cedriquet

re chercheur voici les log "Silent Runners.vbs", revision 36, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++} "Ibz" = "C:\WINDOWS\ibz.exe" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS] "WooCnxMon" = "C:\PROGRA~1\Wanadoo\CnxMon.exe" [empty string] "ccApp" = "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" ["Symantec Corporation"] "NAV CfgWiz" = "C:\Program Files\Fichiers communs\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"" ["Symantec Corporation"] "ccRegVfy" = "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" ["Symantec Corporation"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E2CDF40-419B-11D2-A5A1-002018648BA7}" = "AVG Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Grisoft\AVG6\avgse.dll" ["GRISOFT©SOFTWARE s.r.o."] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ INFECTION WARNING! "{12345678-0000-0010-8000-00AAFF6D2EA4}" = "Sysctl Desktop Handler" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\systr.dll" [file not found] Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssmypics.scr" [MS] Enabled Wallpaper and Active Desktop: ------------------------------------- Active Desktop is disabled. HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\cedric\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Startup items in "cedric" & "All Users" startup folders: -------------------------------------------------------- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage "DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe /W" [empty string] Enabled Scheduled Tasks: ------------------------ "Norton AntiVirus - Analyser mon ordinateur" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"] "Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {CLSID}\(Default) = "Yahoo! Compagnon" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_18_0.dll" ["Yahoo! Inc."] "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" -> {CLSID}\(Default) = "Norton AntiVirus" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" -> {CLSID}\(Default) = "MSN" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll" [file not found] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {CLSID}\(Default) = "Yahoo! Compagnon" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_18_0.dll" ["Yahoo! Inc."] "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" -> {CLSID}\(Default) = "Norton AntiVirus" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] Dormant Explorer Bars in "View, Explorer Bar" menu HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\ (Default) = "Volet Wanadoo" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string] HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\ (Default) = "ToolBand Class" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string] HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\ (Default) = "Volet Wanadoo" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string] Extensions (Tools menu items, main toolbar menu buttons) HKCU\Software\Microsoft\Internet Explorer\Extensions\ {1462651F-F4BA-4C76-A001-C4284D0FE16E}\ "ButtonText" = "Wanadoo" "Exec" = "http://www.wanadoo.fr" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."] Norton Personal Firewall Accounts Manager, NISUM, "C:\Program Files\Norton Personal Firewall\NISUM.EXE" ["Symantec Corporation"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"] Service Norton AntiVirus Auto-Protect, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"] Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"] Symantec Proxy Service, ccPxySvc, "C:\Program Files\Norton Personal Firewall\ccPxySvc.exe" ["Symantec Corporation"] Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"] ---------- This report excludes default entries except where indicated. To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. et pour Hijack ---------- Logfile of HijackThis v1.99.1 Scan saved at 01:19:29, on 18/05/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Personal Firewall\NISUM.EXE C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Norton Personal Firewall\ccPxySvc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\PROGRA~1\Wanadoo\CnxMon.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\WScript.exe C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jimbutt.com/stuffs/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Compagnon - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_18_0.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Fichiers communs\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: DSLMON.lnk = ? O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://downloads.winwise.fr/Common/npwwg.cab O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O23 - Service: AVG6 Service (AvgServ) - Unknown owner - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe bonne nuit cheucheur , moi aussi dodo

j'ai parler trop vite, juste j'envoie le message et internet ouvre la page sponsorisse par all trade et mediatickets JE CRAQQQQQQUUUUUUUUEEEEE tjrs avec le message erreur de windows ERROR 317 windows is corromped with spyware virus by port 8080 3128 mais que faire ? peu etre jeter mon PC?? aide moi pleaseee merci chercheur

je viens de faire ces nouvelles etapes. Le pble etait que mes dossier Content IE5 etait invible!! Pour le moment ca a l'air d'aller , par contre j'ai pas reussi a supprimer celui ci C:\WINDOWS\System32\systr.dll ni certain dll restant chezmon ancien antivirus AVG( mais pas trop grave je pense sauf si pble avec Norton , onverra) Merci encore pour ton aide , je te tiens au courant Chercheur, vraiment tres sympa!!!!! Cédric

Bonsoir chercheur merci pour ta reponse je fais de suite ce qui est ecrit etr je te mail.

salut Chercheur, j'ai recommence mais rien a faire , regardes ce scan chez panda c vraiment la galere, qu'en penses tu? Incident Statut Analyse Adware:Adware/GloboSearch No Désinfecté C:\WINDOWS\System32\systr.dll Adware:Adware/Gator No Désinfecté C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Gain Publishing Adware:Adware/MyWay No Désinfecté C:\Program Files\MyWay Adware:Adware/nCase No Désinfecté C:\WINDOWS\180ax.log Spyware:Spyware/AdClicker No Désinfecté C:\WINDOWS\usta32.ini Spyware:Spyware/ISTbar No Désinfecté Registre Windows Adware:Adware/SAHAgent No Désinfecté C:\WINDOWS\unstall.exe Adware:Adware/SearchAid No Désinfecté C:\iefeatslinstaller.log Adware:Adware/MediaTickets No Désinfecté Registre Windows Adware:Adware/Twain-Tech No Désinfecté C:\WINDOWS\inf\multimpp.inf Adware:Adware/SuperSpider No Désinfecté C:\WINDOWS\seksdialer.exe Spyware:Spyware/YourSiteBar No Désinfecté Registre Windows Adware:Adware/GloboSearch No Désinfecté C:\WINDOWS\System32\systr.dll Spyware:Spyware/Petro-Line No Désinfecté C:\Documents and Settings\cedric\Favoris\Sites about\Ab scissor.url Adware:Adware/CWS.Searchmeup No Désinfecté C:\WINDOWS\mstasks1.exe Adware:Adware/CWS.008k No Désinfecté C:\WINDOWS\IEFR.DLL Adware:Adware/P2PNetworking No Désinfecté Registre Windows Adware:Adware/Startpage.BBC No Désinfecté C:\w.exe Adware:Adware/Popuper No Désinfecté C:\Documents and Settings\cedric\Favoris\Spyware Removal.url Adware:Adware/MediaTickets No Désinfecté C:\backups\backup-20050517-093448-282.dll Adware:Adware/MediaTickets No Désinfecté C:\backups\backup-20050517-093448-282.inf Adware:Adware/PurityScan No Désinfecté C:\Documents and Settings\cedric\Application Data\houc.exe Spyware:Spyware/Petro-Line No Désinfecté C:\Documents and Settings\cedric\Favoris\Sites about\Ab scissor.url Spyware:Spyware/Petro-Line No Désinfecté C:\Documents and Settings\cedric\Favoris\Sites about\Broadband comparison.url Spyware:Spyware/Petro-Line No Désinfecté C:\Documents and Settings\cedric\Favoris\Sites about\Credit counseling.url Spyware:Spyware/Petro-Line No Désinfecté C:\Documents and Settings\cedric\Favoris\Sites about\Credit report.url Spyware:Spyware/Petro-Line No Désinfecté C:\Documents and Settings\cedric\Favoris\Sites about\Crm software.url Spyware:Spyware/Petro-Line No Désinfecté C:\Documents and Settings\cedric\Favoris\Sites about\Debt credit card.url Spyware:Spyware/Petro-Line No Désinfecté C:\Documents and Settings\cedric\Favoris\Sites about\Escorts.url Spyware:Spyware/Petro-Line No Désinfecté C:\Documents and Settings\cedric\Favoris\Sites about\Fha.url Spyware:Spyware/Petro-Line No Désinfecté C:\Documents and Settings\cedric\Favoris\Sites about\Health insurance.url Spyware:Spyware/Petro-Line No Désinfecté C:\Documents and Settings\cedric\Favoris\Sites about\Help desk software.url Spyware:Spyware/Petro-Line No Désinfecté C:\Documents and Settings\cedric\Favoris\Sites about\Insurance home.url Spyware:Spyware/Petro-Line No Désinfecté C:\Documents and Settings\cedric\Favoris\Sites about\Loan for debt consolidation.url Spyware:Spyware/Petro-Line No Désinfecté C:\Documents and Settings\cedric\Favoris\Sites about\Loan for people with bad credit.url Spyware:Spyware/Petro-Line No Désinfecté C:\Documents and Settings\cedric\Favoris\Sites about\Marketing email.url Spyware:Spyware/Petro-Line No Désinfecté C:\Documents and Settings\cedric\Favoris\Sites about\Mortgage insurance.url Spyware:Spyware/Petro-Line No Désinfecté C:\Documents and Settings\cedric\Favoris\Sites about\Mortgage life insurance.url Spyware:Spyware/Petro-Line No Désinfecté C:\Documents and Settings\cedric\Favoris\Sites about\Nevada corporations.url Spyware:Spyware/Petro-Line No Désinfecté C:\Documents and Settings\cedric\Favoris\Sites about\Online Betting Site.url Spyware:Spyware/Petro-Line No Désinfecté C:\Documents and Settings\cedric\Favoris\Sites about\Online gambling casino.url Spyware:Spyware/Petro-Line No Désinfecté C:\Documents and Settings\cedric\Favoris\Sites about\Online instant loan.url Spyware:Spyware/Petro-Line No Désinfecté C:\Documents and Settings\cedric\Favoris\Sites about\Order phentermine.url Spyware:Spyware/Petro-Line No Désinfecté C:\Documents and Settings\cedric\Favoris\Sites about\Payroll advance.url Spyware:Spyware/Petro-Line No Désinfecté C:\Documents and Settings\cedric\Favoris\Sites about\Personal loans online.url Spyware:Spyware/Petro-Line No Désinfecté C:\Documents and Settings\cedric\Favoris\Sites about\Personal loans with bad credit.url Spyware:Spyware/Petro-Line No Désinfecté C:\Documents and Settings\cedric\Favoris\Sites about\Prescription Drugs Rx Online.url Spyware:Spyware/Petro-Line No Désinfecté C:\Documents and Settings\cedric\Favoris\Sites about\Refinancing my mortgage.url Spyware:Spyware/Petro-Line No Désinfecté C:\Documents and Settings\cedric\Favoris\Sites about\Tahoe vacation rental.url Spyware:Spyware/Petro-Line No Désinfecté C:\Documents and Settings\cedric\Favoris\Sites about\Unsecured bad credit loans.url Spyware:Spyware/Petro-Line No Désinfecté C:\Documents and Settings\cedric\Favoris\Sites about\Videos.url Spyware:Spyware/Petro-Line No Désinfecté C:\Documents and Settings\cedric\Favoris\Sites about\What is hydrocodone.url Adware:Adware/Popuper No Désinfecté C:\Documents and Settings\cedric\Favoris\Spyware Removal.url Spyware:Spyware/Petro-Line No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\0X870J43\enter[1].cab Spyware:Spyware/ISTbar No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\0Z7JY81D\0006_regular[1].cab Virus:Trj/Small.GV No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\0Z7JY81D\KDgENWexySoI_ELlt8Tk[1].chm[1.htm] Virus:Trj/Small.GV No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\0Z7JY81D\KDgENWexySoI_ELlt8Tk[2].chm[1.htm] Virus:Trj/Small.GV No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\0Z7JY81D\KDgENWexySoI_ELlt8Tk[3].chm[1.htm] Virus:Trj/Multidropper.AAG No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\19L2Z79E\dropper[1].chm[dropper.exe] Virus:Exploit/CodeBase.S No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\19L2Z79E\dropper[1].chm[xx1.html] Virus:Trj/Multidropper.AAG No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\19L2Z79E\dropper[2].chm[dropper.exe] Virus:Exploit/CodeBase.S No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\19L2Z79E\dropper[2].chm[xx1.html] Virus:VBS/Psyme.C No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\19L2Z79E\EXPLOIT[1].CHM[exploit.htm] Adware:Adware/WUpd No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\19L2Z79E\laporno[1].htm Virus:Trj/Small.GV No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\49EN4TUR\RvLON7vtfaVm6YnFs5RL[1].chm[1.htm] Virus:Trj/Small.GV No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\49EN4TUR\RvLON7vtfaVm6YnFs5RL[2].chm[1.htm] Virus:Trj/Small.GV No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\49EN4TUR\RvLON7vtfaVm6YnFs5RL[3].chm[1.htm] Virus:Trj/Small.GV No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\CNVFMG5X\yIg1puF2HpcO2L0yNd6l[1].chm[1.htm] Virus:Trj/Small.GV No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\CNVFMG5X\yIg1puF2HpcO2L0yNd6l[2].chm[1.htm] Virus:Trj/Small.GV No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\CNVFMG5X\yIg1puF2HpcO2L0yNd6l[3].chm[1.htm] Spyware:Spyware/ISTbar No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\CXMNSHMN\0006_regular[1].cab Adware:Adware/Startpage.FA No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\CXMNSHMN\html[1].chm[html.exe] Adware:Adware/Startpage.FA No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\CXMNSHMN\html[2].chm[html.exe] Virus:Trj/Small.GV No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\CXMNSHMN\pcZmu_Fffzsx2HuyWzM[1].chm[1.htm] Virus:Trj/Small.GV No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\CXMNSHMN\pcZmu_Fffzsx2HuyWzM[2].chm[1.htm] Virus:Trj/Small.GV No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\CXMNSHMN\pcZmu_Fffzsx2HuyWzM[3].chm[1.htm] Virus:Trj/Downloader.CNU No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\CXMNSHMN\q[1].chm[file.exe] Virus:Trj/Downloader.CNU No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\CXMNSHMN\q[2].chm[file.exe] Adware:Adware/MediaTickets No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\F31BRXOW\MediaTicketsInstaller[1].cab Adware:Adware/MediaTickets No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\F31BRXOW\MediaTicketsInstaller[1].cab[MediaTicketsInstaller.ocx] Adware:Adware/MediaTickets No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\F31BRXOW\MediaTicketsInstaller[1].cab[MediaTicketsInstaller.INF] Adware:Adware/MediaTickets No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\GR9REEVP\MediaTicketsInstaller[1].cab Virus:Trj/Small.GV No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\J7L7790W\FrcqTM0Q4Sb_tja5Jdw[1].chm[1.htm] Virus:Trj/Small.GV No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\J7L7790W\FrcqTM0Q4Sb_tja5Jdw[2].chm[1.htm] Virus:Trj/Small.GV No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\J7L7790W\FrcqTM0Q4Sb_tja5Jdw[3].chm[1.htm] Adware:Adware/MediaTickets No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\KXQJOLYR\mtrslib2[1].js Virus:Trj/Small.GV No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\QDDIRQ50\b1apYEVUZlS4vLRW8Ko[1].chm[1.htm] Virus:Trj/Small.GV No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\QDDIRQ50\b1apYEVUZlS4vLRW8Ko[2].chm[1.htm] Virus:Trj/Small.GV No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\QDDIRQ50\b1apYEVUZlS4vLRW8Ko[3].chm[1.htm] Spyware:Spyware/YourSiteBar No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\QPZWTCJU\CA8X23G5.HTM Spyware:Spyware/YourSiteBar No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\QPZWTCJU\CABEL49H.HTM Spyware:Spyware/YourSiteBar No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\QPZWTCJU\CAIPS70B.HTM Spyware:Spyware/YourSiteBar No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\QPZWTCJU\CAZMID77.HTM Virus:Trj/Small.GV No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\YYBZXSZR\71Tr2A3I6NX5slAt6G8[1].chm[1.htm] Virus:Trj/Small.GV No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\YYBZXSZR\71Tr2A3I6NX5slAt6G8[2].chm[1.htm] Virus:Trj/Small.GV No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\YYBZXSZR\71Tr2A3I6NX5slAt6G8[3].chm[1.htm] Virus:Trj/Small.GV No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\YYBZXSZR\cOWOcY2xe7DeVajaTIPK[1].chm[1.htm] Virus:Trj/Small.GV No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\YYBZXSZR\cOWOcY2xe7DeVajaTIPK[2].chm[1.htm] Virus:Trj/Small.GV No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\YYBZXSZR\cOWOcY2xe7DeVajaTIPK[3].chm[1.htm] Virus:Trj/Small.GV No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\YYBZXSZR\pL0_fvvbyBXG5ZA0t7Ld[1].chm[1.htm] Virus:Trj/Small.GV No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\YYBZXSZR\pL0_fvvbyBXG5ZA0t7Ld[2].chm[1.htm] Virus:Trj/Small.GV No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\YYBZXSZR\pL0_fvvbyBXG5ZA0t7Ld[3].chm[1.htm] Virus:Trj/Small.GV No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\YYBZXSZR\wO7poGOB-YulmysxWJQ[1].chm[1.htm] Virus:Trj/Small.GV No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\YYBZXSZR\wO7poGOB-YulmysxWJQ[2].chm[1.htm] Virus:Trj/Small.GV No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\YYBZXSZR\wO7poGOB-YulmysxWJQ[3].chm[1.htm] Virus:Trj/Small.GV No Désinfecté C:\Documents and Settings\cedric\Local Settings\Temporary Internet Files\Content.IE5\YYBZXSZR\wO7poGOB-YulmysxWJQ[4].chm[1.htm] Adware:Adware/SearchAid No Désinfecté C:\iefeatslinstaller.log Spyware:Spyware/BetterInet No Désinfecté C:\Program Files\Common Files\SearchUpgrader\system.cfg Adware:Adware/MyWay No Désinfecté C:\Program Files\MyWay\myBar\3.bin\MY2NS.EXE Adware:Adware/MyWay No Désinfecté C:\Program Files\MyWay\myBar\3.bin\NPMYWAY.DLL Adware:Adware/Startpage.BBC No Désinfecté C:\w.exe Adware:Adware/nCase No Désinfecté C:\WINDOWS\180ax.log Adware:Adware/CWS.008k No Désinfecté C:\WINDOWS\iefr.dll Adware:Adware/MultiMPP No Désinfecté C:\WINDOWS\inf\multimpp.inf Adware:Adware/CWS.Searchmeup No Désinfecté C:\WINDOWS\mstasks1.exe Adware:Adware/CWS.Searchmeup No Désinfecté C:\WINDOWS\mstasks2.exe Adware:Adware/SuperSpider No Désinfecté C:\WINDOWS\seksdialer.exe Adware:Adware/Twain-Tech No Désinfecté C:\WINDOWS\smdat32a.sys Adware:Adware/Twain-Tech No Désinfecté C:\WINDOWS\smdat32m.sys Adware:Adware/SuperSpider No Désinfecté C:\WINDOWS\system.exe Adware:Adware/GloboSearch No Désinfecté C:\WINDOWS\system32\systr.dll Adware:Adware/SAHAgent No Désinfecté C:\WINDOWS\unstall.exe Spyware:Spyware/AdClicker No Désinfecté C:\WINDOWS\usta32.ini

re chercheur, J'ai fais ce que tu m'as dis mais encore pble lol en fait en mode sans echec je ne trouve plus la ligne o4 du fichier log ou est situe - windll32.exe. voici le nouveau log Logfile of HijackThis v1.99.1 Scan saved at 00:14:34, on 13/05/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Personal Firewall\NISUM.EXE C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\Program Files\Norton Personal Firewall\ccPxySvc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ibz.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\PROGRA~1\Wanadoo\CnxMon.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe C:\Program Files\Messenger\msmsgs.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jimbutt.com/stuffs/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Compagnon - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_18_0.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Fichiers communs\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [windll32.exe] C:\WINDOWS\System32\windll32.exe O4 - Global Startup: DSLMON.lnk = ? O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://downloads.winwise.fr/Common/npwwg.cab O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O23 - Service: AVG6 Service (AvgServ) - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe HELPPPPPPPPPPPPPPPPPPPPPPP Merci encore pour topn aide

Bonjour a toi chercheur, je te remercie reelement pour ton aide; Je viens de faire ce que tu m'as dis mais toujours la page internet qui s'ouvre et bloque, j'ai aussi un message erreur de puis quelque tempq me disant spyware passe par port 8080 et 8163( je crois pour le second) voici le nouveau log qu'en pense tu?? Logfile of HijackThis v1.99.1 Scan saved at 16:07:47, on 12/05/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Personal Firewall\NISUM.EXE C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\Program Files\Norton Personal Firewall\ccPxySvc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\PROGRA~1\Wanadoo\CnxMon.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Wanadoo\EspaceWanadoo.exe C:\Program Files\Wanadoo\ComComp.exe C:\Program Files\Wanadoo\Watch.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jimbutt.com/stuffs/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Compagnon - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_18_0.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Fichiers communs\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [windll32.exe] C:\WINDOWS\System32\windll32.exe O4 - Global Startup: DSLMON.lnk = ? O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://downloads.winwise.fr/Common/npwwg.cab O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F54B5003-61FE-4A76-A656-2E8DE22F64F0}: NameServer = 80.10.246.130 80.10.246.3 O23 - Service: AVG6 Service (AvgServ) - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

bonjour

re florian j'ai fais ce que tu m'as dis mais j'ai toujours cette page internet qui s 'ouvre en me fermant toutes les autres : http://terra.es/personal6/dames5/nger.html et un cadre me disant que c sponsorisé par mediatickets (encore lui ) voici le fichier log apres avoir fixe ce que tu m'as dis Logfile of HijackThis v1.99.1 Scan saved at 09:55:02, on 12/05/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Personal Firewall\NISUM.EXE C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\Program Files\Norton Personal Firewall\ccPxySvc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\PROGRA~1\Wanadoo\CnxMon.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Wanadoo\EspaceWanadoo.exe C:\Program Files\Wanadoo\ComComp.exe C:\Program Files\Wanadoo\Watch.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\cedric\Local Settings\Temp\Répertoire temporaire 5 pour hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jimbutt.com/stuffs/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - Default URLSearchHook is missing O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {C4843FF7-AE70-BF42-6057-827D9D3007CE} - C:\WINDOWS\apiji32.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Compagnon - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_18_0.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [.mscdsr] C:\WINDOWS\system\lsvchost.exe O4 - HKLM\..\Run: [WIN95DEFVIEW] C:\WINDOWS\System32\csmrs.exe O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Fichiers communs\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [windll32.exe] C:\WINDOWS\System32\windll32.exe O4 - HKCU\..\Run: [Yogv] C:\WINDOWS\System32\xuuq.exe O4 - HKCU\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe O4 - Global Startup: DSLMON.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O15 - Trusted Zone: http://*.63.219.181.7 O15 - Trusted Zone: *.windupdates.com O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EC..._1022_FR_XP.cab O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://downloads.winwise.fr/Common/npwwg.cab O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...1f64dc3f0db6853 O17 - HKLM\System\CCS\Services\Tcpip\..\{F54B5003-61FE-4A76-A656-2E8DE22F64F0}: NameServer = 80.10.246.130 80.10.246.3 O21 - SSODL: System - {8CBD5BC3-24BD-4288-A910-BBEB8753FB50} - C:\WINDOWS\system32\system32.dll O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\sysit.exe (file missing) O23 - Service: AVG6 Service (AvgServ) - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe A L AIDE STP lol Merci encore florian

[salut Florian Merci pour ta reponse, je fais ce que tu dis et je te donne les résultants en esperant ne plus avoir de soucis. A tout de suite lol

bonjour a tous Je suis nouveau sur le forum et deja un probleme, lol MEDIA PLAYERS est un spyware , je pense, et je n'arrive pas a le supprimer ( j'ai surement d autres virus et spyware) j'ai lu qu il fallait mettre le ficher log que voici: Logfile of HijackThis v1.99.1 Scan saved at 16:52:46, on 10/05/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Personal Firewall\NISUM.EXE C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\Program Files\Norton Personal Firewall\ccPxySvc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\PROGRA~1\Wanadoo\CnxMon.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Wanadoo\EspaceWanadoo.exe C:\Program Files\Wanadoo\ComComp.exe C:\Program Files\Wanadoo\Watch.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\cedric\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://may.directwebsearch.net/search.php R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://may.directwebsearch.net/search.php R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://may.directwebsearch.net/search.php R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://may.directwebsearch.net/search.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://may.directwebsearch.net/search.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mjvkc.dll/sp.html#29126 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jimbutt.com/stuffs/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\mjvkc.dll/sp.html#29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\mjvkc.dll/sp.html#29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\mjvkc.dll/sp.html#29126 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\mjvkc.dll/sp.html#29126 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://may.directwebsearch.net/search.php R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\mjvkc.dll/sp.html#29126 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://may.directwebsearch.net/search.php R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - Default URLSearchHook is missing O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {C4843FF7-AE70-BF42-6057-827D9D3007CE} - C:\WINDOWS\apiji32.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Compagnon - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_18_0.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [nteu.exe] C:\WINDOWS\system32\nteu.exe O4 - HKLM\..\Run: [winupd] C:\WINDOWS\System32\winupd.exe O4 - HKLM\..\Run: [javaxh.exe] C:\WINDOWS\system32\javaxh.exe O4 - HKLM\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe O4 - HKLM\..\Run: [crcc32.exe] C:\WINDOWS\system32\crcc32.exe O4 - HKLM\..\Run: [afakto] C:\WINDOWS\System32\zygqnonr.exe O4 - HKLM\..\Run: [.mscdsr] C:\WINDOWS\system\lsvchost.exe O4 - HKLM\..\Run: [WIN95DEFVIEW] C:\WINDOWS\System32\csmrs.exe O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Fichiers communs\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [windll32.exe] C:\WINDOWS\System32\windll32.exe O4 - HKCU\..\Run: [Yogv] C:\WINDOWS\System32\xuuq.exe O4 - HKCU\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe O4 - Global Startup: DSLMON.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O15 - Trusted Zone: *.05p.com O15 - Trusted Zone: http://*.63.219.181.7 O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.scoobidoo.com O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.05p.com (HKLM) O15 - Trusted Zone: *.blazefind.com (HKLM) O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.flingstone.com (HKLM) O15 - Trusted Zone: *.mt-download.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.scoobidoo.com (HKLM) O15 - Trusted Zone: *.searchbarcash.com (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.slotch.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted Zone: *.xxxtoolbar.com (HKLM) O15 - Trusted IP range: 213.159.117.133 O15 - Trusted IP range: 213.159.117.133 (HKLM) O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EC..._1022_FR_XP.cab O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://downloads.winwise.fr/Common/npwwg.cab O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\qqnxunpp.exe O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\nosuch.mht!http://2awm.com/pop/chm/callpsp.chm::/on-line.exe O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.189.123/winsearchie32.chm::/winsearchie32.exe O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://213.159.117.133/dl/fox/x.chm::/load.exe O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://c:\nosuch.mht!http://2awm.com/pop/chm/callpall.chm::/webload.exe O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...1f64dc3f0db6853 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/s...net32_FR_XP.cab O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4...006_regular.cab O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.alloticket.com/MicroPaiement/kit/WebInstall.dll O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab O16 - DPF: {A45A8A35-19FA-4E8B-874C-CBA3107F354C} (GVLaunch Control) - http://www.casinolauncher.com/gvlaunch.cab O16 - DPF: {ABB08127-7417-11D4-8566-00500448008D} (Chat Class) - http://downloads.winwise.fr/Common/npchatlax.cab O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://217.73.66.1/del/loader.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/diamond.cab O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/fr/SysWebTelecom.cab O16 - DPF: {FC9C7D52-C99A-494A-AA79-4A25098F659C} - http://www.casinoelegance.com/dload/gvdload.cab O16 - DPF: {FFCEABDA-C04E-7F4A-E9B6-DFA72B2F49FB} - http://213.200.210.10/dl/101/FR732_116.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{F54B5003-61FE-4A76-A656-2E8DE22F64F0}: NameServer = 80.10.246.130 80.10.246.3 O21 - SSODL: System - {8CBD5BC3-24BD-4288-A910-BBEB8753FB50} - C:\WINDOWS\system32\system32.dll O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\sysit.exe (file missing) O23 - Service: AVG6 Service (AvgServ) - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe Je remercie d'avance toutes les personnes succeptibles de m aider car je galere vraiment Merci a tous et a bientot Cedriquet