Se connecter / S'enregistrer
Votre question

suite a un virus Win32.Zhelatin

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
17 Avril 2007 23:11:16

Bonsoir ,

J'viens vous demander de l'aide car je nage completement

alors pour resumer le 12/04 avast me detecte un virus Win32.Zhelatin-I[wrm] que j'ai aussitot dirigé dans "mise en quarantaine" depuis mon ordinateur rame et s'arrete de tps en tps (surtout qd j'vais trop vite ou que j'ouvre des autres programmes).
j'ai deja passé spybot et CCleaner et ad-Aware
j'ai aussi fait un scanne kapersky en ligne j'ai le rapport si vous voulez y jeter un oeil il me trouve 3 virus et 7 objets infectés
Merci d'avance pour l'aide que vous pourrez m'apporter .

Autres pages sur : suite virus win32 zhelatin

a b 8 Sécurité
17 Avril 2007 23:15:24

Bonjour,

Poste le rapport Kaspersky.

Télécharge Hijackthis (de Merjin).
Dézippe-le dans un dossier ou sur ton Bureau.

Lance l'application (Hijackthis.exe) :
- Choisis l'option "Do a system scan and save a logfile"
- Le Bloc-Notes s'ouvre, poste son contenu :

-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse


AIDE : Tuto en vidéo sur Hijackthis
17 Avril 2007 23:18:04

Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 17/04/2007
Enregistrements dans la base antivirus Kaspersky : 281268
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
A:\
C:\
D:\
E:\
F:\

Statistiques de l'analyse:
Total d'objets analysés: 31384
Nombre de virus trouvés: 3
Nombre d'objets infectés: 7 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 01:14:41

Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Temporary Internet Files\Content.IE5\KB8JYFW3\3ti[1].exe Infecté : Packed.Win32.Tibs.r ignoré
C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Temporary Internet Files\Content.IE5\WDM96Z4R\inst[1].exe Infecté : Email-Worm.Win32.Zhelatin.cs ignoré
C:\Documents and Settings\LocalService.AUTORITE NT\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService.AUTORITE NT\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService.AUTORITE NT\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService.AUTORITE NT\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\VIG.XPSP2-F4AAC4ED6\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\VIG.XPSP2-F4AAC4ED6\Local Settings\Application Data\Identities\{92EBB350-6168-4C8F-8AB9-54B400701867}\Microsoft\Outlook Express\Folders.dbx L'objet est verrouillé ignoré
C:\Documents and Settings\VIG.XPSP2-F4AAC4ED6\Local Settings\Application Data\Identities\{92EBB350-6168-4C8F-8AB9-54B400701867}\Microsoft\Outlook Express\Offline.dbx L'objet est verrouillé ignoré
C:\Documents and Settings\VIG.XPSP2-F4AAC4ED6\Local Settings\Application Data\Identities\{92EBB350-6168-4C8F-8AB9-54B400701867}\Microsoft\Outlook Express\Pop3uidl.dbx L'objet est verrouillé ignoré
C:\Documents and Settings\VIG.XPSP2-F4AAC4ED6\Local Settings\Application Data\Identities\{92EBB350-6168-4C8F-8AB9-54B400701867}\Microsoft\Outlook Express\Éléments envoyés.dbx L'objet est verrouillé ignoré
C:\Documents and Settings\VIG.XPSP2-F4AAC4ED6\Local Settings\Application Data\Microsoft\Messenger\maevaldu34490@hotmail.fr\ObjectStore\UserTile\ZTbE6J8kl20dzoFo9bmIlpOOF90=.dt2 L'objet est verrouillé ignoré
C:\Documents and Settings\VIG.XPSP2-F4AAC4ED6\Local Settings\Application Data\Microsoft\Messenger\maevaldu34490@hotmail.fr\ObjectStore\UserTile\ZTbE6J8kl20dzoFo9bmIlpOOF90=.id2 L'objet est verrouillé ignoré
C:\Documents and Settings\VIG.XPSP2-F4AAC4ED6\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\VIG.XPSP2-F4AAC4ED6\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\VIG.XPSP2-F4AAC4ED6\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\VIG.XPSP2-F4AAC4ED6\Local Settings\Temp\~DF2A93.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\VIG.XPSP2-F4AAC4ED6\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\VIG.XPSP2-F4AAC4ED6\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\VIG.XPSP2-F4AAC4ED6\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{B4181502-587A-4AB2-BBEB-AA2971C6571B}\RP0\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\3ti.exe Infecté : Packed.Win32.Tibs.r ignoré
C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\ndis.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\inst.exe Infecté : Email-Worm.Win32.Zhelatin.cs ignoré
C:\WINDOWS\system32\inst.exe.exe Infecté : Email-Worm.Win32.Zhelatin.cs ignoré
C:\WINDOWS\system32\mszsrn32.dll Infecté : Email-Worm.Win32.Banwarum.o ignoré
C:\WINDOWS\system32\ntos.exe L'objet est verrouillé ignoré
C:\WINDOWS\system32\pdp.exe.exe Infecté : Email-Worm.Win32.Zhelatin.cs ignoré
C:\WINDOWS\system32\poof L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wsnpoem\audio.dll L'objet est verrouillé ignoré
C:\WINDOWS\system32\wsnpoem\video.dll L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_7e8.dat L'objet est verrouillé ignoré
C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré

Analyse terminée.
Contenus similaires
17 Avril 2007 23:18:54

j'fais le reste merci
17 Avril 2007 23:22:36

voila !
j'espere que c'est bien ca

Logfile of HijackThis v1.99.1
Scan saved at 23:23:46, on 17/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Wanadoo\WOOBRO~1\DownloadManager.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88"
O4 - HKLM\..\Run: [Cloneur Expert Monitor] C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoreflex.com/tools/ImageUploader/ImageUpl...
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photobox.fr/discount/clients/uploader_v2.2.0...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: mszsrn32 - C:\WINDOWS\system32\mszsrn32.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

a b 8 Sécurité
17 Avril 2007 23:26:31

Re,

Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne TOUS les emplacements en gras ci-dessous :

C:\WINDOWS\system32\inst.exe
C:\WINDOWS\system32\inst.exe.exe
C:\WINDOWS\system32\mszsrn32.dll
C:\WINDOWS\system32\ntos.exe
C:\WINDOWS\system32\pdp.exe.exe


---> Clique-droit puis Copier

Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller.
Clique maintenant sur [#ff0000]MoveIt![/#f]

[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]

Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport est la date de sa création.
17 Avril 2007 23:39:45

j'ai fait ce que vous venez de me dire mais a chaque fois que je veux aller chercher le rapport dans le dossier l'ordinateur s'arrete aussitot que j'arrive a le copie colle je le poste
17 Avril 2007 23:43:15

C:\WINDOWS\system32\inst.exe moved successfully.
C:\WINDOWS\system32\inst.exe.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mszsrn32.dll
C:\WINDOWS\system32\mszsrn32.dll NOT unregistered.
C:\WINDOWS\system32\mszsrn32.dll moved successfully.
File move failed. C:\WINDOWS\system32\ntos.exe scheduled to be moved on reboot.
C:\WINDOWS\system32\pdp.exe.exe moved successfully.

Created on 04/17/2007 23:30:56
a b 8 Sécurité
18 Avril 2007 12:02:02

Tu peux reposter un rapport Hijackthis ?
18 Avril 2007 13:39:49

bonjour, voila le dernier rapport H


Logfile of HijackThis v1.99.1
Scan saved at 13:41:12, on 18/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\explorer.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88"
O4 - HKLM\..\Run: [Cloneur Expert Monitor] C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hgh.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoreflex.com/tools/ImageUploader/ImageUpl...
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photobox.fr/discount/clients/uploader_v2.2.0...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: mszsrn32 - C:\WINDOWS\system32\mszsrn32.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
a b 8 Sécurité
18 Avril 2007 13:41:23

Re,

- Assure toi d'avoir accès aux dossiers/fichiers cachés
-> Démarrer
-> Panneau de configuration
-> Options des Dossiers, onglet Affichage :
. Clique sur Afficher les dossiers cachés
. Décoche Masquer les extensions des fichiers dont le type est connu
. Décoche Masquer les fichiers protégés du système d'exploitation


Va sur le site de VirusTotal
Clique sur Parcourir... puis ouvre:

C:\WINDOWS\system32\hgh.dll

Clique ensuite sur Send
Poste le rapport en fin d'analyse.

Si tu vois ce message:
" Your file " ***.*** " is queued in position: ***. Estimated start time is between *** and *** minutes. "
Il te faudra patienter.
18 Avril 2007 13:53:51

STATUS: FINISHEDComplete scanning result of "hgh.dll", received in VirusTotal at 04.18.2007, 13:47:15 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.4.18.0 04.18.2007 no virus found
AntiVir 7.3.1.53 04.18.2007 TR/Vqten.A.3
Authentium 4.93.8 04.18.2007 no virus found
Avast 4.7.981.0 04.17.2007 no virus found
AVG 7.5.0.447 04.18.2007 no virus found
BitDefender 7.2 04.18.2007 Trojan.Vqten.A
CAT-QuickHeal 9.00 04.17.2007 no virus found
ClamAV devel-20070312 04.18.2007 no virus found
DrWeb 4.33 04.18.2007 Trojan.Vqten
eSafe 7.0.15.0 04.17.2007 Win32.Trojan
eTrust-Vet 30.7.3576 04.18.2007 no virus found
Ewido 4.0 04.18.2007 Trojan.Vqten.A
FileAdvisor 1 04.18.2007 no virus found
Fortinet 2.85.0.0 04.18.2007 suspicious
F-Prot 4.3.2.48 04.17.2007 no virus found
F-Secure 6.70.13030.0 04.18.2007 no virus found
Ikarus T3.1.1.5 04.18.2007 Trojan.Vqten
Kaspersky 4.0.2.24 04.18.2007 no virus found
McAfee 5011 04.17.2007 no virus found
Microsoft 1.2405 04.18.2007 no virus found
NOD32v2 2201 04.18.2007 no virus found
Norman 5.80.02 04.18.2007 no virus found
Panda 9.0.0.4 04.18.2007 Adware/WebAttaker
Prevx1 V2 04.18.2007 Polynomial.Code.Exploit
Sophos 4.16.0 04.17.2007 no virus found
Sunbelt 2.2.907.0 04.07.2007 no virus found
Symantec 10 04.18.2007 Backdoor.Trojan
TheHacker 6.1.6.095 04.15.2007 no virus found
VBA32 3.11.3 04.18.2007 Trojan.Vqten
VirusBuster 4.3.7:9 04.17.2007 no virus found
Webwasher-Gateway 6.0.1 04.18.2007 Trojan.Vqten.A.3


Aditional Information
File size: 21504 bytes
MD5: b43e646a2174d121c89720ee9f20d819
SHA1: fefe364da72daa2451505a3e72f4a269097c6e33
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=3dab84841424

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
18 Avril 2007 13:57:08

j'ai bien fait ca :

Assure toi d'avoir accès aux dossiers/fichiers cachés
-> Démarrer
-> Panneau de configuration
-> Options des Dossiers, onglet Affichage :
. Clique sur Afficher les dossiers cachés
. Décoche Masquer les extensions des fichiers dont le type est connu
. Décoche Masquer les fichiers protégés du système d'exploitation

mais j'ai pas redemarrer l'ordi c'est bon qd meme ? j'ai fait appliquer ok
a b 8 Sécurité
18 Avril 2007 13:59:27

Re,

Télécharge LSPfix
Lance l'application.
Déconnecte-toi d'Internet et ferme toutes les fenêtres d'Internet Explorer.
Coche la case "I know what I'm doing"
Sélectionne la ou les dll suivantes
UNIQUEMENT celle(s) qui est(sont) INDIQUÉE(S) CI-DESSOUS, NE TOUCHE PAS aux autres !

hgh.dll

Glisse la du panneau de gauche "Keep" au panneau "Remove".
Clique sur "Finish".
(Si elles sont déjà dans le panneau "Remove" alors clique directement sur le bouton "Finish".)

Supprime ce fichier :
C:\WINDOWS\system32\hgh.dll
18 Avril 2007 14:53:59

ok avec bcp de mal j'ai reussi a supprimer C:\WINDOWS\system32\hgh.dll
18 Avril 2007 14:58:44

mon ordinateur se deconnecte ausitot que je clic sur explorateur je suis obligée de le rallumer plusieurs fois avant d'y arriver !!
a b 8 Sécurité
18 Avril 2007 15:04:45

Tu peux reposter un rapport Hijackthis ?
18 Avril 2007 15:04:55

dernier rapport Hijackthis ( si ca peut servir)

Logfile of HijackThis v1.99.1
Scan saved at 15:05:19, on 18/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88"
O4 - HKLM\..\Run: [Cloneur Expert Monitor] C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\gzuutvztolkfj.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gzuutvztolkfj.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gzuutvztolkfj.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gzuutvztolkfj.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gzuutvztolkfj.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gzuutvztolkfj.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gzuutvztolkfj.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gzuutvztolkfj.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gzuutvztolkfj.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gzuutvztolkfj.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gzuutvztolkfj.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gzuutvztolkfj.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gzuutvztolkfj.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gzuutvztolkfj.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoreflex.com/tools/ImageUploader/ImageUpl...
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photobox.fr/discount/clients/uploader_v2.2.0...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: mszsrn32 - C:\WINDOWS\system32\mszsrn32.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
a b 8 Sécurité
18 Avril 2007 15:08:56

Re,

- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O20 - Winlogon Notify: mszsrn32 - C:\WINDOWS\system32\mszsrn32.dll (file missing)

Clique sur Fix checked (en bas à gauche)

Lance LSPFix.
Déconnecte-toi d'Internet et ferme toutes les fenêtres d'Internet Explorer.
Coche la case "I know what I'm doing"
Sélectionne la ou les dll suivantes
UNIQUEMENT celle(s) qui est(sont) INDIQUÉE(S) CI-DESSOUS, NE TOUCHE PAS aux autres !

gzuutvztolkfj.dll

Glisse la du panneau de gauche "Keep" au panneau "Remove".
Clique sur "Finish".
(Si elles sont déjà dans le panneau "Remove" alors clique directement sur le bouton "Finish".)

Sélectionne TOUS les emplacements en gras ci-dessous :

c:\windows\system32\gzuutvztolkfj.dll
C:\WINDOWS\system32\ntos.exe


---> Clique-droit puis Copier

Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller.
Clique maintenant sur [#ff0000]MoveIt![/#f]

[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]

Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport est la date de sa création.
18 Avril 2007 15:33:06

File/Folder C:\WINDOWS\system32\ntos.exe not found.

Created on 04/18/2007 15:33:12
18 Avril 2007 15:38:06

rapport H
Logfile of HijackThis v1.99.1
Scan saved at 15:39:23, on 18/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS\explorer.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88"
O4 - HKLM\..\Run: [Cloneur Expert Monitor] C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\ryayy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ryayy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ryayy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ryayy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ryayy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ryayy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ryayy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ryayy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ryayy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ryayy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ryayy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ryayy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ryayy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ryayy.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoreflex.com/tools/ImageUploader/ImageUpl...
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photobox.fr/discount/clients/uploader_v2.2.0...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: mszsrn32 - C:\WINDOWS\system32\mszsrn32.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
a b 8 Sécurité
18 Avril 2007 15:38:08

Me suis trompé :/ 
Je vais éditer.
a b 8 Sécurité
18 Avril 2007 15:38:51

C'est bon, recommence l'étape avec OTMoveIt.
18 Avril 2007 15:41:33

oups j'avais oublié un lien a mettre sur OTMoveit donc voila le rapport

File/Folder gzuutvztolkfj.dll not found.
File/Folder C:\WINDOWS\system32\ntos.exe not found.

Created on 04/18/2007 15:42:02
a b 8 Sécurité
18 Avril 2007 15:42:44

Tu n'as pas vu, j'ai changé les lignes à sélectionner.
18 Avril 2007 15:43:02

DllUnregisterServer procedure not found in c:\windows\system32\gzuutvztolkfj.dll
c:\windows\system32\gzuutvztolkfj.dll NOT unregistered.
c:\windows\system32\gzuutvztolkfj.dll moved successfully.
File/Folder C:\WINDOWS\system32\ntos.exe not found.

Created on 04/18/2007 15:44:45
a b 8 Sécurité
18 Avril 2007 15:43:29

Voilà :) 
Reposte un rapport Hijackthis.
18 Avril 2007 15:44:34

Logfile of HijackThis v1.99.1
Scan saved at 15:46:15, on 18/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS\explorer.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88"
O4 - HKLM\..\Run: [Cloneur Expert Monitor] C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\ryayy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ryayy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ryayy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ryayy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ryayy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ryayy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ryayy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ryayy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ryayy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ryayy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ryayy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ryayy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ryayy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ryayy.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoreflex.com/tools/ImageUploader/ImageUpl...
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photobox.fr/discount/clients/uploader_v2.2.0...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: mszsrn32 - C:\WINDOWS\system32\mszsrn32.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

a b 8 Sécurité
18 Avril 2007 15:47:37

Les dlls reviennent à chaque fois.
Peux-tu me faire un screen de ce que contient LSPFix ?
18 Avril 2007 15:48:53

euh comment j'fais ca !! lol j'suis pas une pro ! merci de m'expliquer
18 Avril 2007 15:58:42

ok c'est faire une copie d'ecran ca j'devrais y arriver .
par contre pour trouver LSPFix j'ai fait windows recherche LSPFix j'ai trouve ce dossier dans windows prefetch mais c'est un exe donc je pense que ce n'est pas le bon dossier !?
peux tu m'eclairer dans la recherche merci d'avance
18 Avril 2007 16:10:40

j'ai reussi a le faire mais je trouve pas pour l'envoyer sur le forum grr !!!
sinon il y a
- mswsock.dll TCP/IP
- winrnr.dll NTDS
- ryayy.dll (protocol handler)
- rsvpsp.dll ( idem )
a b 8 Sécurité
18 Avril 2007 16:18:38

Bizarre que ces dll reviennent.

Télécharge puis installe AVG Anti-Spyware (AVG AS)
Fais les mises à jour mais ne lance pas de scan pour le moment.
AIDE : Tuto sur AVG Anti-Spyware (Malekal)

Redémarre en mode sans échec

Relance AVG AS :
- Choisis l'onglet "Analyse"
- Puis l'onglet "Paramètres"
- Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
- Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

[#ff0000]Si un fichier est infecté en fin d'analyse, clique sur "Appliquer toutes les actions"[/#f]

Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.

Redémarre normalement
Poste le rapport AVG AS ainsi qu'un rapport Hijackthis.
18 Avril 2007 16:38:39

grrr impossible de telecharger le logiciel
a b 8 Sécurité
18 Avril 2007 16:41:26

Leur serveur doit être surchargé.

  • Télécharge SpySweeper (de Webroot, version d'essai de 14 jours) :

    -Clique sur "Télécharger la version test".
    -Installe le programme en choississant "installation standard".
    -Accepte le redémarrage
    -L'option de le mettre à jour s'affichera, acceptes la mise à jour
    -Lorsque les mises à jour seront installées, dans colonne de gauche clique sur l'onglet Options puis analyse.
    -Sous Eléments à analyser et Autres options coche toutes les cases.
    -Ferme SpySweeper

    La suite étant faite en mode sans échec, imprime ou copie/colle dans un fichier texte les instructions suivantes

  • Redémarre en mode sans échec : au redémarrage, tapotes immédiatement la touche F8, tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.

  • Démarre SpySweeper
    -Clique Analyser sur la gauche puis sur Démarrer l'analyse.
    -Quand le scan est terminé, clique sur Suivant.
    -Assure-toi que tous les éléments trouvés sont tous cochés, puis clic sur Suivant.
    -Tous les éléments cochés seront alors mis en quarantaine.
    -Dans "Récapitulatif", sélectionne en bas Afficher le journal de session puis Enregistrer dans un fichier afin de sauvegarder le rapport.

  • Redémarre normalement

  • Désinstalle SpySweeper à partir de ajout/suppression de programme sauf si tu veux continuer l'évaluation pendant 15 jours.

  • Copie/colle le rapport de SpySweeper ici
    18 Avril 2007 17:45:19

    Alors voici le rapport H :
    Logfile of HijackThis v1.99.1
    Scan saved at 17:45:37, on 18/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
    C:\unzipped\hijackthis\HijackThis.exe
    C:\WINDOWS\system32\totour.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] "C:\PROGRA~1\Wanadoo\GestMaj.exe" TaskBarIcon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
    O4 - HKLM\..\Run: [EPSON Stylus D88 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE" /P23 "EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88"
    O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [WOOKIT] "C:\PROGRA~1\Wanadoo\Shell.exe" appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoreflex.com/tools/ImageUploader/ImageUpl...
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photobox.fr/discount/clients/uploader_v2.2.0...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    et celui de spysweeper :

    17:39: Removal process completed. Elapsed time 00:01:02
    17:39: Quarantining All Traces: xiti cookie
    17:39: Quarantining All Traces: weborama cookie
    17:39: Quarantining All Traces: specificclick.com cookie
    17:39: Quarantining All Traces: serving-sys cookie
    17:39: Quarantining All Traces: pub cookie
    17:39: Quarantining All Traces: mediaplex cookie
    17:39: Quarantining All Traces: bs.serving-sys cookie
    17:39: Quarantining All Traces: bluestreak cookie
    17:39: Quarantining All Traces: atlas dmt cookie
    17:39: Quarantining All Traces: yieldmanager cookie
    17:39: Quarantining All Traces: trojan-backdoor-progdav
    17:39: Quarantining All Traces: trojan-koos
    17:39: Quarantining All Traces: trojan-mespam
    17:39: Quarantining All Traces: trojan-peacomm
    17:39: Quarantining All Traces: mediapipe
    17:39: ryayy.dll is in use. It will be removed on reboot.
    17:39: ryayy.dll is in use. It will be removed on reboot.
    17:39: trojan-relayer-himpax is in use. It will be removed on reboot.
    17:38: Quarantining All Traces: trojan-relayer-himpax
    17:38: Quarantining All Traces: trojan-backdoor-banwarum@mm
    17:38: Removal process initiated
    17:38: Traces Found: 33
    17:38: Full Sweep has completed. Elapsed time 00:30:20
    17:38: File Sweep Complete, Elapsed Time: 00:27:51
    17:26: Warning: Failed to access drive F:
    17:26: Warning: Failed to access drive E:
    17:24: poof (ID = 509074)
    17:24: kprof (ID = 505790)
    17:11: ryayy.dll (ID = 508360)
    17:10: Starting File Sweep
    17:10: Warning: Failed to access drive A:
    17:10: Cookie Sweep Complete, Elapsed Time: 00:00:00
    17:10: vig@xiti[1].txt (ID = 3717)
    17:10: Found Spy Cookie: xiti cookie
    17:10: vig@weborama[2].txt (ID = 3658)
    17:10: Found Spy Cookie: weborama cookie
    17:10: vig@specificclick[2].txt (ID = 3399)
    17:10: Found Spy Cookie: specificclick.com cookie
    17:10: vig@serving-sys[1].txt (ID = 3343)
    17:10: Found Spy Cookie: serving-sys cookie
    17:10: vig@pub[2].txt (ID = 3205)
    17:10: Found Spy Cookie: pub cookie
    17:10: vig@mediaplex[2].txt (ID = 6442)
    17:10: Found Spy Cookie: mediaplex cookie
    17:10: vig@bs.serving-sys[1].txt (ID = 2330)
    17:10: Found Spy Cookie: bs.serving-sys cookie
    17:10: vig@bluestreak[1].txt (ID = 2314)
    17:10: Found Spy Cookie: bluestreak cookie
    17:10: vig@atdmt[2].txt (ID = 2253)
    17:10: Found Spy Cookie: atlas dmt cookie
    17:10: vig@ad.yieldmanager[2].txt (ID = 3751)
    17:10: Found Spy Cookie: yieldmanager cookie
    17:10: Starting Cookie Sweep
    17:10: Registry Sweep Complete, Elapsed Time:00:00:13
    17:10: HKU\S-1-5-21-1957994488-1935655697-2147034371-1003\software\microsoft\windows\currentversion\explorer\ || {f710fa10-2031-3106-8872-93a2b5c5c620} (ID = 1858203)
    17:10: HKU\S-1-5-21-1957994488-1935655697-2147034371-1003\software\microsoft\windows\currentversion\explorer\ || {6780a29e-6a18-0c70-1dff-1610dde00108} (ID = 1858202)
    17:10: Found Trojan Horse: trojan-backdoor-progdav
    17:10: HKLM\system\currentcontrolset\services\poof\ (ID = 2136492)
    17:10: HKLM\system\currentcontrolset\services\kprof\ (ID = 2136484)
    17:10: HKLM\system\controlset002\enum\root\legacy_poof\ (ID = 2136428)
    17:10: HKLM\system\controlset001\enum\root\legacy_poof\ (ID = 2135588)
    17:10: HKLM\system\controlset002\services\poof\ (ID = 2109010)
    17:10: HKLM\system\controlset002\services\kprof\ (ID = 2109002)
    17:10: HKLM\system\controlset001\services\poof\ (ID = 2108973)
    17:10: HKLM\system\controlset001\services\kprof\ (ID = 2108965)
    17:10: Found Trojan Horse: trojan-koos
    17:10: HKLM\software\winsock2\buibert\ (ID = 1992171)
    17:10: Found Trojan Horse: trojan-mespam
    17:10: HKLM\system\controlset001\services\ntldr.sys\ (ID = 1962743)
    17:10: HKLM\system\controlset002\enum\root\legacy_wincom32\ (ID = 1939222)
    17:10: HKLM\system\controlset001\enum\root\legacy_wincom32\ (ID = 1939198)
    17:10: Found Trojan Horse: trojan-peacomm
    17:10: HKLM\system\currentcontrolset\services\ntldr.sys\ (ID = 1937726)
    17:10: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\mszsrn32\ (ID = 1387948)
    17:10: HKLM\software\classes\appid\downloadmanager.exe\ (ID = 866963)
    17:10: HKCR\appid\downloadmanager.exe\ (ID = 866684)
    17:10: Found Adware: mediapipe
    17:10: Starting Registry Sweep
    17:10: Memory Sweep Complete, Elapsed Time: 00:01:30
    17:09: Detected running threat: ryayy.dll (ID = 508360)
    17:09: Found Trojan Horse: trojan-relayer-himpax
    17:08: Starting Memory Sweep
    17:08: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\mszsrn32\ || dllname (ID = 1388984)
    17:08: Found Trojan Horse: trojan-backdoor-banwarum@mm
    17:07: Sweep initiated using definitions version 897
    17:07: Spy Sweeper 5.0.7.1608 started
    17:07: | Start of Session, mercredi 18 avril 2007 |
    ********
    17:07: | End of Session, mercredi 18 avril 2007 |
    17:07: Program Version 5.0.7.1608 Using Spyware Definitions 897
    17:02: Your spyware definitions have been updated.
    Keylogger Shield: Off
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    17:01: Shield States
    17:01: Spyware Definitions: 734
    17:00: Spy Sweeper 5.0.7.1608 started
    17:00: Spy Sweeper 5.0.7.1608 started
    17:00: | Start of Session, mercredi 18 avril 2007 |
    ********
    a b 8 Sécurité
    18 Avril 2007 17:49:12

    Ton pc se comporte mieux ?
    18 Avril 2007 17:51:15

    euhhhhhhhh bonne question
    18 Avril 2007 17:55:08

    ben il vient de s'arreter de nouveau suite a mon poste grrr
    a b 8 Sécurité
    18 Avril 2007 17:55:47

    Reposte un rapport Hijackthis.
    18 Avril 2007 18:08:09

    Logfile of HijackThis v1.99.1
    Scan saved at 18:09:48, on 18/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
    C:\unzipped\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] "C:\PROGRA~1\Wanadoo\GestMaj.exe" TaskBarIcon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
    O4 - HKLM\..\Run: [EPSON Stylus D88 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE" /P23 "EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88"
    O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [WOOKIT] "C:\PROGRA~1\Wanadoo\Shell.exe" appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\izehtajphhpop.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\izehtajphhpop.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\izehtajphhpop.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\izehtajphhpop.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\izehtajphhpop.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\izehtajphhpop.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\izehtajphhpop.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\izehtajphhpop.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\izehtajphhpop.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\izehtajphhpop.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\izehtajphhpop.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\izehtajphhpop.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\izehtajphhpop.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\izehtajphhpop.dll
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoreflex.com/tools/ImageUploader/ImageUpl...
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photobox.fr/discount/clients/uploader_v2.2.0...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    18 Avril 2007 18:09:26

    c'est fou ca !!!! y a du changement a rapport a celui d'avant
    a b 8 Sécurité
    18 Avril 2007 18:09:57

    Re,

    Télécharge Silent Runners
    http://www.silentrunners.org/Silent%20Runners.zip

    Dézippe le sur ton bureau ou dans un dossier dédié.
    Double Clique ensuite sur ce fichier, patiente jusqu'à l'affichage d'un message.
    Un rapport est généré dans le meme dossier, colle le ici.

    NOTE : Si tu as une alerte de ton antivirus au cours du téléchargement, ou au cours de l'utilisation, n'en tiend pas compte.
    18 Avril 2007 18:17:21

    "Silent Runners.vbs", revision R50, http://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "WOOKIT" = ""C:\PROGRA~1\Wanadoo\Shell.exe" appLaunchClientZone.shl|PARAM= cnx" [empty string]
    "MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "WOOWATCH" = "C:\PROGRA~1\Wanadoo\Watch.exe" ["France Télécom R&D"]
    "WOOTASKBARICON" = ""C:\PROGRA~1\Wanadoo\GestMaj.exe" TaskBarIcon.exe" ["France Télécom R&D"]
    "TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
    "SoundMan" = "SOUNDMAN.EXE" ["Avance Logic, Inc."]
    "RemoteControl" = ""C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe"" ["Cyberlink Corp."]
    "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
    "InCD" = ""C:\Program Files\Ahead\InCD\InCD.exe"" ["Nero AG"]
    "EPSON Stylus D88 Series" = ""C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE" /P23 "EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88"" ["SEIKO EPSON CORPORATION"]
    "Cloneur Expert Monitor" = ""C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe"" ["Acronis"]
    "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
    "Acronis Scheduler2 Service" = ""C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"" ["Acronis"]
    "SpySweeper" = ""C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray" ["Webroot Software, Inc."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
    \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "AcroIEHlprObj Class"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
    {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Windows Live Sign-in Helper"
    \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
    {9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "ST"
    \InProcServer32\(Default) = "C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll" [MS]
    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "MSNToolBandBHO"
    \InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
    -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
    \InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
    -> {HKLM...CLSID} = "Extension icône HyperTerminal"
    \InProcServer32\(Default) = "hticons.dll" [file not found]
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
    -> {HKLM...CLSID} = "Portable Media Devices Menu"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
    a b 8 Sécurité
    18 Avril 2007 18:18:35

    Le rapport n'est pas complet.
    18 Avril 2007 18:21:16

    apparement j'avais pas tt copie colle

    "Silent Runners.vbs", revision R50, http://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "WOOKIT" = ""C:\PROGRA~1\Wanadoo\Shell.exe" appLaunchClientZone.shl|PARAM= cnx" [empty string]
    "MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "WOOWATCH" = "C:\PROGRA~1\Wanadoo\Watch.exe" ["France Télécom R&D"]
    "WOOTASKBARICON" = ""C:\PROGRA~1\Wanadoo\GestMaj.exe" TaskBarIcon.exe" ["France Télécom R&D"]
    "TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
    "SoundMan" = "SOUNDMAN.EXE" ["Avance Logic, Inc."]
    "RemoteControl" = ""C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe"" ["Cyberlink Corp."]
    "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
    "InCD" = ""C:\Program Files\Ahead\InCD\InCD.exe"" ["Nero AG"]
    "EPSON Stylus D88 Series" = ""C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE" /P23 "EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88"" ["SEIKO EPSON CORPORATION"]
    "Cloneur Expert Monitor" = ""C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe"" ["Acronis"]
    "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
    "Acronis Scheduler2 Service" = ""C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"" ["Acronis"]
    "SpySweeper" = ""C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray" ["Webroot Software, Inc."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
    \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "AcroIEHlprObj Class"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
    {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Windows Live Sign-in Helper"
    \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
    {9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "ST"
    \InProcServer32\(Default) = "C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll" [MS]
    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "MSNToolBandBHO"
    \InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
    -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
    \InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
    -> {HKLM...CLSID} = "Extension icône HyperTerminal"
    \InProcServer32\(Default) = "hticons.dll" [file not found]
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
    -> {HKLM...CLSID} = "Portable Media Devices Menu"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
    "{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"
    -> {HKLM...CLSID} = "IE Microsoft AutoComplete"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
    "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
    -> {HKLM...CLSID} = "History Band"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
    "{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
    -> {HKLM...CLSID} = "Shell Extension for CDRW"
    \InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Nero AG"]
    "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
    -> {HKLM...CLSID} = "avast"
    \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
    "{E0D79300-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]
    "{E0D79301-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]
    "{E0D79302-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]
    "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
    -> {HKLM...CLSID} = "Mes dossiers de partage"
    \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
    -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
    \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
    "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
    -> {HKLM...CLSID} = "Microsoft Office Outlook"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
    -> {HKLM...CLSID} = "Outlook File Icon Extension"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
    "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
    -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
    \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    <<!>> WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."]

    HKLM\Software\Classes\PROTOCOLS\Filter\
    <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
    -> {HKLM...CLSID} = "avast"
    \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
    WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
    -> {HKLM...CLSID} = "avast"
    \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
    SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
    -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
    \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
    WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]

    HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
    SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
    -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
    \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]


    Group Policies {GPedit.msc branch and setting}:
    -----------------------------------------------

    Note: detected settings may not have any effect.

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\

    "LowRiskFileTypes" = (REG_SZ) .exe;.bat;.com;.cmd;.reg;.vbs;.inf;.msi;.htm;.html;.swf;.js;.mp3;.mp2;.ape;.apl;.flac;.shn;.mpc;.mp+;.wma;.ogg;.mp4;.aac;.voc;.mid;.mac;.cda;.kar;.midi;.rar;.zip;.wav;.jpg;.gif;.png;.bmp;.jpeg;.doc;.xls;.pls;.pub;.dat;.html;.htm;.avi;mpg;.mpeg;.nfo;.txt;.torrent;.diz;.ppt;.m3u;.sfv;.tar;.htt;.mht;.asp;.aspx;.tiff;.rtf;.ini;.cab;.ico;.icl;.ip;.iptheme;.msstyles;.theme;.dll;.psd;.vbs;.swf;.php;.xaml;.iso;.bin;.cue;.xml;.par;.par2;.ace;.arj;.lzh;.7z;.gz;.bz;.uue;.bz2;.jar;.z;.ade;.adn;.adp;.aia;.img;.date;.aip;.ait;amf;.ani;.aob;.asf;.csv;.fla;.pxr;.wmv;.nrg;.mov;.sav;.xhtml;.php5;.pxr;.m4a;.qxr;.h;.cpp;.pdd;.rle;.dib;.eps;.jpe;.pcx;.pdp;.raw;.pct;.pict;.sct;.tga;.vda;.icd;.vst;.tif;.tpl;.log;.prx;.cdf;.nls;.ax;.msc;.cpl;.EXE;.BAT;.COM;.CMD;.REG;.VBS;.INF;.MSI;.HTM;.HTML;.SWF;.JS;.MP3;.MP2;.APE;.APL;.FLAC;.SHN;.MPC;.MP+;.WMA;.OGG;.MP4;.AAC;.VOC;.MID;.MAC;.CDA;.KAR;.MIDI;.RAR;.ZIP;.WAV;.JPG;.GIF;.PNG;.BMP;.JPEG;.DOC;.XLS;.PLS;.PUB;.DAT;.HTML;.HTM;.AVI;MPG;.MPEG;.NFO;.TXT;.TORRENT;.DIZ;.PPT;.M3U;.SFV;.TAR;.HTT;.MHT;.ASP;.ASPX;.TIFF;.RTF;.INI;.CAB;.ICO;.ICL;.IP;.IPTHEME;.MSSTYLES;.THEME;.DLL;.PSD;.VBS;.SWF;.PHP;.XAML;.ISO;.BIN;.CUE;.XML;.PAR;.PAR2;.ACE;.ARJ;.LZH;.7Z;.GZ;.BZ;.UUE;.BZ2;.JAR;.Z;.ADE;.ADN;.ADP;.AIA;.IMG;.DATE;.AIP;.AIT;AMF;.ANI;.AOB;.ASF;.CSV;.FLA;.PXR;.WMV;.NRG;.MOV;.SAV;.XHTML;.PHP5;.PXR;.M4A;.QXR;.H;.CPP;.PDD;.RLE;.DIB;.EPS;.JPE;.PCX;.PDP;.RAW;.PCT;.PICT;.SCT;.TGA;.VDA;.ICD;.VST;.TIF;.TPL;.LOG;.PRX;.CDF;.NLS;.AX;.MSC;.CPL
    {unrecognized setting}

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\

    "HideZoneInfoOnProperties" = (REG_DWORD) hex:0x00000001
    {unrecognized setting}

    "SaveZoneInformation" = (REG_DWORD) hex:0x00000001
    {unrecognized setting}

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

    "NoRecentDocsMenu" = (REG_DWORD) hex:0x00000001
    {unrecognized setting}

    "NoCDBurning" = (REG_DWORD) hex:0x00000001
    {unrecognized setting}

    "NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000001
    {unrecognized setting}

    "NoStartBanner" = (REG_BINARY) hex:01 00 00 00
    {Remove "Click here to begin" from Start button}

    "NoSMHelp" = (REG_DWORD) hex:0x00000001
    {User Configuration|Administrative Templates|Start Menu and Taskbar|
    Remove Help menu from Start Menu}

    "MemCheckBoxInRunDlg" = (REG_DWORD) hex:0x00000001
    {unrecognized setting}

    "NoSMBalloonTip" = (REG_DWORD) hex:0x00000001
    {unrecognized setting}

    "NoDesktopCleanupWizard" = (REG_DWORD) hex:0x00000001
    {unrecognized setting}

    "NoWelcomeScreen" = (REG_DWORD) hex:0x00000001
    {unrecognized setting}

    "NoAutoUpdate" = (REG_DWORD) hex:0x00000001
    {User Configuration|Administrative Templates|System|
    Windows Automatic Updates}

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

    "NoCDBurning" = (REG_DWORD) hex:0x00000001
    {unrecognized setting}

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

    "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    Shutdown: Allow system to be shut down without having to log on}

    "undockwithoutlogon" = (REG_DWORD) hex:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    Devices: Allow undock without having to log on}


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop may be disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
    "Wallpaper" = "C:\WINDOWS\web\wallpaper\Colline verdoyante.bmp"

    Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\WINDOWS\web\wallpaper\Colline verdoyante.bmp"


    Enabled Screen Saver:
    ---------------------

    HKCU\Control Panel\Desktop\
    "SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    C:\WINDOWS\system32\izehtajphhpop.dll [null data], 01 - 13, 27
    %SystemRoot%\system32\mswsock.dll [MS], 14 - 16, 19 - 26
    %SystemRoot%\system32\rsvpsp.dll [MS], 17 - 18


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
    -> {HKLM...CLSID} = "Yahoo! Toolbar"
    \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
    "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
    -> {HKLM...CLSID} = "MSN"
    \InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll" [MS]

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
    -> {HKLM...CLSID} = "Yahoo! Toolbar"
    \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
    "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"
    -> {HKLM...CLSID} = "MSN"
    \InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll" [MS]

    Explorer Bars

    HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

    HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo"
    Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
    InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string]

    HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class"
    Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
    InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string]

    HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo"
    Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
    InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string]

    HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Rechercher"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {92780B25-18CC-41C8-B9BE-3C9C571A8263}\
    "ButtonText" = "Recherche"


    Miscellaneous IE Hijack Points
    ------------------------------

    C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

    Added lines (compared with English-language version):
    [Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

    Missing lines (compared with English-language version):
    [Strings]: 1 line

    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
    <<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)
    -> {HKLM...CLSID} = "Search Class"
    \InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\SEARCH~1.DLL" [empty string]


    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    Acronis Scheduler2 Service, AcrSch2Svc, "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe" ["Acronis"]
    avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
    avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
    avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
    avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
    France Telecom Routing Table Service, FTRTSVC, "C:\WINDOWS\System32\FTRTSVC.exe" ["France Telecom"]
    InCD Helper, InCDsrv, "C:\Program Files\Ahead\InCD\InCDsrv.exe" ["Nero AG"]
    LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]
    Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
    Moteur Webroot Spy Sweeper, WebrootSpySweeperService, ""C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"" ["Webroot Software, Inc."]


    Print Monitors:
    ---------------

    HKLM\System\CurrentControlSet\Control\Print\Monitors\
    EPSON Stylus D88 Series 2KMonitor5E\Driver = "E_FLMABE.DLL" ["SEIKO EPSON CORPORATION"]
    Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


    ----------
    <<!>>: Suspicious data at a malware launch point.
    <<H>>: Suspicious data at a browser hijack point.

    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + To search all directories of local fixed drives for DESKTOP.INI
    DLL launch points, use the -supp parameter or answer "No" at the
    first message box and "Yes" at the second message box.
    ---------- (total run time: 239 seconds, including 18 seconds for message boxes)
    a b 8 Sécurité
    18 Avril 2007 18:23:36

    Internet fonctionne chez toi ?
    18 Avril 2007 18:29:31

    oui pas de probleme !! sinon j'pourrais pas te parler
        • 1 / 2
        • 2
        • Dernier
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS