muzopassy

Bonsoir Tornado, Ci-dessous le rapport [04/03/2006, 21:26:52] - VirtumundoBeGone v1.5 ( "E:\Documents and Settings\pascal.ORDI001\Desktop\security tools\VirtumundoBeGone.exe" ) [04/03/2006, 21:26:58] - Detected System Information: [04/03/2006, 21:26:58] - Windows Version: 5.1.2600, Service Pack 1 [04/03/2006, 21:26:58] - Current Username: pascal (Admin) [04/03/2006, 21:26:58] - Windows is in NORMAL mode. [04/03/2006, 21:26:58] - Searching for Browser Helper Objects: [04/03/2006, 21:26:58] - Finished Searching Browser Helper Objects [04/03/2006, 21:26:58] - Finishing up... [04/03/2006, 21:26:58] - Nothing found! Exiting... @+

Re Tornado, Ci-joint le rapport L2MFIX find log 032106 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="History" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Explorateur de Bureau" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{FED7043D-346A-414D-ACD7-550D052499A7}"="dBpowerAMP Music Converter 1" "{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}"="dBpowerAMP Music Converter" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"="UnlockerShellExtension" ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: E:\WINDOWS\SYSTEM32\ gdi32.dll Tue 3 Jan 2006 0:38:04 A.... 260 608 254,50 K s32evnt1.dll Tue 31 Jan 2006 15:35:34 A.... 91 904 89,75 K webclnt.dll Wed 4 Jan 2006 5:37:34 A.... 64 000 62,50 K 3 items found: 3 files, 0 directories. Total of file sizes: 416 512 bytes 406,75 K Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Le volume dans le lecteur E n'a pas de nom. Le num‚ro de s‚rie du volume est 64CF-5DED R‚pertoire de E:\WINDOWS\System32 02/04/2006 20:59 <REP> dllcache 10/10/2004 22:02 <REP> Microsoft 10/10/2004 21:59 32 {445041B3-6AB7-4170-B918-C16FC4DD72BD}.dat 1 fichier(s) 32 octets 2 R‚p(s) 1ÿ175ÿ764ÿ992 octets libres Merci encore de ton aide

Salut Tornado, effectivement le scan était en cours Voilà le résultat Incident Statut Analyse Adware:Adware/IGetNet No Désinfecté C:\WINDOWS\SYSTEM\RSP001.DLL Adware:Adware/IGetNet No Désinfecté C:\WINDOWS\SYSTEM\NLNP13.dll Adware:Adware/IGetNet No Désinfecté C:\WINDOWS\SYSTEM\Update_com.DLL Spyware:Cookie/Xiti No Désinfecté C:\WINDOWS\Profiles\pascal\Cookies\pascal@xiti[1].txt Spyware:Cookie/Xiti No Désinfecté C:\WINDOWS\Profiles\pascal\Cookies\pascal@xiti[2].txt Spyware:Cookie/Kazaa Networks No Désinfecté C:\WINDOWS\Profiles\pascal\Cookies\pascal@desktop.kazaa[1].txt Spyware:Cookie/LinkExchange No Désinfecté C:\WINDOWS\Profiles\pascal\Cookies\pascal@linkexchange[1].txt Spyware:Cookie/Xiti No Désinfecté C:\WINDOWS\Profiles\pascal\Cookies\pascal@xiti[3].txt Spyware:Cookie/Atwola No Désinfecté C:\WINDOWS\Profiles\pascal\Cookies\pascal@atwola[2].txt Spyware:Cookie/fe.lea.lycos No Désinfecté C:\WINDOWS\Profiles\pascal\Cookies\pascal@fe.lea.lycos[1].txt Spyware:Cookie/WebPower No Désinfecté C:\WINDOWS\Profiles\pascal\Cookies\pascal@webpower[2].txt Spyware:Cookie/GangbangSquad No Désinfecté C:\WINDOWS\Profiles\pascal\Cookies\pascal@www.gangbangsquad[2].txt Spyware:Cookie/888 No Désinfecté C:\WINDOWS\Profiles\pascal\Cookies\pascal@888[2].txt Spyware:Cookie/Santa Monica networks inc No Désinfecté C:\WINDOWS\Profiles\pascal\Cookies\pascal@smni[1].txt Spyware:Cookie/Kazaa Networks No Désinfecté C:\WINDOWS\Profiles\pascal\Cookies\pascal@desktop.kazaa[2].txt Spyware:Cookie/Target No Désinfecté C:\WINDOWS\Profiles\pascal\Cookies\pascal@target[1].txt Spyware:Cookie/Kazaa Networks No Désinfecté C:\WINDOWS\Profiles\pascal\Cookies\pascal@desktop.kazaa[3].txt Spyware:Cookie/Atwola No Désinfecté C:\WINDOWS\Profiles\pascal\Cookies\pascal@atwola[1].txt Spyware:Cookie/Xiti No Désinfecté C:\WINDOWS\Profiles\pascal\Cookies\pascal@xiti[4].txt Spyware:Cookie/Xiti No Désinfecté C:\WINDOWS\Profiles\agnes\Cookies\agnes@xiti[1].txt Spyware:Cookie/Xiti No Désinfecté C:\WINDOWS\Profiles\florian\Cookies\florian@xiti[1].txt Spyware:Cookie/go No Désinfecté C:\WINDOWS\Profiles\florian\Cookies\florian@go[1].txt Adware:Adware/AccesMembre No Désinfecté C:\WINDOWS\AccesMembre.dll Adware:Adware/Look2Me No Désinfecté C:\WINDOWS\Installer.exe Spyware:Spyware/Virtumonde No Désinfecté C:\WINDOWS\WindowsUpd2.exe Spyware:Cookie/Xiti No Désinfecté E:\Documents and Settings\pascal.ORDI001\Cookies\pascal@xiti[1].txt Adware:Adware/Lop No Désinfecté E:\Documents and Settings\pascal.ORDI001\Desktop\security tools\lopremover.exe Adware:Adware/Lop No Désinfecté E:\Documents and Settings\pascal.ORDI001\Desktop\security tools\lopremover.zip[lopremover.exe] Outil indésirable:Application/Processor No Désinfecté E:\Documents and Settings\pascal.ORDI001\Desktop\security tools\SmitfraudFix\Process.exe Outil indésirable:Application/Processor No Désinfecté E:\Documents and Settings\pascal.ORDI001\Desktop\security tools\SmitfraudFix.zip[Process.exe] Outil indésirable:application/spyfalcon No Désinfecté E:\Documents and Settings\pascal.ORDI001\Start Menu\SpyFalcon 2.0.lnk Outil indésirable:Application/FunWeb No Désinfecté E:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf Adware:Adware/InstaFinder No Désinfecté E:\WINDOWS\system32\InstaFinder_inst245.exe Outil indésirable:Application/Processor No Désinfecté E:\WINDOWS\system32\Process.exe @+ merci encore

Encore merci et mission accomplie ci-dessous le nouveau rapport Logfile of HijackThis v1.99.1 Scan saved at 13:54:29, on 01/04/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe d:\Program Files\ewido anti-malware\ewidoctrl.exe E:\PROGRA~1\Iomega\System32\AppServices.exe E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe D:\Program Files\Norton AntiVirus\navapsvc.exe E:\WINDOWS\System32\nvsvc32.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\Explorer.EXE D:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe E:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe E:\Program Files\Common Files\AOL\ACS\AOLDial.exe E:\WINDOWS\System32\wuauclt.exe E:\Program Files\Common Files\Symantec Shared\ccApp.exe D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe E:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe D:\Program Files\Iomega HotBurn Pro\Autolaunch.exe D:\Program Files\Unlocker\UnlockerAssistant.exe E:\WINDOWS\System32\ctfmon.exe E:\Program Files\Messenger\msmsgs.exe E:\Program Files\Common Files\AOL\1143493946\ee\AOLHostManager.exe E:\Program Files\AOL 9.0a\aoltray.exe E:\Program Files\Common Files\AOL\1143493946\ee\AOLServiceHost.exe E:\Program Files\AOL Compagnon\companion.exe E:\WINDOWS\System32\wuauclt.exe e:\program files\common files\aol\1143493946\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe E:\Program Files\Common Files\AOL\1143493946\ee\AOLServiceHost.exe D:\Program Files\HijackThis\HijackThis.exe D:\Program Files\Microsoft Office\Office10\WINWORD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing) O4 - HKLM\..\Run: [AOLSAV] E:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe O4 - HKLM\..\Run: [AOLDialer] E:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [MPFExe] D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "E:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "d:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [sSC_UserPrompt] E:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "d:\Program Files\Iomega HotBurn Pro\Autolaunch.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [HostManager] E:\Program Files\Common Files\AOL\1143493946\ee\AOLHostManager.exe O4 - HKLM\..\Run: [unlockerAssistant] d:\Program Files\Unlocker\UnlockerAssistant.exe O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: AOL 9.0 Icône AOL.lnk = E:\Program Files\AOL 9.0a\aoltray.exe O4 - Global Startup: AOL Compagnon.lnk = E:\Program Files\AOL Compagnon\companion.exe O4 - Global Startup: AOL Companion.lnk = ? O8 - Extra context menu item: &Recherche AOL Toolbar - res://E:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - E:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: ewido security suite control - ewido networks - d:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Iomega App Services - Iomega Corporation - E:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe @+

Bonsoir Tornado, Ouf ! mission accomplie Ci-dessous les rapports en question Logfile of HijackThis v1.99.1 Scan saved at 22:09:28, on 30/03/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe d:\Program Files\AVPersonal\AVWUPSRV.EXE E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe d:\Program Files\ewido anti-malware\ewidoctrl.exe E:\PROGRA~1\Iomega\System32\AppServices.exe E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe D:\Program Files\Norton AntiVirus\navapsvc.exe E:\WINDOWS\System32\nvsvc32.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\Explorer.EXE E:\WINDOWS\System32\wuauclt.exe E:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe E:\Program Files\Common Files\AOL\ACS\AOLDial.exe D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe E:\Program Files\Common Files\Symantec Shared\ccApp.exe D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe D:\Program Files\Iomega HotBurn Pro\Autolaunch.exe D:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe D:\Program Files\Unlocker\UnlockerAssistant.exe E:\WINDOWS\System32\ctfmon.exe E:\Program Files\Messenger\msmsgs.exe E:\Program Files\Common Files\AOL\1143493946\ee\AOLHostManager.exe E:\Program Files\Common Files\AOL\1143493946\ee\AOLServiceHost.exe E:\Program Files\AOL 9.0a\aoltray.exe E:\Program Files\AOL Compagnon\companion.exe e:\program files\common files\aol\1143493946\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe E:\Program Files\Common Files\AOL\1143493946\ee\AOLServiceHost.exe D:\Program Files\Microsoft Office\Office10\WINWORD.EXE E:\Program Files\AOL 9.0a\waol.exe E:\Program Files\AOL 9.0a\shellmon.exe E:\Program Files\Common Files\Aol\aoltpspd.exe D:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing) O4 - HKLM\..\Run: [AOLSAV] E:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe O4 - HKLM\..\Run: [AOLDialer] E:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [MPFExe] D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "E:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "d:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [sSC_UserPrompt] E:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "d:\Program Files\Iomega HotBurn Pro\Autolaunch.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [HostManager] E:\Program Files\Common Files\AOL\1143493946\ee\AOLHostManager.exe O4 - HKLM\..\Run: [unlockerAssistant] d:\Program Files\Unlocker\UnlockerAssistant.exe O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ruleeggs] E:\DOCUME~1\PASCAL~1.ORD\APPLIC~1\32BAGS~1\Book Mpeg.exe O4 - Global Startup: AOL 9.0 Icône AOL.lnk = E:\Program Files\AOL 9.0a\aoltray.exe O4 - Global Startup: AOL Compagnon.lnk = E:\Program Files\AOL Compagnon\companion.exe O4 - Global Startup: AOL Companion.lnk = ? O8 - Extra context menu item: &Recherche AOL Toolbar - res://E:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE O17 - HKLM\System\CCS\Services\Tcpip\..\{DCC2B50A-0267-42A9-BE57-E25E39E47F9E}: NameServer = 205.188.146.145 O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - E:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - d:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: ewido security suite control - ewido networks - d:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Iomega App Services - Iomega Corporation - E:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Symantec Adware.Istbar / Trojan.ISTsvc Removal Tool 1.1.0 registry: HKEY_USERS\S-1-5-21-484763869-706699826-854245398-1003\Software\Microsoft\Internet Explorer\Main: Use Search Assistant (value deleted) D:\System Volume Information: (not scanned) E:\Documents and Settings\Pascal: (not scanned) E:\Documents and Settings\pascal.ORDI001\Local Settings\Temp\Temporary Internet Files\Content.IE5\0L6FC1I7\Type=click&FlightID=226876&AdID=481016&TargetID=77839&Targets=53050,74526,74542,77839,75296,67668,55163&Values=20,31,43,51,63,83,102,110,152,216,229,243,288,9498,166[1].htm (WARNING: not scanned, path to long) E:\Documents and Settings\pascal.ORDI001\Local Settings\Temp\Temporary Internet Files\Content.IE5\O9IR0DQR\btype=77&tile=167897791&adpos=1&combo=0&country=fr&affiliate=frlycos&svc=home&ee=0&Params.cookie.noupdate=ats&refurl=http%3A%2F%2Fwww.home.lycos.fr%2Findex[1] (WARNING: not scanned, path to long) E:\System Volume Information: (not scanned) E:\WINDOWS\system32\??stem: (not scanned) Adware.Istbar has not been found on your computer. --------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 14:01:47, 30/03/2006 + Somme de contrôle: E540B386 + Résultats du scan: C:\WINDOWS\SYSTEM\ctb_s.exe -> Adware.BrowsePal : Nettoyer et sauvegarder C:\WINDOWS\SYSTEM\ctbv2.dll -> Adware.Sahat : Nettoyer et sauvegarder C:\WINDOWS\Profiles\pascal\Cookies\pascal@ad.doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder C:\WINDOWS\Profiles\pascal\Cookies\pascal@ilead.itrack[1].txt -> TrackingCookie.Itrack : Nettoyer et sauvegarder C:\WINDOWS\BDE\b3dsetup.exe -> Adware.BrilliantDigital : Nettoyer et sauvegarder D:\Elements disque E'\aolextras\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Nettoyer et sauvegarder D:\Elements disque E'\aolextras\WINDOWS\NDNuninstall6_90.exe -> Adware.NewDotNet : Nettoyer et sauvegarder D:\Elements disque E'\aolextras\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Nettoyer et sauvegarder D:\Elements disque E'\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Nettoyer et sauvegarder D:\Elements disque E'\WINDOWS\NDNuninstall6_90.exe -> Adware.NewDotNet : Nettoyer et sauvegarder D:\Elements disque E'\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Nettoyer et sauvegarder D:\Program Files\Altnet\Download Manager\asm.exe -> Adware.Altnet : Nettoyer et sauvegarder D:\Program Files\GDiVX Player\SuperBarInstall.exe -> Adware.GigatechSuperBar : Nettoyer et sauvegarder E:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060328005125.zip/WINDOWS/NDNuninstall6_38.exe -> Adware.NewDotNet : Nettoyer et sauvegarder E:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060328005125.zip/WINDOWS/NDNuninstall6_90.exe -> Adware.NewDotNet : Nettoyer et sauvegarder E:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060328005125.zip/WINDOWS/NDNuninstall6_98.exe -> Adware.NewDotNet : Nettoyer et sauvegarder E:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060328005125.zip/WINDOWS/NDNuninstall7_14.exe -> Adware.NewDotNet : Nettoyer et sauvegarder E:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060328005125.zip/WINDOWS/NDNuninstall7_22.exe -> Adware.NewDotNet : Nettoyer et sauvegarder E:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060328005125.zip/Program Files/newdotnet/uninstall6_38.exe -> Adware.NewDotNet : Nettoyer et sauvegarder E:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060328005125.zip/Program Files/newdotnet/newdotnet7_22.dll -> Adware.NewDotNet : Nettoyer et sauvegarder E:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060328005125.zip/Program Files/newdotnet/uninstall7_22.exe -> Adware.NewDotNet : Nettoyer et sauvegarder E:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060328005125.zip/Program Files/newdotnet/newdotnet7_22.to_be_deleted -> Adware.NewDotNet : Nettoyer et sauvegarder E:\Documents and Settings\pascal.ORDI001\Desktop\Florian\metallica\_keygen.exe -> Dropper.Agent.aiq : Nettoyer et sauvegarder E:\Documents and Settings\pascal.ORDI001\Desktop\uninstall6_38.exe -> Adware.NewDotNet : Nettoyer et sauvegarder E:\Program Files\FileSubmit\O Christmas Tree\NNEZTA388.exe -> Adware.NewDotNet : Nettoyer et sauvegarder E:\Program Files\FileSubmit\O Christmas Tree\TBEZA127Q.exe -> Adware.Quick : Nettoyer et sauvegarder E:\WINDOWS\system32\interf.tlb -> Trojan.Small : Nettoyer et sauvegarder E:\WINDOWS\system32\oins.exe -> Downloader.PurityScan.bt : Nettoyer et sauvegarder E:\WINDOWS\YAXUninst.exe -> Adware.MediaTickets : Nettoyer et sauvegarder ::Fin du rapport @+ merci

RE, ci-dessous le nouveau rapport - pour info il y a deux répertoire dans temp que je n'ai pas pu enlever car dans chacun d'eux un fichier était insupprimable - et si je regarde dans mes process j'ai toujours deux process iexplorer qui me pollue alors que je n'ai pas internet explorer d'ouvert et au bout d'un moment çà me lance des fenêtre Logfile of HijackThis v1.99.1 Scan saved at 08:33:49, on 29/03/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe d:\Program Files\AVPersonal\AVWUPSRV.EXE E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe E:\PROGRA~1\Iomega\System32\AppServices.exe E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe D:\Program Files\Norton AntiVirus\navapsvc.exe E:\WINDOWS\System32\nvsvc32.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\Explorer.EXE E:\WINDOWS\System32\wuauclt.exe E:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe E:\Program Files\Common Files\AOL\ACS\AOLDial.exe E:\Program Files\QuickTime\qttask.exe D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe E:\Program Files\Common Files\Symantec Shared\ccApp.exe D:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe E:\Program Files\Java\jre1.5.0_04\bin\jusched.exe D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe D:\Program Files\Iomega HotBurn Pro\Autolaunch.exe E:\Program Files\MessengerPlus! 3\MsgPlus.exe E:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\Unlocker\UnlockerAssistant.exe E:\Program Files\Messenger\msmsgs.exe E:\WINDOWS\System32\ctfmon.exe e:\progra~1\intern~1\iexplore.exe E:\WINDOWS\RACLE~1\dvdplay.exe E:\Program Files\MSN Messenger\msnmsgr.exe E:\WINDOWS\system32\??stem\l?gonui.exe E:\Program Files\Common Files\AOL\1143493946\ee\AOLHostManager.exe E:\Program Files\Common Files\AOL\1143493946\ee\AOLServiceHost.exe E:\Program Files\AOL 9.0a\aoltray.exe E:\Program Files\AOL Compagnon\companion.exe e:\program files\common files\aol\1143493946\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe E:\Program Files\Common Files\AOL\1143493946\ee\AOLServiceHost.exe D:\Program Files\HijackThis\HijackThis.exe E:\Program Files\AOL 9.0a\waol.exe E:\Program Files\AOL 9.0a\shellmon.exe E:\Program Files\Common Files\Aol\aoltpspd.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ddnatgpnaufhvti.us/_JS/KBpbB_vUObNz...HxcMowpdmH.html O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing) O4 - HKLM\..\Run: [AOLSAV] E:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe O4 - HKLM\..\Run: [AOLDialer] E:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MPFExe] D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "E:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RealTray] E:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "d:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [sSC_UserPrompt] E:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [cy4S] E:\WINDOWS\oltdv.exe O4 - HKLM\..\Run: [¢‰¸K0¨4W }ïÁzî[8E:\Program Files\ISTsvc\istsvc.exe] E:\WINDOWS\oltdv.exe O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁß]§ú"ü‰üžiE:\Program Files\ISTsvc\istsvc.exe] E:\WINDOWS\oltdv.exe O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "d:\Program Files\Iomega HotBurn Pro\Autolaunch.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [eDonkey2000] "D:\Program Files\eDonkey2000\edonkey2000.exe" -t O4 - HKLM\..\Run: [MessengerPlus3] "E:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [KINDFLAGFORGRIM] E:\Documents and Settings\All Users.WINDOWS\Application Data\ErrorMagsKindFlag\Soap Mail.exe O4 - HKLM\..\Run: [HostManager] E:\Program Files\Common Files\AOL\1143493946\ee\AOLHostManager.exe O4 - HKLM\..\Run: [unlockerAssistant] d:\Program Files\Unlocker\UnlockerAssistant.exe O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ruleeggs] E:\DOCUME~1\PASCAL~1.ORD\APPLIC~1\32BAGS~1\Book Mpeg.exe O4 - HKCU\..\Run: [MessengerPlus3] "E:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [irhs] "E:\WINDOWS\RACLE~1\dvdplay.exe" -vt yax O4 - HKCU\..\Run: [Hmdk] E:\WINDOWS\system32\??stem\l?gonui.exe O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: AOL 9.0 Icône AOL.lnk = E:\Program Files\AOL 9.0a\aoltray.exe O4 - Global Startup: AOL Compagnon.lnk = E:\Program Files\AOL Compagnon\companion.exe O4 - Global Startup: AOL Companion.lnk = ? O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Recherche AOL Toolbar - res://E:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123 O17 - HKLM\System\CCS\Services\Tcpip\..\{DCC2B50A-0267-42A9-BE57-E25E39E47F9E}: NameServer = 205.188.146.145 O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - E:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - d:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Iomega App Services - Iomega Corporation - E:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

me revoilà Tornado et merci. Ci-dessous le rapport demandé Logfile of HijackThis v1.99.1 Scan saved at 20:46:12, on 27/03/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\Explorer.EXE E:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ddnatgpnaufhvti.us/_JS/KBpbB_vUObNz...HxcMowpdmH.html O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing) O4 - HKLM\..\Run: [AOLSAV] E:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe O4 - HKLM\..\Run: [AOLDialer] E:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MPFExe] D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "E:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RealTray] E:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "d:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [sSC_UserPrompt] E:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [cy4S] E:\WINDOWS\oltdv.exe O4 - HKLM\..\Run: [¢‰¸K0¨4W }ïÁzî[8E:\Program Files\ISTsvc\istsvc.exe] E:\WINDOWS\oltdv.exe O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁß]§ú"ü‰üžiE:\Program Files\ISTsvc\istsvc.exe] E:\WINDOWS\oltdv.exe O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "d:\Program Files\Iomega HotBurn Pro\Autolaunch.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [eDonkey2000] "D:\Program Files\eDonkey2000\edonkey2000.exe" -t O4 - HKLM\..\Run: [MessengerPlus3] "E:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [New.net Startup] rundll32 E:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKLM\..\Run: [KINDFLAGFORGRIM] E:\Documents and Settings\All Users.WINDOWS\Application Data\ErrorMagsKindFlag\Soap Mail.exe O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ruleeggs] E:\DOCUME~1\PASCAL~1.ORD\APPLIC~1\32BAGS~1\Book Mpeg.exe O4 - HKCU\..\Run: [MessengerPlus3] "E:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [irhs] "E:\WINDOWS\RACLE~1\dvdplay.exe" -vt yax O4 - HKCU\..\Run: [Hmdk] E:\WINDOWS\system32\??stem\l?gonui.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: AOL 9.0 Icône AOL.lnk = E:\Program Files\AOL 9.0a\aoltray.exe O4 - Global Startup: AOL Compagnon.lnk = E:\Program Files\AOL Compagnon\companion.exe O4 - Global Startup: AOL Companion.lnk = ? O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Recherche AOL Toolbar - res://E:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123 O20 - Winlogon Notify: winbjt32 - E:\WINDOWS\SYSTEM32\winbjt32.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - E:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - d:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Iomega App Services - Iomega Corporation - E:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe @+

Re, ci-dessous le rapport demandé HAXFIX logfile - by Marckie -------------- 25/03/2006 10:05:43,52 checking for ps.a3d.... ps.a3d not found checking for matching notify keys.... no matching notify keys found checking for matching services.... no matching services found checking for matching safeboot services.... no matching safeboot services found @+ )

Merci Tornado ci-dessous le rapport Logfile of HijackThis v1.99.1 Scan saved at 09:53:25, on 25/03/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe E:\PROGRA~1\Iomega\System32\AppServices.exe E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe D:\Program Files\Norton AntiVirus\navapsvc.exe E:\WINDOWS\System32\nvsvc32.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\Explorer.EXE E:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe E:\Program Files\Common Files\AOL\ACS\AOLDial.exe E:\Program Files\QuickTime\qttask.exe D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe E:\Program Files\Common Files\Symantec Shared\ccApp.exe E:\Program Files\Real\RealPlayer\RealPlay.exe E:\Program Files\Java\jre1.5.0_04\bin\jusched.exe D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe D:\Program Files\Iomega HotBurn Pro\Autolaunch.exe E:\Program Files\MessengerPlus! 3\MsgPlus.exe E:\WINDOWS\System32\rundll32.exe E:\WINDOWS\System32\ctfmon.exe E:\Program Files\Messenger\msmsgs.exe E:\WINDOWS\RACLE~1\dvdplay.exe E:\WINDOWS\system32\??stem\l?gonui.exe D:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe E:\Program Files\AOL 9.0a\aoltray.exe e:\progra~1\intern~1\iexplore.exe E:\Program Files\AOL Compagnon\companion.exe E:\Program Files\MSN Messenger\msnmsgr.exe E:\Program Files\Internet Explorer\iexplore.exe E:\WINDOWS\System32\wuauclt.exe E:\Program Files\AOL 9.0a\waol.exe E:\Program Files\AOL 9.0a\shellmon.exe E:\Program Files\Common Files\Aol\aoltpspd.exe E:\Program Files\XoftSpySE\XoftSpy.exe E:\WINDOWS\TEMP\win354.tmp.exe D:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ddnatgpnaufhvti.us/_JS/KBpbB_vUObNz...HxcMowpdmH.html O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing) O4 - HKLM\..\Run: [AOLSAV] E:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe O4 - HKLM\..\Run: [AOLDialer] E:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MPFExe] D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "E:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RealTray] E:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "d:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [sSC_UserPrompt] E:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [cy4S] E:\WINDOWS\oltdv.exe O4 - HKLM\..\Run: [¢‰¸K0¨4W }ïÁzî[8E:\Program Files\ISTsvc\istsvc.exe] E:\WINDOWS\oltdv.exe O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁß]§ú"ü‰üžiE:\Program Files\ISTsvc\istsvc.exe] E:\WINDOWS\oltdv.exe O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "d:\Program Files\Iomega HotBurn Pro\Autolaunch.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [eDonkey2000] "D:\Program Files\eDonkey2000\edonkey2000.exe" -t O4 - HKLM\..\Run: [MessengerPlus3] "E:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [New.net Startup] rundll32 E:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKLM\..\Run: [KINDFLAGFORGRIM] E:\Documents and Settings\All Users.WINDOWS\Application Data\ErrorMagsKindFlag\Soap Mail.exe O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ruleeggs] E:\DOCUME~1\PASCAL~1.ORD\APPLIC~1\32BAGS~1\Book Mpeg.exe O4 - HKCU\..\Run: [MessengerPlus3] "E:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [irhs] "E:\WINDOWS\RACLE~1\dvdplay.exe" -vt yax O4 - HKCU\..\Run: [Hmdk] E:\WINDOWS\system32\??stem\l?gonui.exe O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: AOL 9.0 Icône AOL.lnk = E:\Program Files\AOL 9.0a\aoltray.exe O4 - Global Startup: AOL Compagnon.lnk = E:\Program Files\AOL Compagnon\companion.exe O4 - Global Startup: AOL Companion.lnk = ? O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Recherche AOL Toolbar - res://E:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123 O17 - HKLM\System\CCS\Services\Tcpip\..\{DCC2B50A-0267-42A9-BE57-E25E39E47F9E}: NameServer = 205.188.146.145 O20 - Winlogon Notify: winbjt32 - E:\WINDOWS\SYSTEM32\winbjt32.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - E:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Iomega App Services - Iomega Corporation - E:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe @+

Merci à toi Bibi26, Ci-dessous les rapports SmitFraudFix v2.25 Rapport fait à 8:59:48,19 le 25/03/2006 Executé à partir de E:\Documents and Settings\pascal.ORDI001\Desktop\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» Recherche E:\ »»»»»»»»»»»»»»»»»»»»»»»» Recherche E:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» Recherche E:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» Recherche E:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» Recherche E:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» Recherche E:\Documents and Settings\pascal.ORDI001\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» Recherche Favoris »»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau »»»»»»»»»»»»»»»»»»»»»»»» Recherche E:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" [HKEY_CLASSES_ROOT\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_CLASSES_ROOT\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport Logfile of HijackThis v1.99.1 Scan saved at 09:00:52, on 25/03/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\explorer.exe D:\Program Files\HijackThis\HijackThis.exe O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing) O4 - HKLM\..\Run: [AOLSAV] E:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe O4 - HKLM\..\Run: [AOLDialer] E:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MPFExe] D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "E:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RealTray] E:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "d:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [sSC_UserPrompt] E:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [cy4S] E:\WINDOWS\oltdv.exe O4 - HKLM\..\Run: [¢‰¸K0¨4W }ïÁzî[8E:\Program Files\ISTsvc\istsvc.exe] E:\WINDOWS\oltdv.exe O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁß]§ú"ü‰üžiE:\Program Files\ISTsvc\istsvc.exe] E:\WINDOWS\oltdv.exe O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "d:\Program Files\Iomega HotBurn Pro\Autolaunch.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [eDonkey2000] "D:\Program Files\eDonkey2000\edonkey2000.exe" -t O4 - HKLM\..\Run: [MessengerPlus3] "E:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [New.net Startup] rundll32 E:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKLM\..\Run: [KINDFLAGFORGRIM] E:\Documents and Settings\All Users.WINDOWS\Application Data\ErrorMagsKindFlag\Soap Mail.exe O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ruleeggs] E:\DOCUME~1\PASCAL~1.ORD\APPLIC~1\32BAGS~1\Book Mpeg.exe O4 - HKCU\..\Run: [MessengerPlus3] "E:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [irhs] "E:\WINDOWS\RACLE~1\dvdplay.exe" -vt yax O4 - HKCU\..\Run: [Hmdk] E:\WINDOWS\system32\??stem\l?gonui.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: AOL 9.0 Icône AOL.lnk = E:\Program Files\AOL 9.0a\aoltray.exe O4 - Global Startup: AOL Compagnon.lnk = E:\Program Files\AOL Compagnon\companion.exe O4 - Global Startup: AOL Companion.lnk = ? O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Recherche AOL Toolbar - res://E:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123 O20 - Winlogon Notify: winbjt32 - E:\WINDOWS\SYSTEM32\winbjt32.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - E:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Iomega App Services - Iomega Corporation - E:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe encore merci j'attends la suite à donner

Merci pour ton aide Tornado, ci-dessous le résultat SmitFraudFix v2.25 Rapport fait à 21:26:28,90 le 24/03/2006 Executé à partir de E:\Documents and Settings\pascal.ORDI001\Desktop\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» Recherche E:\ »»»»»»»»»»»»»»»»»»»»»»»» Recherche E:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» Recherche E:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» Recherche E:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» Recherche E:\WINDOWS\system32 E:\WINDOWS\system32\dfrgsrv.exe PRESENT ! E:\WINDOWS\system32\hp????.tmp PRESENT ! E:\WINDOWS\system32\ld????.tmp PRESENT ! E:\WINDOWS\system32\mssearchnet.exe PRESENT ! E:\WINDOWS\system32\msvol.tlb PRESENT ! E:\WINDOWS\system32\ncompat.tlb PRESENT ! E:\WINDOWS\system32\nvctrl.exe PRESENT ! E:\WINDOWS\system32\ot.ico PRESENT ! E:\WINDOWS\system32\ts.ico PRESENT ! E:\WINDOWS\system32\1024\ PRESENT! »»»»»»»»»»»»»»»»»»»»»»»» Recherche E:\Documents and Settings\pascal.ORDI001\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» Recherche Favoris E:\Documents and Settings\pascal.ORDI001\Favorites\Antivirus Test Online.url PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau »»»»»»»»»»»»»»»»»»»»»»»» Recherche E:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" [HKEY_CLASSES_ROOT\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_CLASSES_ROOT\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}"="Prestige Software" [HKEY_CLASSES_ROOT\CLSID\{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}\InProcServer32] @="E:\WINDOWS\System32\ginuerep.dll" [HKEY_CURRENT_USER\Software\Classes\CLSID\{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}\InProcServer32] @="E:\WINDOWS\System32\ginuerep.dll" »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport Dis moi quoi faire ensuite. Merci encore

Bonjour, Quelqu'un peut m'aider, ci-dessous mon rapport Hijackthis Merci d'avance Logfile of HijackThis v1.99.1 Scan saved at 08:10:54, on 24/03/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe E:\PROGRA~1\Iomega\System32\AppServices.exe E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe D:\Program Files\Norton AntiVirus\navapsvc.exe E:\WINDOWS\System32\nvsvc32.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\Explorer.EXE E:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe E:\Program Files\Common Files\AOL\ACS\AOLDial.exe E:\Program Files\QuickTime\qttask.exe E:\Program Files\Common Files\Symantec Shared\ccApp.exe E:\Program Files\Real\RealPlayer\RealPlay.exe E:\Program Files\Java\jre1.5.0_04\bin\jusched.exe D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe D:\Program Files\Iomega HotBurn Pro\Autolaunch.exe E:\Program Files\MessengerPlus! 3\MsgPlus.exe E:\WINDOWS\System32\rundll32.exe E:\WINDOWS\System32\ctfmon.exe E:\Program Files\Messenger\msmsgs.exe E:\Program Files\AOL 9.0a\aoltray.exe E:\Program Files\AOL Compagnon\companion.exe D:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe E:\Program Files\MSN Messenger\msnmsgr.exe E:\WINDOWS\System32\wuauclt.exe E:\Program Files\AOL 9.0a\waol.exe E:\Program Files\AOL 9.0a\shellmon.exe E:\Program Files\Common Files\Aol\aoltpspd.exe E:\WINDOWS\RACLE~1\dvdplay.exe E:\WINDOWS\system32\??stem\l?gonui.exe E:\WINDOWS\System32\nvctrl.exe E:\WINDOWS\System32\mssearchnet.exe E:\Program Files\Internet Explorer\iexplore.exe e:\progra~1\intern~1\iexplore.exe E:\Program Files\Internet Explorer\iexplore.exe E:\WINDOWS\TEMP\win354.tmp.exe D:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nubrjuupzjcxx.net/_JS/KBpbB_vUO...vHxcMowpdmH.cgi O2 - BHO: Nothing - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - E:\WINDOWS\System32\hpE594.tmp O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing) O4 - HKLM\..\Run: [AOLSAV] E:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe O4 - HKLM\..\Run: [AOLDialer] E:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MPFExe] D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "E:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RealTray] E:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "d:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [sSC_UserPrompt] E:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [cy4S] E:\WINDOWS\oltdv.exe O4 - HKLM\..\Run: [¢‰¸K0¨4W }ïÁzî[8E:\Program Files\ISTsvc\istsvc.exe] E:\WINDOWS\oltdv.exe O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁß]§ú"ü‰üžiE:\Program Files\ISTsvc\istsvc.exe] E:\WINDOWS\oltdv.exe O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "d:\Program Files\Iomega HotBurn Pro\Autolaunch.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [eDonkey2000] "D:\Program Files\eDonkey2000\edonkey2000.exe" -t O4 - HKLM\..\Run: [MessengerPlus3] "E:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [New.net Startup] rundll32 E:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKLM\..\Run: [KINDFLAGFORGRIM] E:\Documents and Settings\All Users.WINDOWS\Application Data\ErrorMagsKindFlag\Soap Mail.exe O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ruleeggs] E:\DOCUME~1\PASCAL~1.ORD\APPLIC~1\32BAGS~1\Book Mpeg.exe O4 - HKCU\..\Run: [MessengerPlus3] "E:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [irhs] "E:\WINDOWS\RACLE~1\dvdplay.exe" -vt yax O4 - HKCU\..\Run: [Hmdk] E:\WINDOWS\system32\??stem\l?gonui.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: AOL 9.0 Icône AOL.lnk = E:\Program Files\AOL 9.0a\aoltray.exe O4 - Global Startup: AOL Compagnon.lnk = E:\Program Files\AOL Compagnon\companion.exe O4 - Global Startup: AOL Companion.lnk = ? O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Recherche AOL Toolbar - res://E:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123 O17 - HKLM\System\CCS\Services\Tcpip\..\{DCC2B50A-0267-42A9-BE57-E25E39E47F9E}: NameServer = 205.188.146.145 O20 - Winlogon Notify: winbjt32 - E:\WINDOWS\SYSTEM32\winbjt32.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - E:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Iomega App Services - Iomega Corporation - E:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe