip sur http://upload.changelog.fr



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 25102007_21131848.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

et voici le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:41:12, on 26/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\WINDOWS\system32\WService.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\LBTWiz.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\tsitra1148.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-internet.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_18_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_18_0.dll
O3 - Toolbar: TV5 - Dictionnaires - {CEDDA62D-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\Dico TV5\MDTV5TB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [hrdyavx] c:\windows\system32\hrdyavx.exe hrdyavx
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [lourngb] c:\windows\system32\lourngb.exe -start
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\tsitra1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Raccourci vers Apoint.lnk = C:\Program Files\Apoint2K\Apoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
O15 - Trusted Zone: http://*.billingnow.com
O15 - Trusted Zone: http://*.reliablestats.com
O15 - Trusted Zone: http://*.winantispyware.com
O15 - Trusted Zone: http://*.winantivirus.com
O15 - Trusted Zone: http://*.winantiviruspro.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: http://*.winfixer.com
O15 - Trusted Zone: http://*.winnanny.com
O15 - Trusted Zone: http://*.winsoftware.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {0878F049-D33E-45E0-A157-C36A6683CF25} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess...
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2A3DFC59-8A87-49A1-85D1-42903410911F} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_FR...
O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - http://scripts.downloadv3.com/binaries/P2EClient/EGAUTH...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - http://scripts.downloadv3.com/binaries/IA/sysiasvc32_FR...
O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - http://scripts.downloadv3.com/binaries/IA/syswbsvc32_FR...
O16 - DPF: {8D8BAF56-B581-4B90-A549-C4AC6B03F1BB} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACC...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {BA14D944-0D8C-4F16-A950-6E53EEBB558F} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_...
O16 - DPF: {E15111B0-95AE-4C05-B91F-F4564057990C} (Canal+ Active MSWAY) - http://servicesv4.moviesystem.com/cabs/msway.cab
O16 - DPF: {E1D20694-74D9-472D-AF03-08C26173A67F} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {E3943A24-2F83-4505-9AE5-F705E81B50CB} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCE...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD979C2B-B611-4B73-83E5-96487A632CF1}: NameServer = 194.117.200.10,194.117.200.15
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Service de sécurité matérielle (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

--
End of file - 12401 bytes

merci de m'aider ^^

Autres pages sur : resolu probleme virus nokia

29 Octobre 2007 10:35:12

faut il que je rajoute des informations ?
a b 8 Sécurité
29 Octobre 2007 10:46:41

Bonjour,

  • Télécharge combofix.exe (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    Contenus similaires
    29 Octobre 2007 11:14:41

    voici le rapport :

    ComboFix 07-10-28.2 - claire 2007-10-29 11:08:07.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.209 [GMT 1:00]
    Running from: C:\Documents and Settings\claire\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\WINDOWS\Downloaded Program Files.\sysiasvc32.inf
    C:\WINDOWS\Downloaded Program Files.\sysinetsvc32.inf
    C:\WINDOWS\Downloaded Program Files.\syswbsvc32.inf
    C:\WINDOWS\setup.exe
    c:\WINDOWS\system32\hrdyavx.dat
    C:\WINDOWS\system32\nvrssk.dll
    C:\WINDOWS\system32\nvrssl.dll
    C:\WINDOWS\system32\stera.job
    C:\WINDOWS\system32\stera.log
    C:\WINDOWS\tmlpcert2007
    C:\WINDOWS\tsitra1148.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_FOPN




    ((((((((((((((((((((((((((((( Fichiers créés 2007-09-28 to 2007-10-29 ))))))))))))))))))))))))))))))))))))
    .

    2007-10-29 10:52 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-26 16:40 <REP> d-------- C:\Program Files\Trend Micro
    2007-10-25 22:31 9,808 --a------ C:\xr-1-1148.exe
    2007-10-25 20:12 17,920 --a------ C:\WINDOWS\system32\dllcache\tftp.exe
    2007-10-23 20:43 <REP> d--h----- C:\Program Files\Fichiers communs\Carlson
    2007-10-23 20:43 44,495 --a------ C:\k3d3t4t8n7l.exe
    2007-10-23 19:55 561,298 --a------ C:\WINDOWS\Nokia_19_jpg.zip
    2007-10-23 19:55 561,152 -r-hs---- C:\WINDOWS\LBTWiz.exe
    2007-10-21 11:35 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2007-10-21 11:35 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-10-21 11:35 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-10-21 11:35 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-10-21 11:35 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-10-21 11:35 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-10-21 11:34 <REP> d-------- C:\Program Files\Alwil Software
    2007-10-21 11:34 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-10-10 22:20 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-10-06 23:52 <REP> d-------- C:\Program Files\Dico TV5

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-29 10:03 --------- d-----w C:\Program Files\Microsoft AntiSpyware
    2007-10-25 15:18 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
    2007-10-22 16:16 --------- d-----w C:\Program Files\Adverts
    2007-10-21 10:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-10-21 10:38 --------- d-----w C:\Program Files\Fichiers communs\Panda Software
    2007-10-20 17:02 --------- d-----w C:\Program Files\QuickTime
    2007-10-20 17:02 --------- d-----w C:\Program Files\MSN Messenger
    2007-10-20 17:02 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-10-20 17:02 --------- d-----w C:\Program Files\Google
    2007-10-20 17:02 --------- d-----w C:\Program Files\Apoint2K
    2007-10-15 18:25 --------- d-----w C:\Program Files\7-Zip
    2007-10-10 22:10 --------- d-----w C:\Program Files\GENIUS TABLET
    2007-09-28 17:45 --------- d-----w C:\Program Files\LimeWire
    2007-09-28 17:45 --------- d-----w C:\Program Files\Audacity
    2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-03-22 18:01 38,136 ----a-w C:\Documents and Settings\claire\Application Data\GDIPFONTCACHEV1.DAT
    2006-11-26 18:44 6,103,728 ----a-w C:\Program Files\FirefoxGoogleToolbarSetup.exe
    2006-11-26 18:06 12,841,064 ----a-w C:\Program Files\SkypeSetup.exe
    2000-08-08 15:44 340 ----a-w C:\Program Files\setup.bat
    2000-08-08 15:39 45,056 ----a-w C:\Program Files\SETUPREG.EXE
    2000-08-08 15:18 34 ----a-w C:\Program Files\fonts.bat
    2000-08-08 15:17 0 ----a-w C:\Program Files\EBUSetup.sem
    2000-06-13 00:59 53,299 ----a-w C:\Program Files\ebueulax.dll
    2000-05-27 01:58 39,647 ----a-w C:\Program Files\EULAx.RTF
    1999-09-22 03:32 53,304 ----a-w C:\Program Files\EBUEula.dll
    1999-09-22 03:32 40,507 ----a-w C:\Program Files\EULA.RTF
    1999-09-22 03:32 365,568 ----a-w C:\Program Files\HA312W32.DLL
    1999-09-22 03:32 158,902 ----a-w C:\Program Files\scenariobkg.bmp
    1999-09-21 18:46 2,560,000 ----a-w C:\Program Files\empires2.exe
    2005-03-01 15:02:56 56 --sha-r C:\WINDOWS\system32\91F847DA59.sys
    2005-03-10 18:48:50 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CEDDA62D-5FBE-4AB2-AE2E-5E069F444444}"= C:\Program Files\Dico TV5\MDTV5TB.dll [2007-09-11 16:19 802816]

    [HKEY_CLASSES_ROOT\CLSID\{CEDDA62D-5FBE-4AB2-AE2E-5E069F444444}]
    [HKEY_CLASSES_ROOT\MDTV5Tb.IEToolBar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{43C9998B-DB65-4F03-8C57-BBF146CCCCCC}]
    [HKEY_CLASSES_ROOT\MDTV5Tb.IEToolBar]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WService"="WService.EXE" [2002-09-07 11:23 C:\WINDOWS\system32\WService.exe]
    "UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-03-13 19:11]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 02:52]
    "Share-to-Web Namespace Daemon"="C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 09:42]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-04-07 20:22]
    "lourngb"="c:\windows\system32\lourngb.exe" []
    "HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
    "HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-22 18:56]
    "gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-07-12 14:35]
    "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 12:05]
    "ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" []
    "CamMonitor"="C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-06 23:23]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-08 04:40]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-01-30 17:01 C:\WINDOWS\AGRSMMSG.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-05-28 19:48]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
    "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-20 00:09]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RecordNow!"="" []
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-18 08:41]

    C:\Documents and Settings\claire\Menu Démarrer\Programmes\Démarrage\
    Raccourci vers Apoint.lnk - C:\Program Files\Apoint2K\Apoint.exe [2003-10-08 04:40:00]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.exe.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^FotoStation Easy AutoLaunch.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\FotoStation Easy AutoLaunch.lnk
    backup=C:\WINDOWS\pss\FotoStation Easy AutoLaunch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkvMon.exe.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkvMon.exe.lnk
    backup=C:\WINDOWS\pss\NkvMon.exe.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package Menu.lnk
    backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package VCD Maker.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package VCD Maker.lnk
    backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^claire^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
    path=C:\Documents and Settings\claire\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^claire^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 1.1.4.lnk]
    path=C:\Documents and Settings\claire\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 1.1.4.lnk
    backup=C:\WINDOWS\pss\OpenOffice.org 1.1.4.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]
    C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MailSkinner]
    c:\program files\mailskinner\mailskinner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

    R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys
    R2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys
    S2 PDSched;PDScheduler;"C:\Program Files\Raxco\PerfectDisk\PDSched.exe"
    S3 CE3;Service de la carte Xircom Ethernet 10/100;C:\WINDOWS\system32\DRIVERS\ce3n5.sys
    S3 P1171VID;Creative WebCam Notebook #2;C:\WINDOWS\system32\DRIVERS\P1171Vid.sys
    S3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\system32\PavSRK.sys
    S3 PavTPK.sys;PavTPK.sys;\??\C:\WINDOWS\system32\PavTPK.sys
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

    .
    **************************************************************************

    catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-29 11:11:31
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe??????????m????|?@???? ???B???????????????B? ??????

    scanning hidden files ...

    **************************************************************************
    .
    Completion time: 2007-10-29 11:12:53
    .
    --- E O F ---
    a b 8 Sécurité
    29 Octobre 2007 11:18:47

    Reposte un rapport Hijackthis.
    29 Octobre 2007 11:22:21

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:21:42, on 29/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\gearsec.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\DRIVERS\WtSrv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\WService.EXE
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
    C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-internet.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_18_0.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_18_0.dll
    O3 - Toolbar: TV5 - Dictionnaires - {CEDDA62D-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\Dico TV5\MDTV5TB.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [WService] WService.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [lourngb] c:\windows\system32\lourngb.exe -start
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
    O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Raccourci vers Apoint.lnk = C:\Program Files\Apoint2K\Apoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    O15 - Trusted Zone: http://*.billingnow.com
    O15 - Trusted Zone: http://*.reliablestats.com
    O15 - Trusted Zone: http://*.winantispyware.com
    O15 - Trusted Zone: http://*.winantivirus.com
    O15 - Trusted Zone: http://*.winantiviruspro.com
    O15 - Trusted Zone: *.winfixer.com
    O15 - Trusted Zone: http://*.winfixer.com
    O15 - Trusted Zone: http://*.winnanny.com
    O15 - Trusted Zone: http://*.winsoftware.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {E15111B0-95AE-4C05-B91F-F4564057990C} (Canal+ Active MSWAY) - http://servicesv4.moviesystem.com/cabs/msway.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AD979C2B-B611-4B73-83E5-96487A632CF1}: NameServer = 194.117.200.10,194.117.200.15
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Service de sécurité matérielle (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

    --
    End of file - 10267 bytes
    29 Octobre 2007 14:02:22

    voila le rapport d'antivir apres un scan complet



    AntiVir PersonalEdition Classic
    Report file date: lundi 29 octobre 2007 11:48

    Scanning for 906115 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: PC137823317288

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
    ANTIVIR2.VDF : 7.0.0.140 940544 Bytes 26/10/2007 10:47:11
    ANTIVIR3.VDF : 7.0.0.146 30208 Bytes 29/10/2007 10:47:11
    AVEWIN32.DLL : 7.6.0.30 3056128 Bytes 29/10/2007 10:47:11
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: lundi 29 octobre 2007 11:48

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'iexplore.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
    Scan process 'gcasDtServ.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned
    Scan process 'qttask.exe' - '1' Module(s) have been scanned
    Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
    Scan process 'jucheck.exe' - '1' Module(s) have been scanned
    Scan process 'Apoint.exe' - '1' Module(s) have been scanned
    Scan process 'HpqCmon.exe' - '1' Module(s) have been scanned
    Scan process 'hphmon05.exe' - '1' Module(s) have been scanned
    Scan process 'hpgs2wnd.exe' - '1' Module(s) have been scanned
    Scan process 'WService.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'realsched.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'WtSrv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'gearsec.exe' - '1' Module(s) have been scanned
    Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    40 processes with 40 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '27' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\k3d3t4t8n7l.exe
    [DETECTION] Is the Trojan horse TR/Dialer.VUY.4
    [INFO] The file was moved to '4789bac5.qua'!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\xr-1-1148.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4752bb0a.qua'!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\031B44CF.dll
    [DETECTION] Is the Trojan horse TR/P2E.CL
    [INFO] The file was moved to '4756bafa.qua'!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09F31A53.exe
    [DETECTION] Contains detection pattern of the worm WORM/Krepper.C
    [INFO] A backup was created as '476bbb3d.qua' ( QUARANTINE )
    [INFO] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0EA17D62.dll
    [DETECTION] Is the Trojan horse TR/Agent.IY
    [INFO] The file was moved to '4766bb4f.qua'!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0EA17D62.exe
    [DETECTION] Is the Trojan horse TR/Agent.IX
    [INFO] The file was moved to '4766bb53.qua'!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0ED60F74.exe
    [DETECTION] Contains detection pattern of the dropper DR/Toolbar.GigatechSuperBar
    [INFO] The file was moved to '4769bb5d.qua'!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44541AD1.dll
    [DETECTION] Is the Trojan horse TR/P2E.CL
    [INFO] The file was moved to '475abb4f.qua'!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\455265B8.dll
    [DETECTION] Contains detection pattern of the dial-up program DIAL/EDGACCESS.1
    [INFO] The file was moved to '475abb55.qua'!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45B4514C.dll
    [DETECTION] Contains detection pattern of the dial-up program DIAL/EDGACCESS.5
    [INFO] The file was moved to '4767bb5a.qua'!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45B77B49.dll
    [DETECTION] Contains detection pattern of the dial-up program DIAL/EDGACCESS.1
    [INFO] The file was moved to '4767bb5d.qua'!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45BB2545.exe
    [DETECTION] Contains detection pattern of the dial-up program DIAL/167080.A
    [INFO] The file was moved to '4767bb61.qua'!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45BE4F42.exe
    [DETECTION] Is the Trojan horse TR/Agent.BPB
    [INFO] The file was moved to '4767bb63.qua'!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\67D2192E.dll
    [DETECTION] Is the Trojan horse TR/P2E.CL
    [INFO] The file was moved to '4769bb68.qua'!
    C:\Documents and Settings\claire\Bureau\Upload_Me.zip
    [0] Archive type: ZIP
    --> DOCUME~1/claire/Bureau/Upload_Me/k3d3t4t8n7l.exe
    [DETECTION] Is the Trojan horse TR/Dialer.VUY.4
    --> DOCUME~1/claire/Bureau/Upload_Me/Nokia_19_jpg.zip
    [1] Archive type: ZIP
    --> www.Nokia_19_jpg-msn.com
    [DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
    [INFO] The file was moved to '4791bcac.qua'!
    C:\Program Files\Fichiers communs\Carlson\carlton
    [DETECTION] Is the Trojan horse TR/Dialer.VUY.4
    [INFO] The file was moved to '4797c85d.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\tsitra1148.exe.vir
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '478ed332.qua'!
    C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP536\A0128851.exe
    [DETECTION] Is the Trojan horse TR/Dialer.VUY.4
    [INFO] A backup was created as '4756d4eb.qua' ( QUARANTINE )
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP536\A0128911.exe
    [DETECTION] Is the Trojan horse TR/Dialer.VUY.4
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP537\A0128942.exe
    [DETECTION] Is the Trojan horse TR/Dialer.VUY.4
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP539\A0128997.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4756d507.qua'!
    C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP540\A0129152.exe
    [DETECTION] Is the Trojan horse TR/Dialer.VUY.4
    [INFO] The file was moved to '4756d514.qua'!
    C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP540\A0129153.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '4756d516.qua'!
    C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP540\A0129154.dll
    [DETECTION] Is the Trojan horse TR/P2E.CL
    [INFO] The file was moved to '4756d51a.qua'!
    C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP540\A0129155.exe
    [DETECTION] Contains detection pattern of the worm WORM/Krepper.C
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP540\A0129156.dll
    [DETECTION] Is the Trojan horse TR/Agent.IY
    [INFO] The file was moved to '4756d525.qua'!
    C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP540\A0129157.exe
    [DETECTION] Is the Trojan horse TR/Agent.IX
    [INFO] The file was moved to '4756d528.qua'!
    C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP540\A0129158.exe
    [DETECTION] Contains detection pattern of the dropper DR/Toolbar.GigatechSuperBar
    [INFO] The file was moved to '4756d52c.qua'!
    C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP540\A0129159.dll
    [DETECTION] Is the Trojan horse TR/P2E.CL
    [INFO] The file was moved to '4756d52f.qua'!
    C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP540\A0129160.dll
    [DETECTION] Contains detection pattern of the dial-up program DIAL/EDGACCESS.1
    [INFO] The file was moved to '4756d533.qua'!
    C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP540\A0129161.dll
    [DETECTION] Contains detection pattern of the dial-up program DIAL/EDGACCESS.5
    [INFO] The file was moved to '4756d536.qua'!
    C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP540\A0129162.dll
    [DETECTION] Contains detection pattern of the dial-up program DIAL/EDGACCESS.1
    [INFO] The file was moved to '4756d538.qua'!
    C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP540\A0129163.exe
    [DETECTION] Contains detection pattern of the dial-up program DIAL/167080.A
    [INFO] The file was moved to '4756d53b.qua'!
    C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP540\A0129164.exe
    [DETECTION] Is the Trojan horse TR/Agent.BPB
    [INFO] The file was moved to '4756d53e.qua'!
    C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP540\A0129165.dll
    [DETECTION] Is the Trojan horse TR/P2E.CL
    [INFO] The file was moved to '4756d540.qua'!
    C:\WINDOWS\ccGetMgr.exe
    [DETECTION] Contains detection pattern of the worm WORM/Stration.Gen
    [INFO] The file was deleted!
    C:\WINDOWS\LBTWiz.exe
    [DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
    [INFO] The file was deleted!
    C:\WINDOWS\Nokia_19_jpg.zip
    [0] Archive type: ZIP
    --> www.Nokia_19_jpg-msn.com
    [DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
    [INFO] The file was moved to '4790d5a6.qua'!


    End of the scan: lundi 29 octobre 2007 13:59
    Used time: 2:11:32 min

    The scan has been done completely.

    9688 Scanning directories
    386260 Files were scanned
    39 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    7 files were deleted
    0 files were repaired
    33 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    386221 Files not concerned
    8042 Archives were scanned
    2 Warnings
    98 Notes



    les éléments mis en quarantaine, puis je les supprimer ou vaut il mieux les laisser comme ça ?
    a b 8 Sécurité
    29 Octobre 2007 14:05:32

    Tu peux les laisser.
    Reposte un rapport Hijackthis.
    29 Octobre 2007 14:07:37

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:07:18, on 29/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\gearsec.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\DRIVERS\WtSrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\WINDOWS\system32\WService.EXE
    C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-internet.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_18_0.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_18_0.dll
    O3 - Toolbar: TV5 - Dictionnaires - {CEDDA62D-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\Dico TV5\MDTV5TB.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [WService] WService.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [lourngb] c:\windows\system32\lourngb.exe -start
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
    O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Raccourci vers Apoint.lnk = C:\Program Files\Apoint2K\Apoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    O15 - Trusted Zone: http://*.billingnow.com
    O15 - Trusted Zone: http://*.reliablestats.com
    O15 - Trusted Zone: http://*.winantispyware.com
    O15 - Trusted Zone: http://*.winantivirus.com
    O15 - Trusted Zone: http://*.winantiviruspro.com
    O15 - Trusted Zone: *.winfixer.com
    O15 - Trusted Zone: http://*.winfixer.com
    O15 - Trusted Zone: http://*.winnanny.com
    O15 - Trusted Zone: http://*.winsoftware.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {E15111B0-95AE-4C05-B91F-F4564057990C} (Canal+ Active MSWAY) - http://servicesv4.moviesystem.com/cabs/msway.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AD979C2B-B611-4B73-83E5-96487A632CF1}: NameServer = 194.117.200.10,194.117.200.15
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Service de sécurité matérielle (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

    --
    End of file - 10035 bytes


    a b 8 Sécurité
    29 Octobre 2007 14:16:49

    Re,

    Télécharge [#FF0000]DelDomains.inf[/#F] (de Mike Burgess) sur ton Bureau.
    **Si tu utilises FireFox : fais un clic droit sur le lien et choisis "Enregistrer la cible du lien sous..."**
  • Fais un clique droit sur le fichier, puis choisis "Installer" du menu contextuel.
  • Le script s'installe rapidement et aucune confirmation ne sera affichée à l'écran, ceci est normal.
    29 Octobre 2007 14:23:29

    et c'est finis ?
    je peux supprimer tout les fichiers télécharger ( msnfix, aswclear, combofix...) ?
    a b 8 Sécurité
    29 Octobre 2007 14:30:25

    Reposte un rapport Hijackthis.
    29 Octobre 2007 14:32:26

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:32:14, on 29/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\gearsec.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\DRIVERS\WtSrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\WINDOWS\system32\WService.EXE
    C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-internet.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_18_0.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_18_0.dll
    O3 - Toolbar: TV5 - Dictionnaires - {CEDDA62D-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\Dico TV5\MDTV5TB.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [WService] WService.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [lourngb] c:\windows\system32\lourngb.exe -start
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
    O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Raccourci vers Apoint.lnk = C:\Program Files\Apoint2K\Apoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {E15111B0-95AE-4C05-B91F-F4564057990C} (Canal+ Active MSWAY) - http://servicesv4.moviesystem.com/cabs/msway.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AD979C2B-B611-4B73-83E5-96487A632CF1}: NameServer = 194.117.200.10,194.117.200.15
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Service de sécurité matérielle (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

    --
    End of file - 9595 bytes
    a b 8 Sécurité
    29 Octobre 2007 15:08:51

    Tu as encore des problèmes ?
    29 Octobre 2007 15:10:15

    non je veux juste savoir si je supprime tout les fichiers telecharger sinon c'est bon pour moi merci beaucoup ^^
    a b 8 Sécurité
    29 Octobre 2007 15:59:21

    Tu peux.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS