Desmodus

Bonjour, je suis infecté par le trojan-spy.smitfraud.c, qui m'a enlevé la commande Bureau dans propriétés d'affichage, et je n'arrive pas à m'en débarrasser. Si vous savez comment faire, merci de répondre. Desmodus

Bojour ipl_001, bonjour a tous, Je n'ai pas tès bien compris ton dernier message ipl_001, mais voici la situation, j'ais supprimé les wp.exe et .bmp, ainsi que les cl"s dans le registre, en revanche j'ai hésité a supprimer un fichier du nom de aspnet_wp.exe, car je ne savais pas si il avait un rapport avec ce trojan. Ensuite dans le registre, la clé WallpaperStyle n'existe pas et je ne sais pas comment faire.. Desmodus

Rectification, je viens de réussir a trouver le fichier mais, une des clé n'existe pas c'est la wallpaper, Suis-je bloqué???

J'ai effacé les wp.exe et .bmp, mais le probléme c'est que je ne peux pas modifier la clé car le répertoire policies n'existe pas que dois-je faire stp?

Merci à tous pour votre aide je suis enfin débarrassé de ce trojan, en revanche il me reste un ptit probléme, j'ai mon arriere plan de bureau qui affiche une erreur fatale comme quoi je suis infecté par trojan-spy.HTML.smitfraud.c Je n'ai meme plus accés aux propriétés d'affichage

Voici mon dernier rapport, Logfile of HijackThis v1.99.1 Scan saved at 23:41:12, on 22/06/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.EXE C:\Documents and Settings\Administrateur\Mes documents\guy.mansart\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe J'espere que c'est bon, après ta vérification j'aurai encore un service à te demander. Merci d'avance Desmodus

Est-ce que quelqu'un a des infos sur Trojan-spy.HTML.smitfraud.c Car il m'a changé mon arriere plan en message d'erreur enorme, et m'empeche de le changer par le panneau de configuration. Je ne sais quoi faire..

Voici le dernier rapport de HiJack, Logfile of HijackThis v1.99.1 Scan saved at 21:01:00, on 22/06/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\userinit.exe C:\WINNT\Explorer.EXE C:\Documents and Settings\Administrateur\Mes documents\guy.mansart\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ksaxwwcfaipnhkerobm.net/UUKZR3g...t_ak2S5NYq/.htm O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Search Toolbar - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINNT\pumba3.dll (file missing) O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\Administrateur\Mes documents\Fichiers MSN Messenger\Nouveau dossier\MsgPlus.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\Run: [Manager window] C:\DOCUME~1\ADMINI~1\APPLIC~1\TRUSTB~1\16 memo.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe J'espere que ce sera bon car ca devient vraiment chiant ces trojans Merci d'avance pour le diagnostic.

Ca y est je viens de fixer tout, sauf ces deux lignes O17 - HKLM\System\CCS\Services\Tcpip\..\{011FAB6C-412C-4CBB-8D8C-39F9956C20CA}: NameServer = 80.10.246.1 80.10.246.132 O17 - HKLM\System\CS2\Services\Tcpip\..\{011FAB6C-412C-4CBB-8D8C-39F9956C20CA}: NameServer = 80.10.246.1 80.10.246.132 Du coté protection tu me conseilles quoi??

Bonjour tout le monde, comment ca va? J'ai encore un petit probléme, c'est a dire que deldomains ne s'installe pas, et je ne peux pas suivre la procédure, de plus les lignes a fixer ne correspondent pas, ou en tout cas je les trouve pas.

Bonjour je suis désolé de ne pas avoir pu revenir avant, j'avais le bac a passer. Je viens de refaire un scan avec HiJack Le voici Logfile of HijackThis v1.99.1 Scan saved at 18:31:16, on 22/06/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\drivers\CDAC11BA.EXE C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.EXE C:\WINNT\inet20057\winlogon.exe C:\WINNT\system32\sstray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\MESSAG~1\StartMessager.exe C:\PROGRA~1\WANADOO\CnxMon.exe C:\PROGRA~1\WANADOO\TaskbarIcon.exe C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE C:\Program Files\Logitech\ImageStudio\LogiTray.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\WINNT\system32\msxct.exe C:\WINNT\winsocks5.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\WINNT\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe c:\progra~1\intern~1\iexplore.exe C:\PROGRA~1\WANADOO\EspaceWanadoo.exe C:\Program Files\Logitech\ImageStudio\LowLight.exe C:\PROGRA~1\WANADOO\ComComp.exe C:\PROGRA~1\WANADOO\Watch.exe C:\WINNT\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Documents and Settings\Administrateur\Mes documents\guy.mansart\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fygxonjtklgyujbzkhhssn.com/UUKZ...N_ak2S5NYq/.jsp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kmzlaxoypgl.com/UUKZR3gTUgUlK6v...pXGL0UjWDQ.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - Default URLSearchHook is missing F3 - REG:win.ini: run=C:\WINNT\inet20057\winlogon.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {CFA18DFB-E8A6-C79B-8380-1A552B35D9A2} - C:\DOCUME~1\ADMINI~1\APPLIC~1\ACEINT~1\curb live.exe O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINNT\pumba3.dll O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINNT\system32\iasada.dll O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll (file missing) O3 - Toolbar: Search Toolbar - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINNT\pumba3.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\Administrateur\Mes documents\Fichiers MSN Messenger\Nouveau dossier\MsgPlus.exe" O4 - HKLM\..\Run: [book 16 shim film] C:\Documents and Settings\All Users\Application Data\SkipItchBook16\send ford.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe O4 - HKLM\..\Run: [msxct] msxct.exe O4 - HKLM\..\Run: [xp_system] C:\WINNT\inet20057\winlogon.exe O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\system32\popcorn64.exe rundll.dll,LoadMouseProfile O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINNT\winsocks5.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\Run: [Manager window] C:\DOCUME~1\ADMINI~1\APPLIC~1\TRUSTB~1\16 memo.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [xp_system] C:\WINNT\inet20057\winlogon.exe O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_FR.cab O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.170.82/e9xr2.chm::/file.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1324eb2ac127f6...RdxIE601_fr.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game17.zylomgames.com/activex/zylomgamesplayer.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{011FAB6C-412C-4CBB-8D8C-39F9956C20CA}: NameServer = 80.10.246.1 80.10.246.132 O17 - HKLM\System\CS2\Services\Tcpip\..\{011FAB6C-412C-4CBB-8D8C-39F9956C20CA}: NameServer = 80.10.246.1 80.10.246.132 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe Voici aussi le rapport de spsehjfix (6/22/05 17:20:04) SPSeHjFix started v1.1.2 (6/22/05 17:20:04) OS: Win2000 Service Pack 4 (5.0.2195) (6/22/05 17:20:04) Language: français (6/22/05 17:20:04) Win-Path: C:\WINNT (6/22/05 17:20:04) System-Path: C:\WINNT\system32 (6/22/05 17:20:04) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ (6/22/05 17:20:06) Disinfection started (6/22/05 17:20:06) Bad-Dll(IEP): c:\docume~1\admini~1\locals~1\temp\se.dll (6/22/05 17:20:06) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINNT\system32\mlhd.dll (6/22/05 17:20:06) Searchassistant Uninstaller - Keys Deleted (6/22/05 17:20:06) UBF: 9 - UBB: 6 - UBR: 31 (6/22/05 17:20:06) FilterKey: HKCR\text/html (deleted) (6/22/05 17:20:06) FilterKey: HKCR\CLSID\{FE70F112-413A-48D7-86EB-81E7BD9CA5F6} (deleted) (6/22/05 17:20:06) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting) (6/22/05 17:20:06) FilterKey: HKCR\text/plain (deleted) (6/22/05 17:20:06) FilterKey: HKCR\CLSID\{FE70F112-413A-48D7-86EB-81E7BD9CA5F6} (error while deleting) (6/22/05 17:20:06) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting) (6/22/05 17:20:06) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8B01E89E-1DBB-40D1-9B46-A4BFA5CA3186} (deleted) (6/22/05 17:20:06) BHO-Key: HKCR\CLSID\{8B01E89E-1DBB-40D1-9B46-A4BFA5CA3186} (deleted) (6/22/05 17:20:06) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll,DllInstall (deleted) (6/22/05 17:20:06) UBF: 7 - UBB: 5 - UBR: 30 (6/22/05 17:20:06) Bad IE-pages: deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\admini~1\locals~1\temp\se.dll/spage.html deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\admini~1\locals~1\temp\se.dll/spage.html deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank (6/22/05 17:20:06) Stealth-String not found (6/22/05 17:20:06) File added to delete: c:\winnt\system32\mlhd.dll (6/22/05 17:20:06) File added to delete: c:\docume~1\admini~1\locals~1\temp\se.dll (6/22/05 17:20:06) Reboot (6/22/05 17:21:45) SPSeHjFix started v1.1.2 (6/22/05 17:21:45) OS: Win2000 Service Pack 4 (5.0.2195) (6/22/05 17:21:45) Language: français (6/22/05 17:21:45) Win-Path: C:\WINNT (6/22/05 17:21:45) System-Path: C:\WINNT\system32 (6/22/05 17:21:45) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ (6/22/05 17:22:17) Disinfection started (6/22/05 17:22:17) Bad-Dll(IEP): c:\docume~1\admini~1\locals~1\temp\se.dll (6/22/05 17:22:17) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINNT\system32\mlhd.dll (6/22/05 17:22:17) Searchassistant Uninstaller - Keys Deleted (6/22/05 17:22:17) UBF: 9 - UBB: 6 - UBR: 31 (6/22/05 17:22:17) FilterKey: HKCR\text/html (deleted) (6/22/05 17:22:17) FilterKey: HKCR\CLSID\{6D10722F-34A2-4AF0-BC72-53483A36B00A} (deleted) (6/22/05 17:22:17) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting) (6/22/05 17:22:17) FilterKey: HKCR\text/plain (deleted) (6/22/05 17:22:17) FilterKey: HKCR\CLSID\{6D10722F-34A2-4AF0-BC72-53483A36B00A} (error while deleting) (6/22/05 17:22:17) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting) (6/22/05 17:22:17) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2263C16A-2E82-414A-B6C7-89D291373049} (deleted) (6/22/05 17:22:17) BHO-Key: HKCR\CLSID\{2263C16A-2E82-414A-B6C7-89D291373049} (deleted) (6/22/05 17:22:17) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll,DllInstall (deleted) (6/22/05 17:22:17) UBF: 7 - UBB: 5 - UBR: 30 (6/22/05 17:22:17) Bad IE-pages: deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\admini~1\locals~1\temp\se.dll/spage.html deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\admini~1\locals~1\temp\se.dll/spage.html deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank (6/22/05 17:22:17) Stealth-String not found (6/22/05 17:22:17) File added to delete: c:\winnt\system32\mlhd.dll (6/22/05 17:22:17) File added to delete: c:\docume~1\admini~1\locals~1\temp\se.dll (6/22/05 17:22:17) Reboot (6/22/05 17:44:10) SPSeHjFix started v1.1.2 (6/22/05 17:44:10) OS: Win2000 Service Pack 4 (5.0.2195) (6/22/05 17:44:10) Language: français (6/22/05 17:44:10) Win-Path: C:\WINNT (6/22/05 17:44:10) System-Path: C:\WINNT\system32 (6/22/05 17:44:10) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ (6/22/05 17:44:12) Disinfection started (6/22/05 17:44:12) Bad-Dll(IEP): (not found) (6/22/05 17:44:12) Bad-Dll(IEP) in BHO: (not found) (6/22/05 17:44:12) UBF: 7 - UBB: 5 - UBR: 30 (6/22/05 17:44:12) UBF: 7 - UBB: 5 - UBR: 30 (6/22/05 17:44:12) Bad IE-pages: deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank (6/22/05 17:44:12) Stealth-String not found (6/22/05 17:44:12) Not infected->END (6/22/05 17:44:58) SPSeHjFix started v1.1.2 (6/22/05 17:44:58) OS: Win2000 Service Pack 4 (5.0.2195) (6/22/05 17:44:58) Language: français (6/22/05 17:44:58) Win-Path: C:\WINNT (6/22/05 17:44:58) System-Path: C:\WINNT\system32 (6/22/05 17:44:58) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ (6/22/05 17:44:59) Disinfection started (6/22/05 17:44:59) Bad-Dll(IEP): (not found) (6/22/05 17:44:59) Bad-Dll(IEP) in BHO: (not found) (6/22/05 17:44:59) UBF: 7 - UBB: 5 - UBR: 30 (6/22/05 17:44:59) UBF: 7 - UBB: 5 - UBR: 30 (6/22/05 17:44:59) Bad IE-pages: (none) (6/22/05 17:44:59) Stealth-String not found (6/22/05 17:44:59) Not infected->END (6/22/05 17:57:32) SPSeHjFix started v1.1.2 (6/22/05 17:57:32) OS: Win2000 Service Pack 4 (5.0.2195) (6/22/05 17:57:32) Language: français (6/22/05 17:57:32) Win-Path: C:\WINNT (6/22/05 17:57:32) System-Path: C:\WINNT\system32 (6/22/05 17:57:32) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ (6/22/05 18:02:09) SPSeHjFix started v1.1.2 (6/22/05 18:02:09) OS: Win2000 Service Pack 4 (5.0.2195) (6/22/05 18:02:09) Language: français (6/22/05 18:02:09) Win-Path: C:\WINNT (6/22/05 18:02:09) System-Path: C:\WINNT\system32 (6/22/05 18:02:09) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ (6/22/05 18:02:10) Disinfection started (6/22/05 18:02:10) Bad-Dll(IEP): (not found) (6/22/05 18:02:10) Bad-Dll(IEP) in BHO: (not found) (6/22/05 18:02:10) UBF: 7 - UBB: 5 - UBR: 30 (6/22/05 18:02:10) UBF: 7 - UBB: 5 - UBR: 30 (6/22/05 18:02:10) Bad IE-pages: (none) (6/22/05 18:02:10) Stealth-String not found (6/22/05 18:02:10) Not infected->END Merci encore pour ton aide Desmodus

Ca y est je viens de desinstaller emule, desolé j'avais pas vu qu'il était encore installé Ca te dérange si je reviens demain car la je suis crevé merci pour ton aide et peut etre a demain

Bon je vais aller me coucher, je reviendrai demain. Merci pour votre aide, j'espere que vous serez là demain. A bientot Desmodus

Ca y est j'ai scanné avec HiJack voici le rapport Logfile of HijackThis v1.99.1 Scan saved at 23:31:58, on 18/06/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\userinit.exe C:\WINNT\Explorer.EXE C:\Documents and Settings\Administrateur\Mes documents\guy.mansart\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll/spage.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll/spage.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - Default URLSearchHook is missing F3 - REG:win.ini: run=C:\WINNT\inet20057\winlogon.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {8B01E89E-1DBB-40D1-9B46-A4BFA5CA3186} - C:\WINNT\system32\mlhd.dll O2 - BHO: (no name) - {CFA18DFB-E8A6-C79B-8380-1A552B35D9A2} - C:\DOCUME~1\ADMINI~1\APPLIC~1\ACEINT~1\curb live.exe O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINNT\pumba2.dll O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINNT\system32\iasada.dll O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll (file missing) O3 - Toolbar: Search Toolbar - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINNT\pumba2.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\Administrateur\Mes documents\Fichiers MSN Messenger\Nouveau dossier\MsgPlus.exe" O4 - HKLM\..\Run: [book 16 shim film] C:\Documents and Settings\All Users\Application Data\SkipItchBook16\send ford.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe O4 - HKLM\..\Run: [msxct] msxct.exe O4 - HKLM\..\Run: [xp_system] C:\WINNT\inet20057\winlogon.exe O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\system32\popcorn64.exe rundll.dll,LoadMouseProfile O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINNT\winsocks5.exe O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll,DllInstall O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\Run: [Manager window] C:\DOCUME~1\ADMINI~1\APPLIC~1\TRUSTB~1\16 memo.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [xp_system] C:\WINNT\inet20057\winlogon.exe O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_FR.cab O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.170.82/e9xr2.chm::/file.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1324eb2ac127f6...RdxIE601_fr.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game17.zylomgames.com/activex/zylomgamesplayer.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O18 - Filter: text/html - {FE70F112-413A-48D7-86EB-81E7BD9CA5F6} - C:\WINNT\system32\mlhd.dll O18 - Filter: text/plain - {FE70F112-413A-48D7-86EB-81E7BD9CA5F6} - C:\WINNT\system32\mlhd.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Desolé mais ca fonctionne pas l'antivirus en ligne Donc je vais rebooter mon pc et scanner avec Hi jack