Votre question

probleme msasvc.exe impossible a effacer

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
24 Janvier 2007 19:27:48

Apres avoir fais un log hijackthis, je repere un fichier dangereux.
donc je le choisi et le supprime avec Hijackthis mais aprs le 2eme log il est toujours la.
Comment le supprimer definitivement

je poste le log hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 19:18:40, on 24/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Inventel\Gateway\WLANCFG.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Jérémy\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WLANCfg545] C:\Program Files\Inventel\Gateway\WLANCFG.EXE
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [MMAgent] C:\Program Files\Mobile Master\MMAgent.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED4AFBA4-F4A0-46C8-92E8-93C5F40AD44A}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

merci de votre aide.

Autres pages sur : probleme msasvc exe impossible effacer

a b 8 Sécurité
24 Janvier 2007 19:34:10

Bonjour !!!

Un service infectieux.

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.

Redémarre en mode sans échec

  • Ouvre le dossier SDFix qui vient d'être créé à la racine de ton dique dur (C:) et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis.
    24 Janvier 2007 21:04:29

    dsl du retard pour la reponse
    voici le report


    SDFix: Version 1.62

    24/01/2007 - 20:57:34,76

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Name:
    MsaSvc

    Path:
    C:\WINDOWS\system32\msasvc.exe

    MsaSvc Deleted

    Restoring Windows Registry Entries
    Restoring Default Hosts File


    Rebooting...

    Normal Mode:
    Checking Files:

    Files will be copied to Backups folder and removed:

    C:\WINDOWS\Installer\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}\_SHCT_

    Sprint.exe.exe - Deleted



    Alternate Streams Check:

    C:\WINDOWS\system32
    No streams found.

    Final Check:

    Remaining Services:
    ------------------

    Rootkit PE386 Found!

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess

    \Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\

    List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe

    :*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program

    Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger

    8.0"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program

    Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger

    8.0 (Phone)"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program

    Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\Steam\\Steam.exe"="C:\\Program

    Files\\Steam\\Steam.exe:*:Enabled:Steam"
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program

    Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
    "C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program

    Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
    "C:\\Program Files\\Teamspeak2_RC2\\TeamSpeak.exe"="C:\\Program

    Files\\Teamspeak2_RC2\\TeamSpeak.exe:*:Enabled:Teamspeak RC2"
    "C:\\Program Files\\WinRAR\\WinRAR.exe"="C:\\Program

    Files\\WinRAR\\WinRAR.exe:*:Enabled:WinRAR"
    "C:\\Program

    Files\\Steam\\steamapps\\phamtom92\\counter-strike\\hl.exe"="C:\\P

    rogram

    Files\\Steam\\steamapps\\phamtom92\\counter-strike\\hl.exe:*:Enabl

    ed:Half-Life Launcher"
    "C:\\Program Files\\Inventel\\Gateway\\WLANCFG.EXE"="C:\\Program

    Files\\Inventel\\Gateway\\WLANCFG.EXE:*:Enabled:Gestionnaire de

    liaison sans fil"
    "C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program

    Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVU Player Component"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program

    Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network

    Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\WINDOWS\\scvhost.exe"="C:\\WINDOWS\\scvhost.exe:*:Enabled:Mic

    rosoft Windows"
    "C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program

    Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program

    Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess

    \Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\Li

    st]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe

    :*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program

    Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger

    8.0"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program

    Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger

    8.0 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network

    Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


    Remaining Files:
    ---------------

    Backups Folder: - C:\SDFix\backups\backups.zip


    Checking For Files with Hidden Attributes :

    C:\NTDETECT.COM
    C:\WINDOWS\system32\avisynth.dll
    C:\WINDOWS\system32\AVSredirect.dll
    C:\WINDOWS\system32\cygwin1.dll
    C:\WINDOWS\system32\cygz.dll
    C:\WINDOWS\system32\i420vfw.dll
    C:\WINDOWS\system32\Smab.dll
    C:\i386\cdplayer.exe.manifest
    C:\i386\logonui.exe.manifest
    C:\WINDOWS\meta4.exe
    C:\WINDOWS\MOTA113.exe
    C:\WINDOWS\x2.64.exe
    C:\WINDOWS\system32\cdplayer.exe.manifest
    C:\WINDOWS\system32\logonui.exe.manifest
    C:\WINDOWS\system32\x.264.exe
    C:\IO.SYS
    C:\MSDOS.SYS
    C:\pagefile.sys
    C:\WINDOWS\LastGood.Tmp\INF\oem114.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem114.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem115.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem115.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem116.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem116.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem117.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem117.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem118.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem118.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem119.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem119.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem120.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem120.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem121.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem121.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem122.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem122.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem123.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem123.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem124.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem124.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem125.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem125.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem126.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem126.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem127.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem127.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem128.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem128.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem129.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem129.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem130.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem130.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem131.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem131.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem132.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem132.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem133.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem133.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem134.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem134.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem135.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem135.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem136.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem136.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem137.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem137.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem138.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem138.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem139.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem139.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem140.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem140.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem141.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem141.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem142.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem142.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem143.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem143.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem144.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem144.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem145.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem145.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem146.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem146.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem147.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem147.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem148.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem148.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem149.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem149.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem150.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem150.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem151.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem151.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem152.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem152.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem153.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem153.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem154.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem154.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem155.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem155.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem156.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem156.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem157.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem157.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem158.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem158.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem159.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem159.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem160.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem160.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem161.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem161.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem162.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem162.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem163.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem163.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem164.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem164.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem165.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem165.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem166.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem166.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem167.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem167.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem168.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem168.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem169.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem169.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem170.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem170.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem171.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem171.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem172.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem172.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem173.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem173.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem174.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem174.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem175.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem175.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem176.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem176.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem177.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem177.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem178.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem178.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem179.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem179.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem180.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem180.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem181.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem181.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem182.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem182.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem183.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem183.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem184.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem184.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem185.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem185.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem186.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem186.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem187.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem187.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem188.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem188.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem189.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem189.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem190.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem190.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem191.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem191.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem192.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem192.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem193.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem193.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem194.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem194.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem195.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem195.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem196.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem196.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem197.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem197.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem198.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem198.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem199.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem199.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem200.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem200.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem201.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem201.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem202.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem202.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem203.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem203.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem204.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem204.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem205.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem205.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem206.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem206.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem207.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem207.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem208.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem208.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem209.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem209.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem210.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem210.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem211.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem211.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem212.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem212.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem213.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem213.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem214.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem214.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem215.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem215.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem216.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem216.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem217.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem217.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem218.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem218.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem219.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem219.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem220.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem220.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem221.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem221.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem222.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem222.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem223.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem223.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem224.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem224.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem225.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem225.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem226.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem226.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem227.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem227.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem228.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem228.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem229.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem229.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem230.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem230.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem231.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem231.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem232.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem232.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem233.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem233.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem234.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem234.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem235.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem235.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem236.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem236.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem237.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem237.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem238.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem238.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem239.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem239.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem240.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem240.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem241.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem241.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem242.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem242.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem243.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem243.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem244.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem244.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem245.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem245.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem246.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem246.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem247.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem247.PNF
    C:\WINDOWS\LastGood.Tmp\INF\oem248.inf
    C:\WINDOWS\LastGood.Tmp\INF\oem248.PNF

    Finished
    et le log hijackthis

    Logfile of HijackThis v1.99.1
    Scan saved at 21:03:22, on 24/01/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\system32\svchost.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Inventel\Gateway\WLANCFG.EXE
    C:\program files\steam\steam.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    C:\Documents and Settings\Jérémy\Bureau\HiJackThis.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [WLANCfg545] C:\Program Files\Inventel\Gateway\WLANCFG.EXE
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [MMAgent] C:\Program Files\Mobile Master\MMAgent.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ED4AFBA4-F4A0-46C8-92E8-93C5F40AD44A}: NameServer = 192.168.1.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

    Contenus similaires
    a b 8 Sécurité
    24 Janvier 2007 21:06:52

    Re,

    Télécharge puis installe AVG Anti-Spyware (AVG AS)
    Une fois AVG AS lancé, clique sur "Mise à jour"
    Ferme le programme.
    AIDE : Tuto sur AVG Antispyware (Malekal)

    Redémarre en mode sans échec

    Relance AVG AS puis choisis l'onglet "Analyse"
    Puis l'onglet "Paramètres"
    Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
    Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

    /!\ Si un fichier est infecté en fin d'analyse /!\
    Clique sur "Appliquer toutes les actions "

    Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
    Enregistre ce fichier texte sur ton bureau.

    Redémarre normalement
    Copie/Colle le rapport AVG AS ainsi qu'un rapport Hijackthis.
    24 Janvier 2007 21:13:46

    j'ai un probleme avec la mise a jour
    il me dit : sorry, the server is not ready to serve. Please try again later
    a b 8 Sécurité
    24 Janvier 2007 21:15:46

    Continue quand même.
    24 Janvier 2007 22:43:31

    qu'est ce que c'etat long !!

    log avg as
    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 22:37:26 24/01/2007

    + Résultat de l'analyse:



    C:\Program Files\SlySoft\CloneDVDmobile\CloneDVDmobile1.1.x.xPatch.exe -> Downloader.Delf.aup : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\Jérémy\Local Settings\Application Data\Mozilla\Firefox\Profiles\9nuv0z9q.default\Cache(4)\32062957d01 -> Not-A-Virus.Hacktool.EvID : Nettoyé et sauvegardé (mise en quarantaine).


    Fin du rapport

    et le log hijackthis

    Logfile of HijackThis v1.99.1
    Scan saved at 22:41:11, on 24/01/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\cisvc.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    C:\WINDOWS\system32\svchost.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Inventel\Gateway\WLANCFG.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\program files\steam\steam.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Jérémy\Bureau\HiJackThis.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [WLANCfg545] C:\Program Files\Inventel\Gateway\WLANCFG.EXE
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [MMAgent] C:\Program Files\Mobile Master\MMAgent.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ED4AFBA4-F4A0-46C8-92E8-93C5F40AD44A}: NameServer = 192.168.1.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

    a b 8 Sécurité
    25 Janvier 2007 12:11:44

    Re,

  • Fais un scan en ligne Kaspersky avec Internet Explorer :
  • Clique sur
  • Clique maintenant sur J'accepte.
  • Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
  • Patiente pendant l'installation des Mises à jour.
  • Choisis par la suite l'analyse du Poste de travail
  • Sauvegarde puis colle le rapport généré en fin d'analyse.

    AIDE : Configurer le contrôle des ActiveX

    NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS