Gogéta Jr

J'ai fais ça pour toutes les connexions mais il n'y avait pas les adresse 85.255 ! Tout est sur "obtenir une adresse ip automatiquement" ! Il y en a un que je peux pas aller sur propriété il sappelle OrangeHSS ! C'est peut être à cause de ça ? voilà l'image :

ben oui je les avais tous coché après jai fixed, il faut que je le refasse ?

Voila le rapprot (par contre sa ma pas demander de redémarrer) : C:\WINDOWS\System32/drivers\adidsl.cfg -->17/03/2007 14:36:20 C:\WINDOWS\System32/drivers\avgntmgr.sys -->22/11/2006 13:30:31 C:\WINDOWS\System32/drivers\avgntdd.sys -->22/11/2006 13:30:31 C:\WINDOWS\System32/drivers\AvgAsCln.sys -->05/09/2006 17:03:16 C:\WINDOWS\System32/drivers\secdrv.sys -->16/06/2006 18:21:33 C:\WINDOWS\System32/drivers\SSHDRV85.sys -->24/07/2005 09:32:13 C:\WINDOWS\System32/drivers\sis163u.sys -->20/06/2005 10:12:00 C:\WINDOWS\System32\CONFIG.NT -->18/03/2007 10:12:53 C:\WINDOWS\System32\FNTCACHE.DAT -->17/03/2007 14:07:35 C:\WINDOWS\System32\wpa.dbl -->16/03/2007 21:01:31 C:\WINDOWS\System32\w32n50.dll -->11/03/2007 19:01:19 C:\WINDOWS\System32\pcandis5.sys -->11/03/2007 19:01:19 C:\WINDOWS\System32\tmp3970E.FOT -->15/02/2007 23:06:19 C:\WINDOWS\System32\satsukidecodersettings.ini -->26/11/2006 18:50:32 C:\WINDOWS\System32\ikhcore.log -->21/11/2006 20:48:34 C:\WINDOWS\System32\SIntfNT.dll -->02/11/2006 22:24:49 C:\WINDOWS\System32\SIntf32.dll -->02/11/2006 22:24:49 C:\WINDOWS\System32\SIntf16.dll -->02/11/2006 22:24:49 C:\WINDOWS\System32\PerfStringBackup.INI -->29/10/2006 21:31:50 C:\WINDOWS\System32\perfh00C.dat -->29/10/2006 21:31:50 C:\WINDOWS\System32\perfh009.dat -->29/10/2006 21:31:50 C:\WINDOWS\System32\perfc00C.dat -->29/10/2006 21:31:50 C:\WINDOWS\System32\perfc009.dat -->29/10/2006 21:31:50 C:\WINDOWS\System32\dtu_fr.qm -->11/07/2006 23:32:38 C:\WINDOWS\System32\zllictbl.dat -->01/07/2006 06:44:28 C:\WINDOWS\System32\$winnt$.inf -->04/05/2006 17:24:59 C:\WINDOWS\System32\nscompat.tlb -->04/05/2006 17:19:24 C:\WINDOWS\System32\amcompat.tlb -->04/05/2006 17:19:24 C:\WINDOWS\System32\WindowsLogon.manifest -->04/05/2006 17:17:28 C:\WINDOWS\System32\logonui.exe.manifest -->04/05/2006 17:17:28 C:\WINDOWS\System32\wuaucpl.cpl.manifest -->04/05/2006 17:17:18 C:\WINDOWS\System32\sapi.cpl.manifest -->04/05/2006 17:17:18 C:\WINDOWS\WindowsUpdate.log -->18/03/2007 11:28:46 C:\WINDOWS\ModemLog_Smart Link 56K Modem.txt -->18/03/2007 11:23:00 C:\WINDOWS.log -->18/03/2007 11:22:06 C:\WINDOWS\wiadebug.log -->18/03/2007 11:21:40 C:\WINDOWS\wiaservc.log -->18/03/2007 11:21:36 C:\WINDOWS\bootstat.dat -->18/03/2007 11:21:22 C:\WINDOWS\setuperr.log -->18/03/2007 10:48:18 C:\WINDOWS\setupact.log -->18/03/2007 10:48:18 C:\WINDOWS\ntbtlog.txt -->18/03/2007 10:47:28 C:\WINDOWS\setupapi.log -->18/03/2007 10:33:27 C:\WINDOWS\SchedLgU.Txt -->18/03/2007 10:13:42 C:\WINDOWS\win.ini -->17/03/2007 18:59:45 C:\WINDOWS\system.ini -->17/03/2007 18:59:45 C:\WINDOWS\system32.dll -->17/03/2007 15:33:30 C:\WINDOWS\adidsl.ini -->17/03/2007 14:36:53 C:\WINDOWS\IsUn040c.exe |09/10/2004 06:16:30 C:\WINDOWS\IsUninst.exe |20/02/2006 18:52:17 C:\WINDOWS\slrundll.exe |30/11/2004 20:22:32 C:\WINDOWS\SmCfg.exe |23/10/2005 11:49:11 C:\WINDOWS\twunk_16.exe |05/08/2004 13:00:00 C:\WINDOWS\twunk_32.exe |05/08/2004 13:00:00 C:\WINDOWS\unvise32qt.exe |14/07/2005 16:47:47 C:\WINDOWS\UnWSetup.exe |20/02/2006 18:48:55 C:\WINDOWS\iexplore.dll |04/03/2007 11:38:48 C:\WINDOWS\system32.dll |04/03/2007 11:38:04 C:\WINDOWS\twain.dll |05/08/2004 13:00:00 C:\WINDOWS\twain_32.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\append.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\debug.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\dosx.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\dvdplay.exe |23/08/2001 18:47:34 C:\WINDOWS\system32\edlin.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\exe2bin.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\fastopen.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\Hdaudpropshortcut.exe |17/03/2004 15:10:40 C:\WINDOWS\system32\hkcmd.exe |30/11/2004 20:21:10 C:\WINDOWS\system32\igfxcfg.exe |30/11/2004 20:21:10 C:\WINDOWS\system32\igfxdiag.exe |30/11/2004 20:21:10 C:\WINDOWS\system32\igfxext.exe |30/11/2004 20:21:11 C:\WINDOWS\system32\igfxtray.exe |30/11/2004 20:21:11 C:\WINDOWS\system32\igfxzoom.exe |30/11/2004 20:21:11 C:\WINDOWS\system32\ipdetect.exe |17/03/2007 14:36:09 C:\WINDOWS\system32\mem.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\minirec.exe |23/10/2005 11:49:11 C:\WINDOWS\system32\mscdexnt.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\nlsfunc.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\redir.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\setver.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\share.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\slmh.exe |23/10/2005 11:49:11 C:\WINDOWS\system32\slserv.exe |30/11/2004 20:22:32 C:\WINDOWS\system32\sstunins.exe |09/02/2006 18:21:28 C:\WINDOWS\system32\unaddrv.exe |17/03/2007 14:36:00 C:\WINDOWS\system32\unwlsdrv.exe |06/01/2005 15:04:00 C:\WINDOWS\system32\usrmlnka.exe |23/08/2001 18:47:48 C:\WINDOWS\system32\usrprbda.exe |23/08/2001 18:47:48 C:\WINDOWS\system32\usrshuta.exe |23/08/2001 18:47:48 C:\WINDOWS\system32\adadix16.dll |17/03/2007 14:36:00 C:\WINDOWS\system32\adadix2k.dll |17/03/2007 14:36:00 C:\WINDOWS\system32\adadix32.dll |17/03/2007 14:36:09 C:\WINDOWS\system32\amr_cpl.dll |23/10/2005 11:49:11 C:\WINDOWS\system32\amstream.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\atmfd.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\atmlib.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\cncs232.dll |22/03/2002 09:37:49 C:\WINDOWS\system32\CNQU70.DLL |05/06/2006 19:38:52 C:\WINDOWS\system32\coclassfast.dll |17/03/2007 14:36:00 C:\WINDOWS\system32\coinst.dll |30/11/2004 20:22:32 C:\WINDOWS\system32\compatUI.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\dgrpsetu.dll |09/10/2004 06:20:07 C:\WINDOWS\system32\dgsetup.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\divxdec_0407.dll |26/10/2004 23:38:18 C:\WINDOWS\system32\divxdec_040c.dll |26/10/2004 23:38:18 C:\WINDOWS\system32\divxdec_0411.dll |26/10/2004 23:38:18 C:\WINDOWS\system32\encdec.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\EqnClass.Dll |09/10/2004 06:20:11 C:\WINDOWS\system32\ffJmpWeb.dll |17/03/2007 14:35:34 C:\WINDOWS\system32\hccutils.dll |30/11/2004 20:21:10 C:\WINDOWS\system32\Hdaudprop.dll |17/03/2004 15:10:40 C:\WINDOWS\system32\Hdaudpropres.dll |18/03/2004 17:18:08 C:\WINDOWS\system32\hticons.dll |09/10/2004 06:20:15 C:\WINDOWS\system32\hypertrm.dll |09/10/2004 06:20:15 C:\WINDOWS\system32\iacenc.dll |20/02/2006 18:53:39 C:\WINDOWS\system32\iAlmCoIn_v3792.dll |30/11/2004 20:21:10 C:\WINDOWS\system32\ialmdd5.dll |30/11/2004 20:21:10 C:\WINDOWS\system32\ialmdev5.dll |30/11/2004 20:21:10 C:\WINDOWS\system32\ialmdnt5.dll |30/11/2004 20:21:10 C:\WINDOWS\system32\ialmgdev.dll |30/11/2004 20:21:10 C:\WINDOWS\system32\ialmgicd.dll |30/11/2004 20:21:10 C:\WINDOWS\system32\ialmrem.dll |30/11/2004 20:21:10 C:\WINDOWS\system32\ialmrnt5.dll |30/11/2004 20:21:10 C:\WINDOWS\system32\ic32.dll |18/11/2005 19:51:48 C:\WINDOWS\system32\iccvid.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\ieencode.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\igfxdev.dll |30/11/2004 20:21:10 C:\WINDOWS\system32\igfxdgps.dll |30/11/2004 20:21:10 C:\WINDOWS\system32\igfxdo.dll |30/11/2004 20:21:11 C:\WINDOWS\system32\igfxeud.dll |30/11/2004 20:21:11 C:\WINDOWS\system32\igfxexps.dll |30/11/2004 20:21:11 C:\WINDOWS\system32\igfxhk.dll |30/11/2004 20:21:11 C:\WINDOWS\system32\igfxpph.dll |30/11/2004 20:21:11 C:\WINDOWS\system32\igfxres.dll |04/05/2006 17:30:11 C:\WINDOWS\system32\igfxress.dll |30/11/2004 20:21:11 C:\WINDOWS\system32\igfxsrvc.dll |30/11/2004 20:21:11 C:\WINDOWS\system32\Inetwh32.dll |14/07/2005 16:45:28 C:\WINDOWS\system32\ir32_32.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\ir41_qc.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\ir41_qcx.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\ir50_32.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\ir50_qc.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\ir50_qcx.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\isrdbg32.dll |09/10/2004 06:20:19 C:\WINDOWS\system32\IVIresize.dll |15/09/2005 15:14:40 C:\WINDOWS\system32\IVIresizeA6.dll |15/09/2005 15:14:41 C:\WINDOWS\system32\IVIresizeM6.dll |15/09/2005 15:14:41 C:\WINDOWS\system32\IVIresizeP6.dll |15/09/2005 15:14:41 C:\WINDOWS\system32\IVIresizePX.dll |15/09/2005 15:14:41 C:\WINDOWS\system32\IVIresizeW7.dll |15/09/2005 15:14:41 C:\WINDOWS\system32\iyvu9_32.dll |20/02/2006 18:53:39 C:\WINDOWS\system32\jgaw400.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\jgdw400.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\jgmd400.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\jgpl400.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\jgsd400.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\jgsh400.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\lfbmp11n.dll |07/06/2002 01:02:00 C:\WINDOWS\system32\LFCMP11n.DLL |07/06/2002 01:02:00 C:\WINDOWS\system32\lfeps11n.dll |07/06/2002 01:02:00 C:\WINDOWS\system32\lffax11n.dll |07/06/2002 01:02:00 C:\WINDOWS\system32\lfgif11n.dll |07/06/2002 01:02:00 C:\WINDOWS\system32\lfpcd11n.dll |07/06/2002 01:02:00 C:\WINDOWS\system32\lfpcx11n.dll |07/06/2002 01:02:00 C:\WINDOWS\system32\Lfpng11n.dll |07/06/2002 01:02:00 C:\WINDOWS\system32\lfpsd11n.dll |07/06/2002 01:02:00 C:\WINDOWS\system32\lftga11n.dll |07/06/2002 01:02:00 C:\WINDOWS\system32\lftif11n.dll |07/06/2002 01:02:00 C:\WINDOWS\system32\lfwmf11n.dll |07/06/2002 01:02:00 C:\WINDOWS\system32\LTDIS11n.dll |07/06/2002 01:02:00 C:\WINDOWS\system32\ltfil11n.DLL |07/06/2002 01:02:00 C:\WINDOWS\system32\ltimg11n.dll |07/06/2002 01:02:02 C:\WINDOWS\system32\ltkrn11n.dll |07/06/2002 01:02:02 C:\WINDOWS\system32\Ltwvc11n.dll |07/06/2002 01:02:02 C:\WINDOWS\system32\mdwmdmsp.dll |23/08/2001 18:47:06 C:\WINDOWS\system32\msdmo.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\msencode.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\N067UFW.DLL |05/06/2006 19:38:52 C:\WINDOWS\system32\oemdspif.dll |30/11/2004 20:21:11 C:\WINDOWS\system32\paqsp.dll |23/08/2001 18:47:16 C:\WINDOWS\system32\PCDLIB32.DLL |07/06/2002 01:02:02 C:\WINDOWS\system32\qedwipes.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\roboex32.dll |14/07/2005 16:45:27 C:\WINDOWS\system32\s3gnb.dll |09/10/2004 06:20:45 C:\WINDOWS\system32\sbe.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\SIntf16.dll |13/07/2005 20:04:18 C:\WINDOWS\system32\SIntf32.dll |13/07/2005 20:04:18 C:\WINDOWS\system32\SIntfNT.dll |13/07/2005 20:04:18 C:\WINDOWS\system32\slbcsp.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\slbiop.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\slbrccsp.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\slextspk.dll |30/11/2004 20:22:32 C:\WINDOWS\system32\SLGen.dll |30/11/2004 20:22:32 C:\WINDOWS\system32\SLLights.dll |23/10/2005 11:49:11 C:\WINDOWS\system32\SLMOHServ.dll |23/10/2005 11:49:11 C:\WINDOWS\system32\spnike.dll |23/08/2001 18:47:18 C:\WINDOWS\system32\sprio600.dll |23/08/2001 18:47:18 C:\WINDOWS\system32\sprio800.dll |23/08/2001 18:47:18 C:\WINDOWS\system32\spxcoins.dll |04/05/2006 17:03:35 C:\WINDOWS\system32\tsd32.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\TWAIN_32.DLL |05/06/2006 19:41:32 C:\WINDOWS\system32\Tx32.dll |18/11/2005 19:51:48 C:\WINDOWS\system32\txobj32.dll |18/11/2005 19:51:48 C:\WINDOWS\system32\txtls32.dll |18/11/2005 19:51:48 C:\WINDOWS\system32\tx_htm32.dll |18/11/2005 19:51:48 C:\WINDOWS\system32\tx_rtf32.dll |18/11/2005 19:51:49 C:\WINDOWS\system32\tx_word.dll |18/11/2005 19:51:49 C:\WINDOWS\system32\UCS32P.DLL |05/06/2006 19:38:53 C:\WINDOWS\system32\UnAudioNT.dll |30/11/2004 20:21:38 C:\WINDOWS\system32\unrar.dll |20/06/2006 20:25:40 C:\WINDOWS\system32\usrcntra.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrcoina.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrdpa.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrdtea.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrfaxa.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrlbva.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrrtosa.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrsdpia.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrsvpia.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrv42a.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrv80a.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrvoica.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrvpa.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\W22MLRES.dll |30/11/2004 20:26:51 C:\WINDOWS\system32\w22NCPA.dll |30/11/2004 20:22:35 C:\WINDOWS\system32\w32n50.dll |24/04/2006 13:59:24 C:\WINDOWS\system32\win87em.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\wndtls32.dll |18/11/2005 19:51:49 C:\WINDOWS\system32\WooDial2000.dll |24/04/2006 14:17:02 C:\WINDOWS\system32\xmlparse.dll |26/03/2006 18:13:32 C:\WINDOWS\system32\xmltok.dll |26/03/2006 18:13:32 Le volume dans le lecteur C s'appelle System Le numéro de série du volume est 644E-3D88 Répertoire de C:\WINDOWS\system32 05/08/2004 13:00 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 32 623 734 784 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle System Le numéro de série du volume est 644E-3D88 Répertoire de C:\WINDOWS\Downloaded Program Files 17/03/2007 20:05 <REP> . 17/03/2007 20:05 <REP> .. 04/05/2006 17:17 65 desktop.ini 08/08/2006 11:45 576 kavwebscan.inf 30/01/2002 01:00 497 MDM.inf 05/04/2006 15:12 63 056 MusicManagerUnInstaller.exe 4 fichier(s) 64 194 octets Total des fichiers listés : 4 fichier(s) 64 194 octets 2 Rép(s) 32 623 734 784 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Liste des programmes installes 802.11 USB Wireless LAN Adapter AVG Anti-Spyware 7.5 Avira AntiVir PersonalEdition Classic CCleaner (remove only) Contrôle Parental HijackThis 2.0.0 Indeo® Software Intel® Extreme Graphics 2 Driver InterVideo WinDVD Kaspersky Online Scanner Macromedia Flash Player 8 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft Works Mozilla Firefox (1.5.0.9) Mozilla Thunderbird (1.5) MSN OmniPage SE REALTEK Gigabit and Fast Ethernet NIC Driver Réussir son Code de la Route SAGEM F@st 800-840 Smart Link 56K Modem Spybot - Search & Destroy 1.4 Throne of Darkness VIA Audio Driver Setup Program Wanadoo Wanadoo Messager WebFldrs XP Le volume dans le lecteur C s'appelle System Le numéro de série du volume est 644E-3D88 Répertoire de C:\Program Files 18/03/2007 10:32 <REP> . 18/03/2007 10:32 <REP> .. 21/02/2006 16:45 <REP> 3DO 03/05/2006 17:03 <REP> Alwil Software 17/03/2007 19:01 <REP> AntiVir PersonalEdition Classic 04/05/2006 18:25 <REP> CCleaner 23/11/2005 11:33 <REP> directx 18/03/2007 10:23 <REP> Fichiers communs 17/03/2007 14:48 <REP> Grisoft 11/05/2006 16:41 1 098 INSTALL.LOG 30/11/2004 20:21 <REP> Intel 04/05/2006 17:16 <REP> Internet Explorer 15/09/2005 15:14 <REP> InterVideo 18/03/2007 10:23 <REP> Java 20/02/2006 18:53 <REP> Ligos 02/05/2006 19:35 <REP> Messenger 09/10/2004 06:15 <REP> microsoft frontpage 09/10/2004 06:15 <REP> Microsoft Office 02/05/2006 19:35 <REP> Microsoft Works 08/03/2006 18:51 <REP> Mouse Driver 09/10/2004 06:16 <REP> Movie Maker 17/03/2007 17:35 <REP> Mozilla Firefox 17/03/2007 14:25 <REP> Mozilla Thunderbird 04/05/2006 21:06 <REP> MSN 09/10/2004 06:16 <REP> MSN Gaming Zone 02/05/2006 19:35 <REP> NetMeeting 09/10/2004 06:16 <REP> Online Services 31/01/2007 21:53 <REP> OrangeHSS 04/05/2006 17:16 <REP> Outlook Express 14/07/2005 16:46 <REP> Real 17/03/2007 14:35 <REP> SAGEM 05/06/2006 19:43 <REP> ScanSoft 11/03/2007 17:42 <REP> Securitoo 09/10/2004 06:16 <REP> Services en ligne 17/03/2007 19:48 <REP> Spybot - Search & Destroy 30/11/2004 20:22 <REP> VIAudioi 18/03/2007 11:23 <REP> Wanadoo 17/03/2007 20:49 <REP> Wanadoo Messager 04/05/2006 17:16 <REP> Windows Media Player 09/10/2004 06:16 <REP> Windows NT 09/10/2004 06:16 <REP> xerox 18/03/2007 10:32 <REP> Zone Labs 1 fichier(s) 1 098 octets 41 Rép(s) 32 636 542 976 octets libres Le volume dans le lecteur C s'appelle System Le numéro de série du volume est 644E-3D88 Répertoire de C:\Program Files\fichiers communs 18/03/2007 10:23 <REP> . 18/03/2007 10:23 <REP> .. 12/02/2006 08:33 <REP> 3DO Shared 17/03/2007 13:39 <REP> Adobe 20/11/2005 21:09 <REP> AOL 14/07/2005 16:49 <REP> aolback 02/08/2005 16:02 <REP> DirectX 11/03/2007 19:05 278 528 FDEUnInstaller.exe 31/01/2007 21:26 <REP> France Telecom 04/09/2005 08:51 <REP> InstallShield 09/10/2004 06:15 <REP> Microsoft Shared 09/10/2004 06:15 <REP> MSSoap 14/07/2005 16:47 <REP> Nullsoft 04/05/2006 17:03 <REP> ODBC 16/07/2006 11:31 <REP> Real 05/06/2006 19:44 <REP> ScanSoft Shared 09/10/2004 06:15 <REP> Services 09/10/2004 06:15 <REP> SpeechEngines 03/05/2006 16:40 <REP> Symantec Shared 04/05/2006 17:16 <REP> System 1 fichier(s) 278 528 octets 19 Rép(s) 32 636 542 976 octets libres Le volume dans le lecteur C s'appelle System Le numéro de série du volume est 644E-3D88 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 09/10/2004 06:15 <REP> . 09/10/2004 06:15 <REP> .. 18/05/2001 14:57 561 209 MSONSEXT.DLL 03/06/1999 11:09 122 937 MSOWS409.DLL 07/03/2001 06:00 127 033 MSOWS40c.DLL 3 fichier(s) 811 179 octets 2 Rép(s) 32 636 542 976 octets libres Le volume dans le lecteur C s'appelle System Le numéro de série du volume est 644E-3D88 Répertoire de C:\ 18/03/2007 12:30 68 096 diff.exe 18/03/2007 12:30 103 424 grep.exe 2 fichier(s) 171 520 octets 0 Rép(s) 32 636 542 976 octets libres c:\Documents and Settings\ELIANE\Mes documents\eliane.dumeignil\minitel.exe c:\Documents and Settings\ELIANE\Mes documents\eliane.dumeignil\patch_window_a_0_14.exe c:\Documents and Settings\NAGFREEMAN\Bureau\antivir_workstation_win7u_en_h.exe c:\Documents and Settings\NAGFREEMAN\Bureau\ATF-Cleaner.exe c:\Documents and Settings\NAGFREEMAN\Bureau\avgas-setup-7.5.0.50.exe c:\Documents and Settings\NAGFREEMAN\Bureau\Fixwareout.exe c:\Documents and Settings\NAGFREEMAN\Bureau\HiJackThis_v2.exe c:\Documents and Settings\NAGFREEMAN\Bureau\SDFix.exe c:\Documents and Settings\NAGFREEMAN\Bureau\spybotsd_includes.exe c:\Documents and Settings\NAGFREEMAN\Bureau\spybotsd14.exe c:\Documents and Settings\NAGFREEMAN\Bureau\zlsSetup_61_744_001_fr.exe c:\Documents and Settings\NAGFREEMAN\Bureau\DiagHelp\DiagHelp\catchme.exe c:\Documents and Settings\NAGFREEMAN\Bureau\DiagHelp\DiagHelp\diff.exe c:\Documents and Settings\NAGFREEMAN\Bureau\DiagHelp\DiagHelp\dumphive.exe c:\Documents and Settings\NAGFREEMAN\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\NAGFREEMAN\Bureau\DiagHelp\DiagHelp\Fport.exe c:\Documents and Settings\NAGFREEMAN\Bureau\DiagHelp\DiagHelp\grep.exe c:\Documents and Settings\NAGFREEMAN\Bureau\DiagHelp\DiagHelp\LFiles.exe c:\Documents and Settings\NAGFREEMAN\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe c:\Documents and Settings\NAGFREEMAN\Bureau\DiagHelp\DiagHelp\pslist.exe c:\Documents and Settings\NAGFREEMAN\Bureau\DiagHelp\DiagHelp\streams.exe c:\Documents and Settings\NAGFREEMAN\Bureau\DiagHelp\DiagHelp\swreg.exe c:\Documents and Settings\NAGFREEMAN\Bureau\Nouveau dossier\autoruns.exe c:\Documents and Settings\NAGFREEMAN\Bureau\Nouveau dossier\autorunsc.exe c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll c:\Documents and Settings\NAGFREEMAN\Application Data\Mozilla\Firefox\Profiles\g3uia3su.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll c:\Documents and Settings\NAGFREEMAN\Application Data\Mozilla\Firefox\Profiles\g3uia3su.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll Voilà.

Salut je UP mon topic ! J'ai nettoyer en profondeur l'ordi de mon frangin et je crois que je me suis débarrasser de tous les trojans et virus, enfin voici les nouveaux rapport : -Rapport Kaspersky C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NAGFREEMAN\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NAGFREEMAN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NAGFREEMAN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NAGFREEMAN\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NAGFREEMAN\Local Settings\Historique\History.IE5\MSHist012007031820070319\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NAGFREEMAN\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NAGFREEMAN\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NAGFREEMAN\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\System Volume Information\catalog.wci000002.ps1 L'objet est verrouillé ignoré C:\System Volume Information\catalog.wci000002.ps2 L'objet est verrouillé ignoré C:\System Volume Information\catalog.wci010002.ci L'objet est verrouillé ignoré C:\System Volume Information\catalog.wci\cicat.fid L'objet est verrouillé ignoré C:\System Volume Information\catalog.wci\cicat.hsh L'objet est verrouillé ignoré C:\System Volume Information\catalog.wci\CiCL0001.000 L'objet est verrouillé ignoré C:\System Volume Information\catalog.wci\CiP10000.000 L'objet est verrouillé ignoré C:\System Volume Information\catalog.wci\CiP20000.000 L'objet est verrouillé ignoré C:\System Volume Information\catalog.wci\CiPT0000.000 L'objet est verrouillé ignoré C:\System Volume Information\catalog.wci\CiSL0001.000 L'objet est verrouillé ignoré C:\System Volume Information\catalog.wci\CiSP0000.000 L'objet est verrouillé ignoré C:\System Volume Information\catalog.wci\CiST0000.000 L'objet est verrouillé ignoré C:\System Volume Information\catalog.wci\CiVP0000.000 L'objet est verrouillé ignoré C:\System Volume Information\catalog.wci\INDEX.000 L'objet est verrouillé ignoré C:\System Volume Information\catalog.wci\propstor.bk1 L'objet est verrouillé ignoré C:\System Volume Information\catalog.wci\propstor.bk2 L'objet est verrouillé ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP12\change.log L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\EventCache\{D17CB3E5-6236-4E92-881B-FFE88068B54D}.bin L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\EventCache\{EB0F28E9-608C-4E27-9C46-803EF3F205FE}.bin L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS\system32\config\DEFAULT.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\sam L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\security L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SOFTWARE.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SYSTEM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\Temp\Perflib_Perfdata_784.dat L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré Analyse terminée. -Rapport AVG Antispyware --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 11:14:09 18/03/2007 + Résultat de l'analyse: Rien à signaler. Fin du rapport - Rapport SDFix SDFix: Version 1.73 Run by NAGFREEMAN - 18/03/2007 - 11:15:01,60 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Entries Restoring Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found... ADS Check: C:\WINDOWS\system32 No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe:*:Enabled:Livecom" "C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe:*:Enabled:Livecom Media" "C:\\Program Files\\Livecom\\Application\\eConfv4\\livecomp.exe"="C:\\Program Files\\Livecom\\Application\\eConfv4\\livecomp.exe:*:Enabled:Livecom Player" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe:*:Enabled:Livecom" "C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe:*:Enabled:Livecom Media" Remaining Files: --------------- Checking For Files with Hidden Attributes : Finished - Rapport Clean Script execute en mode sans echec Rapport clean par Malekal_morte - http://www.malekal.com Option 2, executee le 18/03/2007 a 10:48:11,89 Microsoft Windows XP [version 5.1.2600] *** Suppression de fichiers sur C: *** Suppression des fichiers dans C:\WINDOWS\ *** Suppression des fichiers dans C:\WINDOWS\system32 *** Suppression des clefs du registre effectuee.. *** Fin du rapport ! - Rapport HijackThis Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 12:18:08, on 18/03/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Securitoo\Controle Parental\bin\optproxy.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\Wanadoo\CnxMon.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Wanadoo\EspaceWanadoo.exe C:\Program Files\Wanadoo\ComComp.exe C:\Program Files\Wanadoo\Watch.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\cidaemon.exe C:\Documents and Settings\NAGFREEMAN\Bureau\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - AutorunsDisabled - (no file) (HKCU) O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{26F11878-A177-4867-B9BE-E97C3C6985C9}: NameServer = 85.255.115.18,85.255.112.168 O17 - HKLM\System\CCS\Services\Tcpip\..\{50B47D13-3DF1-451A-8AA0-EA339D435120}: NameServer = 85.255.115.18,85.255.112.168 O17 - HKLM\System\CCS\Services\Tcpip\..\{82B3E6C6-05AA-4C5D-A0E1-27EB526665EA}: NameServer = 85.255.115.18,85.255.112.168 O17 - HKLM\System\CCS\Services\Tcpip\..\{8FE0A31B-D7E9-4664-9056-31A271A9BFA5}: NameServer = 85.255.115.18,85.255.112.168 O17 - HKLM\System\CCS\Services\Tcpip\..\{937E838A-5E83-4117-9D31-FCB62B4E9753}: NameServer = 80.10.246.1 80.10.246.132 O17 - HKLM\System\CCS\Services\Tcpip\..\{94E5BAB7-6B8F-437E-921A-B882987F074B}: NameServer = 85.255.115.18,85.255.112.168 O17 - HKLM\System\CCS\Services\Tcpip\..\{C20D9137-F161-42D4-B81A-F29B648AE0D2}: NameServer = 85.255.115.18,85.255.112.168 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.18 85.255.112.168 O17 - HKLM\System\CS1\Services\Tcpip\..\{26F11878-A177-4867-B9BE-E97C3C6985C9}: NameServer = 85.255.115.18,85.255.112.168 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.18 85.255.112.168 O17 - HKLM\System\CS2\Services\Tcpip\..\{26F11878-A177-4867-B9BE-E97C3C6985C9}: NameServer = 85.255.115.18,85.255.112.168 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.18 85.255.112.168 O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Securitoo Control Parental (OPTENET_FILTER) - Securitoo - C:\Program Files\Securitoo\Controle Parental\bin\optproxy.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Service SNMP (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe -- End of file - 6537 bytes Voilà, est-ce que c'est bon ou pas ?

Voilà sa y est jai fait ce tu avais demandé ce fut long mais c'est bon alors : - le rapport scan kapersky : C:\Documents and Settings\ELIANE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-15215cb8-4f014e23.class Infected: Trojan-Downloader.Java.OpenStream.y skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NAGFREEMAN\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NAGFREEMAN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NAGFREEMAN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NAGFREEMAN\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NAGFREEMAN\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NAGFREEMAN\Mes documents\Eliane DUMEIGNIL\videosaccess1216.exe/stream/data0001 Infected: Trojan.Win32.DNSChanger.gx skipped C:\Documents and Settings\NAGFREEMAN\Mes documents\Eliane DUMEIGNIL\videosaccess1216.exe/stream/data0002 Infected: Trojan.Win32.DNSChanger.gi skipped C:\Documents and Settings\NAGFREEMAN\Mes documents\Eliane DUMEIGNIL\videosaccess1216.exe/stream Infected: Trojan.Win32.DNSChanger.gi skipped C:\Documents and Settings\NAGFREEMAN\Mes documents\Eliane DUMEIGNIL\videosaccess1216.exe NSIS: infected - 3 skipped C:\Documents and Settings\NAGFREEMAN\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NAGFREEMAN\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped C:\System Volume Information\catalog.wci000002.ps1 Object is locked skipped C:\System Volume Information\catalog.wci000002.ps2 Object is locked skipped C:\System Volume Information\catalog.wci010002.ci Object is locked skipped C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP1\A0001017.exe Infected: Trojan-Downloader.Win32.Femad.bd skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP1\A0001164.exe Infected: Trojan-Downloader.Win32.Zlob.uz skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP10\change.log Object is locked skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0007686.exe Infected: Trojan.Win32.DNSChanger.gp skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0007688.exe Infected: not-virus:Hoax.Win32.Renos.gs skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008731.exe Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008732.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008733.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008734.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008735.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008736.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008737.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008738.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008739.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008740.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008741.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008742.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008743.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008744.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008745.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008746.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008747.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008748.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008749.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008750.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008751.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008752.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008753.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008754.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008755.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008756.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008757.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008758.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008759.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008760.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008761.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008762.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008763.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008764.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008765.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008766.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\System Volume Information\_restore{20F508DD-556D-4780-869F-D1CE4C742FF6}\RP2\A0008767.dll Infected: not-virus:Hoax.Win32.Renos.fk skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\NAG.ldb Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{D17CB3E5-6236-4E92-881B-FFE88068B54D}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{EB0F28E9-608C-4E27-9C46-803EF3F205FE}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped C:\WINDOWS\system32\config\sam Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\security Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped C:\WINDOWS\system32\erxpe.exe Infected: Trojan.Win32.DNSChanger.hd skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\mvtkj.exe Infected: Trojan.Win32.DNSChanger.hd skipped C:\WINDOWS\system32\nphaw.exe Infected: Trojan.Win32.DNSChanger.hd skipped C:\WINDOWS\system32\oleext.dll Infected: Trojan.Win32.Small.ev skipped C:\WINDOWS\system32\pcfrk.exe Infected: Trojan.Win32.DNSChanger.hd skipped C:\WINDOWS\system32\pwsur.exe Infected: Trojan.Win32.DNSChanger.hd skipped C:\WINDOWS\system32\sknzt.exe Infected: Trojan.Win32.DNSChanger.hd skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\system32\wzvld.exe Infected: Trojan.Win32.DNSChanger.hd skipped C:\WINDOWS\system32\yxxoh.exe Infected: Trojan.Win32.DNSChanger.hd skipped C:\WINDOWS\Temp\kdcvu.ren Infected: Trojan.Win32.DNSChanger.gp skipped C:\WINDOWS\Temp\Perflib_Perfdata_6c8.dat Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_7e0.dat Object is locked skipped C:\WINDOWS\Temp\ZLT01010.TMP Object is locked skipped C:\WINDOWS\Temp\ZLT01023.TMP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. -le rapport AVG AntiSpyware + Résultat de l'analyse: C:\Documents and Settings\NAGFREEMAN\Mes documents\Eliane DUMEIGNIL\wanadoo_toolbarsetup.exe/wanadoo_toolbar.dll -> Adware.BHO : Nettoyé et sauvegardé (mise en quarantaine). HKLM\SOFTWARE\Classes\EMediaCodec.Chl -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine). HKLM\SOFTWARE\Classes\EMediaCodec.Chl\CLSID -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine). Fin du rapport -le rapport SDFix SDFix: Version 1.73 Run by NAGFREEMAN - 17/03/2007 - 15:25:50,32 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Entries Restoring Default Hosts File Rebooting... Normal Mode: Checking Files: Below files will be copied to Backups folder then removed: Could Not Remove C:\WINDOWS\services.dll Could Not Remove C:\WINDOWS\services.exe ADS Check: C:\WINDOWS\system32 No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe:*:Enabled:Livecom" "C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe:*:Enabled:Livecom Media" "C:\\Program Files\\Livecom\\Application\\eConfv4\\livecomp.exe"="C:\\Program Files\\Livecom\\Application\\eConfv4\\livecomp.exe:*:Enabled:Livecom Player" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe:*:Enabled:Livecom" "C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe:*:Enabled:Livecom Media" Remaining Files: --------------- C:\WINDOWS\services.dll Found C:\WINDOWS\services.exe Found Backups Folder: - C:\SDFix\backups\backups.zip Checking For Files with Hidden Attributes : Finished -le rapport clean Script execute en mode sans echec Rapport clean par Malekal_morte - http://www.malekal.com Option 2, executee le 17/03/2007 a 15:23:44,21 Microsoft Windows XP [version 5.1.2600] *** Suppression de fichiers sur C: *** Suppression des fichiers dans C:\WINDOWS\ tentative de suppression de C:\WINDOWS\services.exe Impossible de supprimer C:\WINDOWS\services.exe *** Suppression des fichiers dans C:\WINDOWS\system32 tentative de suppression de C:\WINDOWS\system32\aswboot.exe tentative de suppression de C:\WINDOWS\services.dll Impossible de supprimer C:\WINDOWS\services.dll *** Suppression des clefs du registre effectuee.. *** Fin du rapport ! -le nouveau log hijackthis Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 17:02:59, on 17/03/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Securitoo\Controle Parental\bin\optproxy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Wanadoo\EspaceWanadoo.exe C:\Program Files\Wanadoo\ComComp.exe C:\Program Files\Wanadoo\Watch.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ScanSoft\OmniPageSE\opware32.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\Wanadoo\CnxMon.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\cidaemon.exe C:\Documents and Settings\NAGFREEMAN\Bureau\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{937E838A-5E83-4117-9D31-FCB62B4E9753}: NameServer = 80.10.246.1 80.10.246.132 O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Securitoo Control Parental (OPTENET_FILTER) - Securitoo - C:\Program Files\Securitoo\Controle Parental\bin\optproxy.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Service SNMP (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe -- End of file - 7087 bytes Voilà ! Edit : il y a personne pour m'aider ?

Merci d'avoir répondu si vite ! Alors voilà les rapports que tu m'as demandé de faire : Le rapport Fixware out : Fixwareout Last edited 2/11/2007 Post this report in the forums please ... »»»»»Prerun check HKLM\SOFTWARE\~\Winlogon\ "System"="kdcvu.exe" »»»»» System restarted »»»»» Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}A33DF4E8C3FF-8499-0F64-9DD4-E071E920{" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}F44DF5881D3E-8709-6C14-2C93-463A4A35{" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}13140609D1E1-46FA-4B34-768A-7A15BA00{" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}4FE9982F4B66-922B-3D84-6F7A-043A9AF5{" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}5DF46EA58C82-F559-9814-BC89-9F89997C{" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}28EB89EFF9E4-9249-1C44-9573-ED0E2857{" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}2CEA69C818AE-AD2B-A034-0764-FA8287E2{" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}97B26CD0F630-14FB-8E74-0C15-EDEA13B4{" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}F455C7311DC2-516A-C244-4B46-89E148D5{" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}9A6C15806A60-CDF8-ADA4-6E7A-BCC16D73{" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}AC7283792892-BD18-2514-00D1-E00BE138{" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "0mdm" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "1mdm" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "yqdm" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "2mdm" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}886809E74AC2-7D4B-2414-F04B-8A4F709A{" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}2C29594EBEE9-D16B-6E64-4590-9664B274{" Deleted .... »»»»» Misc files. C:\Documents and Settings\NAGFREEMAN\Application Data\Install.dat Deleted C:\WINDOWS\system32\{7133A1D2-6E2D-4C23-B6C9-7B804A7E3AAE}.exe Deleted C:\WINDOWS\System32\kernel32.exe Deleted .... »»»»» Checking for older varients. .... Search five digit cs, dm, kd, jb, other, files. The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection. Click browse, find the file then click submit. http://www.virustotal.com/flash/index_en.html Or http://virusscan.jotti.org/ »»»»» Other C:\WINDOWS\Temp\kdcvu.ren 63532 05/08/2004 »»»»» Current runs [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe" "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe" "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "WinFixer helper"="C:\\Program Files\\WinFixer\\wfxcwr.exe" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "Omnipage"="C:\\Program Files\\ScanSoft\\OmniPageSE\\opware32.exe" "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" "SystrayORAHSS"="\"C:\\Program Files\\OrangeHSS\\Systray\\SystrayApp.exe\"" "syswin"="C:\\WINDOWS\\system32\\v6.exe" "Install5G"="D:\\Install.exe /SI=60" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "WOOKIT"="C:\\PROGRA~1\\Wanadoo\\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=" @="" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" .... Hosts file was reset, If you use a custom hosts file please replace it »»»»» End report »»»»» Le rapport Hijackthis : Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 12:02:20, on 17/03/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Securitoo\Controle Parental\bin\optproxy.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ScanSoft\OmniPageSE\opware32.exe C:\WINDOWS\system32\v6.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\NAGFREEMAN\Bureau\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.maxpornmovies.com/ to verify your age, REQUIRED! WARNING! Adult pictures are featured in this site. Only adults permitted beyond this point! Are you at least 18 years old R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinFixer helper] C:\Program Files\WinFixer\wfxcwr.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe O4 - HKLM\..\Run: [install5G] D:\Install.exe /SI=60 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: MS_update_0612_KB74062.exe O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Securitoo Control Parental (OPTENET_FILTER) - Securitoo - C:\Program Files\Securitoo\Controle Parental\bin\optproxy.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Service SNMP (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Unknown owner - C:\Program Files\Inventel\Gateway\wlancfg.exe (file missing) O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe -- End of file - 7029 bytes Voilà qu'est-ce que je dois faire pour désintégrer ce Trojan ? Merci de ton aide. PS: je lui dirais de faire attention quand il surfe sur le net ! Depuis qu'il a 18 ans il se croit tout permis .

Salut à tous ! Alors voilà le PC de mon frère est infesté par le trojan Win32:Small-gen2[trj] ! Il m'a demandé de le supprimer (c'est moi qui doit soigner son PC) mais je n'y arrive pas (les petits spyware j'y arrive mais pas ce trojan) alors j'ai télécharger HijackThis et fais un scan de son système, voici le log : Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 11:22:31, on 17/03/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Securitoo\Controle Parental\bin\optproxy.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ScanSoft\OmniPageSE\opware32.exe C:\WINDOWS\system32\v6.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\cidaemon.exe C:\Documents and Settings\NAGFREEMAN\Bureau\HiJackThis_v2.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.maxpornmovies.com/ to verify your age, REQUIRED! WARNING! Adult pictures are featured in this site. Only adults permitted beyond this point! Are you at least 18 years old R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinFixer helper] C:\Program Files\WinFixer\wfxcwr.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe O4 - HKLM\..\Run: [install5G] D:\Install.exe /SI=60 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: MS_update_0612_KB74062.exe O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{26F11878-A177-4867-B9BE-E97C3C6985C9}: NameServer = 85.255.115.18,85.255.112.168 O17 - HKLM\System\CCS\Services\Tcpip\..\{50B47D13-3DF1-451A-8AA0-EA339D435120}: NameServer = 85.255.115.18,85.255.112.168 O17 - HKLM\System\CCS\Services\Tcpip\..\{82B3E6C6-05AA-4C5D-A0E1-27EB526665EA}: NameServer = 85.255.115.18,85.255.112.168 O17 - HKLM\System\CCS\Services\Tcpip\..\{8FE0A31B-D7E9-4664-9056-31A271A9BFA5}: NameServer = 85.255.115.18,85.255.112.168 O17 - HKLM\System\CCS\Services\Tcpip\..\{94E5BAB7-6B8F-437E-921A-B882987F074B}: NameServer = 85.255.115.18,85.255.112.168 O17 - HKLM\System\CCS\Services\Tcpip\..\{C20D9137-F161-42D4-B81A-F29B648AE0D2}: NameServer = 85.255.115.18,85.255.112.168 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.18 85.255.112.168 O17 - HKLM\System\CS1\Services\Tcpip\..\{26F11878-A177-4867-B9BE-E97C3C6985C9}: NameServer = 85.255.115.18,85.255.112.168 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.18 85.255.112.168 O17 - HKLM\System\CS2\Services\Tcpip\..\{26F11878-A177-4867-B9BE-E97C3C6985C9}: NameServer = 85.255.115.18,85.255.112.168 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.18 85.255.112.168 O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Securitoo Control Parental (OPTENET_FILTER) - Securitoo - C:\Program Files\Securitoo\Controle Parental\bin\optproxy.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Service SNMP (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Unknown owner - C:\Program Files\Inventel\Gateway\wlancfg.exe (file missing) O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe -- End of file - 8555 bytes Voilà si un expert en Hijacthis pouvais nous aider ce serait cool de sa part ! Thank You !