Fenêtres CiD [Résolu]

Salut

Télécharge ceci sur ton bureau :

Lien : hijackthis

Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm

Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.


++

Voila le rapport ,

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:16:54, on 22/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\StudioLine Photo Basic\NMSAccess.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\sandra\Mes documents\praud.sandra\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Locks meet army knob] C:\Documents and Settings\All Users\Application Data\DVD BEEP LOCKS MEET\Bits Locks.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user')
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O16 - DPF: Interface Chat Wanadoo - http://chat4.x-echo.com/version8/Applet/wchatsign.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5EEF8307-79EB-4EFB-8428-AB4F2B79714E}: NameServer = 80.10.246.1 80.10.246.132
O20 - AppInit_DLLs: 87.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Basic\NMSAccess.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

Salut

ok,

Télécharge LopXPMH sur ton Bureau.
http://www.alt-shift-return.org/Info/Fichiers/lopxpMH2.zip

Dézippe-le et double clique sur le fichier lopxpMH.bat.
Poste le contenu du rapport qui va s'ouvrir.

++

++

De nouveau le rapport,

Rapport lopxpMH2 version 2.0 fait à 14:21:53,26 le 22/05/2007
C:\Documents and Settings\sandra\Mes documents\praud.sandra\lopxpMH2

******************************************
## Répertoires Application Data

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 8008-2755

Répertoire de C:\Documents and Settings\Administrateur\Application Data

16/04/2007 16:51 <REP> .
16/04/2007 16:51 <REP> ..
16/04/2007 16:51 <REP> Microsoft
16/04/2007 16:51 62 desktop.ini
1 fichier(s) 62 octets
3 Rép(s) 17 666 019 328 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 8008-2755

Répertoire de C:\Documents and Settings\Administrateur\Local Settings\Application Data

16/04/2007 16:51 <REP> .
16/04/2007 16:51 <REP> ..
16/04/2007 16:51 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 17 666 015 232 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 8008-2755

Répertoire de C:\Documents and Settings\adrien

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 8008-2755

Répertoire de C:\Documents and Settings\All Users\Application Data

19/01/2006 18:27 <REP> .
19/01/2006 18:27 <REP> ..
09/02/2006 21:17 <REP> ACD Systems
07/03/2007 11:49 <REP> Adobe
31/05/2006 21:16 <REP> Apple Computer
09/09/2006 14:38 <REP> Droppix
19/02/2007 20:39 <REP> DVD BEEP LOCKS MEET
12/11/2006 12:40 <REP> element5
15/09/2006 21:53 <REP> Google
12/02/2006 16:01 <REP> Kodak
09/05/2007 19:45 <REP> Messenger Plus!
19/01/2006 18:27 <REP> Microsoft
29/04/2006 22:38 <REP> MSN6
14/01/2007 01:26 <REP> pixelStorm
09/02/2006 21:15 <REP> QuickTime
11/06/2006 21:01 <REP> Spybot - Search & Destroy
19/01/2006 18:50 <REP> Symantec
21/10/2006 12:10 <REP> Trymedia
21/01/2006 15:29 <REP> Windows Genuine Advantage
19/10/2006 20:03 <REP> Windows Live Toolbar
19/01/2006 18:28 62 desktop.ini
18/06/2006 18:15 1 763 QTSBandwidthCache
2 fichier(s) 1 825 octets
20 Rép(s) 17 666 015 232 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 8008-2755

Répertoire de C:\Documents and Settings\Default User\Application Data

19/01/2006 18:27 <REP> .
19/01/2006 18:27 <REP> ..
19/01/2006 18:27 <REP> Microsoft
19/01/2006 18:28 62 desktop.ini
1 fichier(s) 62 octets
3 Rép(s) 17 666 015 232 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 8008-2755

Répertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

19/01/2006 18:28 <REP> .
19/01/2006 18:28 <REP> ..
0 fichier(s) 0 octets
2 Rép(s) 17 666 015 232 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 8008-2755

Répertoire de C:\Documents and Settings\LocalService\Application Data

19/01/2006 18:43 <REP> .
19/01/2006 18:43 <REP> ..
22/04/2007 21:14 <REP> Google
22/04/2007 21:38 <REP> Macromedia
19/01/2006 18:43 <REP> Microsoft
0 fichier(s) 0 octets
5 Rép(s) 17 666 015 232 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 8008-2755

Répertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data

19/01/2006 18:43 <REP> .
19/01/2006 18:43 <REP> ..
22/04/2007 21:14 <REP> Google
19/01/2006 18:43 <REP> Microsoft
0 fichier(s) 0 octets
4 Rép(s) 17 666 011 136 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 8008-2755

Répertoire de C:\Documents and Settings\NetworkService\Application Data

19/01/2006 18:43 <REP> .
19/01/2006 18:43 <REP> ..
08/08/2006 18:09 <REP> Help
12/03/2006 15:34 <REP> Macromedia
19/01/2006 18:43 <REP> Microsoft
21/01/2006 15:15 <REP> Symantec
0 fichier(s) 0 octets
6 Rép(s) 17 666 011 136 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 8008-2755

Répertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data

19/01/2006 18:43 <REP> .
19/01/2006 18:43 <REP> ..
08/08/2006 18:09 <REP> Help
19/01/2006 18:43 <REP> Microsoft
0 fichier(s) 0 octets
4 Rép(s) 17 666 011 136 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 8008-2755

Répertoire de C:\Documents and Settings\patricia\Application Data

19/01/2006 18:46 <REP> .
19/01/2006 18:46 <REP> ..
14/01/2007 12:45 <REP> ACD Systems
25/01/2006 19:47 <REP> Adobe
19/01/2006 21:17 <REP> ATI
14/02/2006 17:48 <REP> Google
25/01/2006 19:28 <REP> Help
19/01/2006 18:47 <REP> Identities
29/05/2006 18:18 <REP> LG Electronics
22/01/2006 14:42 <REP> Macromedia
19/01/2006 18:46 <REP> Microsoft
19/01/2006 18:50 <REP> Symantec
22/01/2006 17:31 <REP> Template
19/01/2006 18:46 62 desktop.ini
1 fichier(s) 62 octets
13 Rép(s) 17 666 011 136 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 8008-2755

Répertoire de C:\Documents and Settings\patricia\Local Settings\Application Data

19/01/2006 18:46 <REP> .
19/01/2006 18:46 <REP> ..
25/01/2006 19:47 <REP> Adobe
19/01/2006 20:57 <REP> ApplicationHistory
19/01/2006 21:17 <REP> ATI
16/09/2006 15:27 <REP> Google
25/01/2006 19:28 <REP> Help
22/01/2006 14:53 <REP> Identities
19/01/2006 18:46 <REP> Microsoft
14/01/2007 12:45 3 584 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
19/01/2006 20:57 131 fusioncache.dat
19/01/2006 20:50 48 320 GDIPFONTCACHEV1.DAT
11/11/2006 12:57 3 801 132 IconCache.db
4 fichier(s) 3 853 167 octets
9 Rép(s) 17 666 011 136 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 8008-2755

Répertoire de C:\Documents and Settings\sandra\Application Data

21/01/2006 14:05 <REP> .
21/01/2006 14:05 <REP> ..
20/07/2006 19:49 <REP> ACD Systems
21/01/2006 21:19 <REP> Adobe
17/02/2006 21:32 <REP> AdobeUM
01/06/2006 19:08 <REP> Apple Computer
21/01/2006 14:06 <REP> ATI
07/03/2007 11:11 <REP> CyberLink
06/01/2007 21:59 <REP> DivX
16/09/2006 10:50 <REP> Google
24/02/2006 13:56 <REP> Help
21/01/2006 14:05 <REP> Identities
18/07/2006 19:41 <REP> InterVideo
30/05/2006 23:13 <REP> Lavasoft
26/05/2006 19:39 <REP> LG Electronics
22/01/2006 13:57 <REP> Macromedia
21/01/2006 14:05 <REP> Microsoft
22/02/2006 14:35 <REP> OpenOffice.org2
24/04/2006 13:00 <REP> Roadnavdata
23/12/2006 14:48 <REP> Sun
21/01/2006 14:19 <REP> Symantec
19/02/2006 14:00 <REP> Template
21/01/2006 14:05 62 desktop.ini
1 fichier(s) 62 octets
22 Rép(s) 17 666 007 040 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 8008-2755

Répertoire de C:\Documents and Settings\sandra\Local Settings\Application Data

21/01/2006 14:05 <REP> .
21/01/2006 14:05 <REP> ..
21/01/2006 21:19 <REP> Adobe
01/06/2006 19:08 <REP> Apple Computer
21/01/2006 14:06 <REP> ApplicationHistory
21/01/2006 14:06 <REP> ATI
16/09/2006 10:50 <REP> Google
24/02/2006 13:56 <REP> Help
21/01/2006 14:09 <REP> Identities
16/04/2006 10:59 <REP> Logitech-LS
21/01/2006 14:05 <REP> Microsoft
20/04/2006 20:32 <REP> WMTools Downloaded Files
21/02/2006 13:30 44 032 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
21/01/2006 14:06 129 fusioncache.dat
21/01/2006 14:05 48 320 GDIPFONTCACHEV1.DAT
16/12/2006 14:30 5 911 660 IconCache.db
4 fichier(s) 6 004 141 octets
12 Rép(s) 17 666 007 040 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 8008-2755

Répertoire de C:\Documents and Settings\serge\Application Data

22/01/2006 20:35 <REP> .
22/01/2006 20:35 <REP> ..
09/02/2006 21:26 <REP> ACD Systems
26/02/2006 15:46 <REP> Adobe
26/02/2006 15:46 <REP> AdobeUM
31/05/2006 21:15 <REP> Apple Computer
22/01/2006 20:36 <REP> ATI
07/01/2007 12:14 <REP> DivX
02/10/2006 20:03 <REP> Droppix
20/04/2006 21:57 <REP> FotoWire
25/10/2006 06:33 <REP> Google
04/04/2006 18:15 <REP> Help
22/01/2006 20:35 <REP> Identities
02/06/2006 21:11 <REP> InstallShield Installation Information
03/03/2006 20:46 <REP> InterVideo
05/02/2006 12:25 <REP> La Bataille pour la Terre du Milieu
15/03/2006 19:15 <REP> La Bataille pour la Terre du Milieu ™ II
31/05/2006 10:07 <REP> Lavasoft
02/04/2006 14:29 <REP> Leadertech
26/05/2006 18:41 <REP> LG Electronics
22/01/2006 20:40 <REP> Macromedia
22/01/2006 20:35 <REP> Microsoft
29/04/2006 22:38 <REP> MSN6
12/02/2006 17:22 <REP> My Games
18/05/2006 21:22 <REP> OpenOffice.org2
06/04/2006 19:13 <REP> Roadnavdata
24/01/2006 21:40 <REP> Template
22/01/2006 20:35 62 desktop.ini
1 fichier(s) 62 octets
27 Rép(s) 17 666 007 040 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 8008-2755

Répertoire de C:\Documents and Settings\serge\Local Settings\Application Data

22/01/2006 20:35 <REP> .
22/01/2006 20:35 <REP> ..
26/02/2006 15:46 <REP> Adobe
31/05/2006 21:15 <REP> Apple Computer
22/01/2006 20:36 <REP> ApplicationHistory
22/01/2006 20:36 <REP> ATI
11/02/2006 21:45 <REP> Google
04/04/2006 18:15 <REP> Help
22/01/2006 20:41 <REP> Identities
19/04/2006 16:55 <REP> Logitech-LS
22/01/2006 20:35 <REP> Microsoft
23/01/2006 13:55 <REP> NFS Underground 2
20/05/2006 15:56 <REP> Shareaza
02/03/2006 19:33 <REP> WMTools Downloaded Files
09/02/2006 21:26 122 368 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
22/01/2006 20:36 128 fusioncache.dat
22/01/2006 20:35 48 320 GDIPFONTCACHEV1.DAT
04/02/2007 16:48 2 689 334 IconCache.db
4 fichier(s) 2 860 150 octets
14 Rép(s) 17 666 002 944 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 8008-2755

Répertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

19/01/2006 18:41 <REP> .
19/01/2006 18:41 <REP> ..
19/01/2006 18:41 <REP> Microsoft
19/01/2006 18:41 62 desktop.ini
1 fichier(s) 62 octets
3 Rép(s) 17 666 002 944 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 8008-2755

Répertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

19/01/2006 18:41 <REP> .
19/01/2006 18:41 <REP> ..
19/01/2006 20:50 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 17 666 002 944 octets libres

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks


C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


ul`šÃünL¿jqLGÈF ê <
s  €!×    % : C : \ P r o g r a m F i l e s \ A p p l e S o f t w a r e U p d a t e \ S o f t w a r e U p d a t e . e x e  - T a s k  S Y S T E M 
0 Ö


C:\WINDOWS\Tasks\Vérifier
Vérifier inexploitable

******************************************
## Répertoires de C:\Program Files

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 8008-2755

Répertoire de C:\Program Files

11/05/2007 21:33 <REP> .
11/05/2007 21:33 <REP> ..
26/10/2006 12:53 <REP> 2D and 3D Animator
09/02/2006 21:17 <REP> ACD Systems
21/01/2006 21:15 <REP> Adobe
21/04/2006 11:49 <REP> Ahead
15/12/2006 17:06 <REP> Alcohol Soft
24/12/2006 15:40 <REP> Alwil Software
25/08/2006 20:20 <REP> Animoids
05/11/2006 16:51 <REP> Apple Software Update
12/11/2006 12:36 <REP> ArcSoft
19/01/2006 21:10 <REP> ATI Technologies
12/11/2006 01:05 <REP> AVSMedia
18/01/2007 22:03 <REP> Boonty
18/01/2007 22:02 <REP> BoontyGames
28/12/2006 20:45 <REP> CalMaker
06/05/2007 12:53 <REP> CCleaner
13/10/2006 15:49 <REP> City Interactive
31/03/2006 18:48 <REP> Common Files
19/01/2006 18:36 <REP> ComPlus Applications
20/02/2007 21:41 <REP> CyberLink
20/02/2007 21:42 <REP> CyberLink DVD Solution
01/10/2006 16:33 <REP> Desktop Sidebar
20/02/2007 21:44 <REP> Digital Photo Navigator 1.0
08/11/2006 00:04 <REP> DivX
30/12/2006 12:14 <REP> EA GAMES
25/08/2006 20:16 <REP> EA SPORTS
29/12/2006 14:13 <REP> Electronic Arts
25/08/2006 20:18 <REP> eMule
21/10/2006 13:19 <REP> Enlight
24/12/2006 21:21 <REP> ETIQUETT
07/03/2007 11:49 <REP> Fichiers communs
12/02/2006 17:19 <REP> Firaxis Games
11/04/2007 09:52 <REP> Free Download Manager
11/03/2006 13:25 <REP> Giant
28/01/2007 11:07 <REP> Google
16/04/2007 17:14 <REP> Grisoft
04/02/2006 21:32 <REP> HardwareDetection
19/01/2006 19:05 <REP> Hewlett-Packard
18/06/2006 18:53 <REP> HIP GAMES
22/11/2006 20:16 <REP> honestech Video Editor 7.0 Trial
19/01/2006 19:05 <REP> hp deskjet 5550 series
07/04/2007 11:39 <REP> IDENCIG
11/02/2006 15:43 <REP> IFH
30/05/2006 16:50 <REP> Infogrames
16/01/2007 19:20 <REP> InterActual
08/05/2007 23:42 <REP> Internet Explorer
05/11/2006 16:56 <REP> iPod
05/11/2006 16:57 <REP> iTunes
22/07/2006 20:41 <REP> Java
24/12/2006 18:34 <REP> JeCreeMaCuisineAvecLeroyMerlin
12/02/2006 16:05 <REP> Kodak
18/11/2006 22:00 <REP> Lavasoft
26/05/2006 18:40 <REP> LG Electronics
26/05/2006 18:40 <REP> LG PC Suite
26/03/2007 19:49 <REP> LimeWire
20/04/2006 21:57 <REP> Logitech
03/02/2006 19:09 <REP> LucasArts
14/08/2006 19:00 <REP> Magicbit
21/01/2006 15:04 <REP> Messenger
17/05/2007 13:23 <REP> Messenger Plus! Live
08/05/2007 23:42 <REP> Microsoft CAPICOM 2.1.0.2
03/02/2007 21:43 <REP> Microsoft Encarta
19/01/2006 18:40 <REP> microsoft frontpage
29/12/2006 14:08 <REP> Microsoft Games
18/02/2006 14:44 <REP> Microsoft Office
21/01/2006 14:47 <REP> Microsoft Works
24/12/2006 15:46 <REP> Mnjj
19/02/2007 22:54 <REP> Movie Maker
10/12/2006 20:16 <REP> MP3 Player Utilities
10/12/2006 20:15 <REP> MP3 Player Utilities 3.67
28/02/2007 20:27 <REP> Mplayer
19/01/2006 18:36 <REP> MSN
21/01/2006 14:59 <REP> MSN Apps
19/01/2006 18:36 <REP> MSN Gaming Zone
09/05/2007 19:45 <REP> MSN Messenger
15/11/2006 23:48 <REP> MSXML 4.0
08/10/2006 18:26 <REP> MVAPPS
19/01/2006 20:39 <REP> NetMeeting
24/12/2006 15:32 <REP> Norton AntiVirus
02/04/2006 14:26 <REP> NovaLogic
22/02/2006 14:34 <REP> OpenOffice.org 2.0
17/12/2006 13:01 <REP> Outlook Express
21/10/2006 13:47 <REP> PANZERS - Phase II - Demo (Tunis)
20/01/2007 10:49 <REP> PCFriendly
09/03/2007 20:57 <REP> Quake III Arena
05/11/2006 16:54 <REP> QuickTime
04/02/2006 22:48 <REP> Realtek AC97
21/10/2006 13:05 <REP> REVOgames
15/12/2006 17:20 <REP> Rockstar Games
19/01/2006 18:56 <REP> SAGEM
18/04/2007 00:01 <REP> seconddrawwin
09/04/2007 12:57 <REP> Serif
30/11/2006 23:41 <REP> Serious Sam 2 Demo
17/03/2007 01:40 <REP> Shareaza
10/02/2006 19:53 <REP> Sigmatel
25/04/2007 19:26 <REP> Spybot - Search & Destroy
01/10/2006 20:31 <REP> Stargate SG1
21/05/2007 16:19 <REP> Steam
18/02/2007 23:05 <REP> StudioLine Photo Basic
06/09/2006 18:39 <REP> SWiSHpix
18/01/2007 22:07 <REP> TerraGame
30/12/2006 12:16 <REP> THQ
09/05/2006 18:15 <REP> Ubisoft
25/01/2006 19:28 <REP> Ulead iPhoto Express
10/08/2004 00:30 40 960 Uninstall_CDS.exe
06/09/2006 18:44 <REP> VCW VicMan's Photo Editor
31/05/2006 12:17 <REP> Visualisateur
22/05/2007 12:52 <REP> Wanadoo
19/01/2006 18:56 <REP> Wanadoo Messager
31/03/2007 13:47 <REP> Winamp
11/05/2007 21:33 <REP> Windows Live Safety Center
08/11/2006 00:34 <REP> Windows Live Toolbar
18/02/2007 21:45 <REP> Windows Media Connect 2
18/12/2006 19:30 <REP> Windows Media Player
19/01/2006 20:39 <REP> Windows NT
28/02/2007 21:28 <REP> WinRAR
19/01/2006 18:40 <REP> xerox
14/08/2006 01:30 <REP> Xilisoft
1 fichier(s) 40 960 octets
118 Rép(s) 17 665 986 560 octets libres

******************************************
## Popups autorisées

* Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
*.windowsupdate.microsoft.com REG_BINARY

* Mozilla Firefox (1 autorisé 2 interdit)

******************************************
## Registre

* [HKEY_CURRENT_USER\\Software\Microsoft\Internet Explorer\Main]
Search Bar REG_SZ http://www.wanadoo.fr/go/page_recherche/

* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Locks meet army knob REG_SZ C:\Documents and Settings\All Users\Application Data\DVD BEEP LOCKS MEET\Bits Locks.exe

******************************************
## Zones de sécurité

* HKCU Domains (4)

* P3P History (5)

******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"


*************** Fin du rapport ****************

Salut

Lancer HijackThis et cliquer sur [Do a system scan only]
cocher la case au début des lignes suivantes :

R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [Locks meet army knob] C:\Documents and Settings\All Users\Application Data\DVD BEEP LOCKS MEET\Bits Locks.exe

valider en cliquant sur le bouton [fix checked]

ensuite, fais les manips de ce lien stp :

virus methode preliminaire de desinfection version fr

@+

voici le rapport du scan avec AVG Anti spyware :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 18:18:02 23/05/2007

+ Résultat de l'analyse:



C:\System Volume Information\_restore{15E153E2-A2DE-4546-9AFE-413312D5DAEB}\RP442\A0147057.exe -> Adware.Beginto : Nettoyé.
C:\System Volume Information\_restore{15E153E2-A2DE-4546-9AFE-413312D5DAEB}\RP442\A0147058.dll -> Adware.Beginto : Nettoyé.
C:\Program Files\SWiSHpix\ScreenSaver.scr -> Heuristic.Win32.Dialer : Nettoyé.
C:\Documents and Settings\patricia\Cookies\patricia@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\patricia\Cookies\patricia@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\patricia\Cookies\patricia@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\patricia\Cookies\patricia@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\patricia\Cookies\patricia@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\patricia\Cookies\patricia@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\sandra\Cookies\sandra@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.


Fin du rapport

le rapport de bitdefender :

BitDefender Online Scanner



Scan report generated at: Wed, May 23, 2007 - 20:33:22





Scan path: A:\;C:\;D:\;E:\;F:\;







Statistics

Time
01:56:27

Files
401235

Folders
8520

Boot Sectors
2

Archives
5058

Packed Files
15003




Results

Identified Viruses
1

Infected Files
8

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
8




Engines Info

Virus Definitions
508051

Engine build
AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\All Users\Application Data\DVD BEEP LOCKS MEET\Bits Locks.exe
Infected with: Trojan.FatObfus.Gen

C:\Documents and Settings\All Users\Application Data\DVD BEEP LOCKS MEET\Bits Locks.exe
Disinfection failed

C:\Documents and Settings\All Users\Application Data\DVD BEEP LOCKS MEET\Bits Locks.exe
Deleted

C:\Documents and Settings\All Users\Application Data\DVD BEEP LOCKS MEET\hold about.exe
Infected with: Trojan.FatObfus.Gen

C:\Documents and Settings\All Users\Application Data\DVD BEEP LOCKS MEET\hold about.exe
Disinfection failed

C:\Documents and Settings\All Users\Application Data\DVD BEEP LOCKS MEET\hold about.exe
Deleted

C:\System Volume Information\_restore{15E153E2-A2DE-4546-9AFE-413312D5DAEB}\RP402\A0127529.exe
Infected with: Trojan.FatObfus.Gen

C:\System Volume Information\_restore{15E153E2-A2DE-4546-9AFE-413312D5DAEB}\RP402\A0127529.exe
Disinfection failed

C:\System Volume Information\_restore{15E153E2-A2DE-4546-9AFE-413312D5DAEB}\RP402\A0127529.exe
Deleted

C:\System Volume Information\_restore{15E153E2-A2DE-4546-9AFE-413312D5DAEB}\RP402\A0127530.exe
Infected with: Trojan.FatObfus.Gen

C:\System Volume Information\_restore{15E153E2-A2DE-4546-9AFE-413312D5DAEB}\RP402\A0127530.exe
Disinfection failed

C:\System Volume Information\_restore{15E153E2-A2DE-4546-9AFE-413312D5DAEB}\RP402\A0127530.exe
Deleted

C:\System Volume Information\_restore{15E153E2-A2DE-4546-9AFE-413312D5DAEB}\RP427\A0135875.exe
Infected with: Trojan.FatObfus.Gen

C:\System Volume Information\_restore{15E153E2-A2DE-4546-9AFE-413312D5DAEB}\RP427\A0135875.exe
Disinfection failed

C:\System Volume Information\_restore{15E153E2-A2DE-4546-9AFE-413312D5DAEB}\RP427\A0135875.exe
Deleted

C:\System Volume Information\_restore{15E153E2-A2DE-4546-9AFE-413312D5DAEB}\RP427\A0135876.exe
Infected with: Trojan.FatObfus.Gen

C:\System Volume Information\_restore{15E153E2-A2DE-4546-9AFE-413312D5DAEB}\RP427\A0135876.exe
Disinfection failed

C:\System Volume Information\_restore{15E153E2-A2DE-4546-9AFE-413312D5DAEB}\RP427\A0135876.exe
Deleted

C:\System Volume Information\_restore{15E153E2-A2DE-4546-9AFE-413312D5DAEB}\RP457\A0148632.exe
Infected with: Trojan.FatObfus.Gen

C:\System Volume Information\_restore{15E153E2-A2DE-4546-9AFE-413312D5DAEB}\RP457\A0148632.exe
Disinfection failed

C:\System Volume Information\_restore{15E153E2-A2DE-4546-9AFE-413312D5DAEB}\RP457\A0148632.exe
Deleted

C:\System Volume Information\_restore{15E153E2-A2DE-4546-9AFE-413312D5DAEB}\RP457\A0148633.exe
Infected with: Trojan.FatObfus.Gen

C:\System Volume Information\_restore{15E153E2-A2DE-4546-9AFE-413312D5DAEB}\RP457\A0148633.exe
Disinfection failed

C:\System Volume Information\_restore{15E153E2-A2DE-4546-9AFE-413312D5DAEB}\RP457\A0148633.exe
Deleted

BitDefender Online Scanner - Real Time Virus Report



Generated at: Wed, May 23, 2007 - 20:39:08


--------------------------------------------------------------------------------





Scan Info



Scanned Files
426079

Infected Files
8








Virus Detected



Trojan.FatObfus.Gen
8

et pour finir , celui de hijackThis :

Logfile of HijackThis v1.99.1
Scan saved at 20:44:38, on 23/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\StudioLine Photo Basic\NMSAccess.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Interface Chat Wanadoo - http://chat4.x-echo.com/version8/Applet/wchatsign.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5EEF8307-79EB-4EFB-8428-AB4F2B79714E}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: 87.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Basic\NMSAccess.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

Salut

où en sont tes soucis de pub ???

++

Salut

bien, dernier détail ...

Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe



O16 - DPF: Interface Chat Wanadoo - http://chat4.x-echo.com/version8/Applet/wchatsign.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab



O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab



repasse ccleaner et installe un parefeu !!! voir ici :

securite proteger un ordinateur contre les malwares d internet

@+

;-))

Salut ,
J'ai repassé HijackThis ainsi que ccleaner . J'ai installé ZoneAlarm avec succès la 2ème fois , car la 1ere fois j'ai eu un problème d'incompatibilité entre Avast et ZoneAlarm!

Merci !

++

de nada ! ;-)

++