jcarre

bonjour Stoneangel ! voici d'abord le rapport hijackthis : Logfile of HijackThis v1.99.1 Scan saved at 08:09:21, on 25/12/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\HPConfig.exe C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\System32\carpserv.exe C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe C:\PROGRA~1\MESSAG~1\Demon.exe C:\PROGRA~1\Wanadoo\CnxMon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\wlancfg.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe et puis voici maintenant le rapport spysweeper : ******** 23:45: | Début de session, samedi 24 décembre 2005 | 23:45: Spy Sweeper démarrée 23:45: Analyse lancée avec la version des définitions 589 23:45: Démarrage de l’analyse de la mémoire 23:50: Analyse de la mémoire terminée, temps passé : 00:04:14 23:50: Démarrage de l’analyse du Registre 23:50: Trouvé Adware: hotbar 23:50: HKCR\appid\weatherontray.exe\ (1 traces secondaires) (ID = 127217) 23:50: HKCR\appid\{0507fdde-f3b7-49f5-9e8f-c557e991f39b}\ (1 traces secondaires) (ID = 127218) 23:50: HKCR\clsid\{0ab71193-ec19-4d70-85c2-e46e2ff02755}\ (20 traces secondaires) (ID = 127227) 23:50: HKCR\clsid\{0774f696-d801-4c18-81a7-a3a32b8bef19}\ (10 traces secondaires) (ID = 127230) 23:50: HKCR\clsid\{1e0004ec-5df0-48c7-a8f0-fbb0488a3d94}\ (11 traces secondaires) (ID = 127231) 23:50: HKCR\clsid\{1e6ac766-9094-4bcf-abd3-39e2eaea5fcd}\ (18 traces secondaires) (ID = 127232) 23:50: HKCR\clsid\{2a8a997f-bb9f-48f6-aa2b-2762d50f9289}\ (10 traces secondaires) (ID = 127233) 23:50: HKCR\clsid\{3fa917b9-df69-477f-9e4f-b60d929de79f}\ (23 traces secondaires) (ID = 127235) 23:50: HKCR\clsid\{7e66936c-fea0-4984-ad26-7b6661ac5b2e}\ (26 traces secondaires) (ID = 127239) 23:50: HKCR\clsid\{8c875948-9c60-4381-9248-0df180542d53}\ (11 traces secondaires) (ID = 127241) 23:50: HKCR\clsid\{31a59636-0fa3-4a56-954d-db7ad02840d8}\ (14 traces secondaires) (ID = 127242) 23:50: HKCR\clsid\{40d8240a-e3a0-4d59-ac55-0443120188d1}\ (11 traces secondaires) (ID = 127244) 23:50: HKCR\clsid\{66b90adb-0be3-40ae-8680-84a6f0577ca0}\ (17 traces secondaires) (ID = 127246) 23:50: HKCR\clsid\{74cc49f7-eb32-4a08-b204-948962a6e3db}\ (11 traces secondaires) (ID = 127248) 23:50: HKCR\clsid\{454b4812-e572-4703-a1bb-63490809eac0}\ (11 traces secondaires) (ID = 127252) 23:50: HKCR\clsid\{580a1f3f-89b4-433b-bbdb-b97aeb13f3fc}\ (11 traces secondaires) (ID = 127253) 23:50: HKCR\clsid\{2178c864-b8bc-41ae-a1fb-eb6a32f87eb1}\ (12 traces secondaires) (ID = 127255) 23:50: HKCR\clsid\{354382db-df55-4da9-85a3-41696a0f510f}\ (11 traces secondaires) (ID = 127260) 23:50: HKCR\clsid\{a14c0d8d-e753-4e73-9e2b-4070791d8940}\ (10 traces secondaires) (ID = 127261) 23:50: HKCR\clsid\{a798e2b4-b6a0-4b96-8c53-8ec7a3b0895a}\ (16 traces secondaires) (ID = 127262) 23:50: HKCR\clsid\{c2baa4c9-ae1e-4605-ae2f-a1c49a30d881}\ (11 traces secondaires) (ID = 127267) 23:50: HKCR\clsid\{fa16bce1-5e36-472a-8466-e0cdd5ce00e6}\ (10 traces secondaires) (ID = 127272) 23:50: HKCR\hbcoresrv.dynamicprop.1\ (3 traces secondaires) (ID = 127276) 23:50: HKCR\hbcoresrv.dynamicprop\ (5 traces secondaires) (ID = 127277) 23:50: HKCR\hbtcoresrv.hbtcoreservices.1\ (3 traces secondaires) (ID = 127291) 23:50: HKCR\hbtcoresrv.hbtcoreservices\ (5 traces secondaires) (ID = 127292) 23:50: HKCR\hbtcoresrv.lfgax.1\ (3 traces secondaires) (ID = 127293) 23:50: HKCR\hbtcoresrv.lfgax\ (5 traces secondaires) (ID = 127294) 23:50: HKCR\hbthostie.bho.1\ (3 traces secondaires) (ID = 127295) 23:50: HKCR\hbthostie.bho\ (5 traces secondaires) (ID = 127296) 23:50: HKCR\hbthostol.hbtmailanim.1\ (3 traces secondaires) (ID = 127297) 23:50: HKCR\hbthostol.hbtmailanim\ (5 traces secondaires) (ID = 127298) 23:50: HKCR\hbthostol.hbtwebmailsend.1\ (3 traces secondaires) (ID = 127299) 23:50: HKCR\hbthostol.hbtwebmailsend\ (5 traces secondaires) (ID = 127300) 23:50: HKCR\hbtinstie.hbinstobj.1\ (3 traces secondaires) (ID = 127301) 23:50: HKCR\hbtinstie.hbinstobj\ (5 traces secondaires) (ID = 127302) 23:50: HKCR\hbtools.hbtcommband.1\ (3 traces secondaires) (ID = 127306) 23:50: HKCR\hbtools.hbtcommband\ (5 traces secondaires) (ID = 127307) 23:50: HKCR\hbtools.hbttravelcomparebar.1\ (3 traces secondaires) (ID = 127308) 23:50: HKCR\hbtools.hbttravelcomparebar\ (5 traces secondaires) (ID = 127309) 23:50: HKCR\hbtsrv.hbtcoreservices.1\ (3 traces secondaires) (ID = 127310) 23:50: HKCR\hbtsrv.hbtcoreservices\ (5 traces secondaires) (ID = 127311) 23:50: HKCR\hbttoolbar.hbthtmlmenuui.1\ (3 traces secondaires) (ID = 127312) 23:50: HKCR\hbttoolbar.hbthtmlmenuui\ (5 traces secondaires) (ID = 127313) 23:50: HKCR\hbttoolbar.hbttoolbarctl.1\ (3 traces secondaires) (ID = 127314) 23:50: HKCR\hbttoolbar.hbttoolbarctl\ (5 traces secondaires) (ID = 127315) 23:50: HKCR\hbttools.hbmain.1\ (3 traces secondaires) (ID = 127316) 23:50: HKCR\hbttools.hbmain\ (5 traces secondaires) (ID = 127317) 23:50: HKCR\interface\{3f04cbf7-cd62-4403-b090-b432dedcb159}\ (8 traces secondaires) (ID = 127325) 23:50: HKCR\interface\{34f4d917-31e4-464c-b8b3-84c1ce76b395}\ (8 traces secondaires) (ID = 127334) 23:50: HKCR\interface\{8578d35e-c6c0-4808-9a80-0f6c29a2c423}\ (8 traces secondaires) (ID = 127339) 23:50: HKCR\interface\{bc190da5-0187-4d99-b3ac-6c45ea1b9324}\ (8 traces secondaires) (ID = 127353) 23:50: HKCR\rprtspsclient.psexecuter.1\ (3 traces secondaires) (ID = 127362) 23:50: HKCR\rprtspsclient.psexecuter\ (5 traces secondaires) (ID = 127363) 23:50: HKCR\shprrprts.hbax.1\ (3 traces secondaires) (ID = 127365) 23:50: HKCR\shprrprts.hbax\ (5 traces secondaires) (ID = 127366) 23:50: HKCR\shprrprts.hbcommband.1\ (3 traces secondaires) (ID = 127367) 23:50: HKCR\shprrprts.hbcommband\ (5 traces secondaires) (ID = 127368) 23:50: HKCR\shprrprts.hbinfoband.1\ (3 traces secondaires) (ID = 127369) 23:50: HKCR\shprrprts.hbinfoband\ (5 traces secondaires) (ID = 127370) 23:50: HKCR\shprrprts.iebutton.1\ (3 traces secondaires) (ID = 127371) 23:50: HKCR\shprrprts.iebutton\ (5 traces secondaires) (ID = 127372) 23:50: HKCR\shprrprts.iebuttona.1\ (3 traces secondaires) (ID = 127373) 23:50: HKCR\shprrprts.iebuttona\ (5 traces secondaires) (ID = 127374) 23:50: HKCR\shprrprts.smrtshprctl.1\ (3 traces secondaires) (ID = 127375) 23:50: HKCR\shprrprts.smrtshprctl\ (5 traces secondaires) (ID = 127376) 23:50: HKLM\software\classes\appid\weatherontray.exe\ (1 traces secondaires) (ID = 127380) 23:50: HKLM\software\classes\appid\{0507fdde-f3b7-49f5-9e8f-c557e991f39b}\ (1 traces secondaires) (ID = 127381) 23:50: HKLM\software\classes\clsid\{0ab71193-ec19-4d70-85c2-e46e2ff02755}\ (20 traces secondaires) (ID = 127393) 23:50: HKLM\software\classes\clsid\{0774f696-d801-4c18-81a7-a3a32b8bef19}\ (10 traces secondaires) (ID = 127395) 23:50: HKLM\software\classes\clsid\{1e0004ec-5df0-48c7-a8f0-fbb0488a3d94}\ (11 traces secondaires) (ID = 127396) 23:50: HKLM\software\classes\clsid\{1e6ac766-9094-4bcf-abd3-39e2eaea5fcd}\ (18 traces secondaires) (ID = 127397) 23:50: HKLM\software\classes\clsid\{2a8a997f-bb9f-48f6-aa2b-2762d50f9289}\ (10 traces secondaires) (ID = 127398) 23:50: HKLM\software\classes\clsid\{3fa917b9-df69-477f-9e4f-b60d929de79f}\ (23 traces secondaires) (ID = 127399) 23:50: HKLM\software\classes\clsid\{7e66936c-fea0-4984-ad26-7b6661ac5b2e}\ (26 traces secondaires) (ID = 127402) 23:50: HKLM\software\classes\clsid\{8c875948-9c60-4381-9248-0df180542d53}\ (11 traces secondaires) (ID = 127404) 23:50: HKLM\software\classes\clsid\{31a59636-0fa3-4a56-954d-db7ad02840d8}\ (14 traces secondaires) (ID = 127405) 23:50: HKLM\software\classes\clsid\{40d8240a-e3a0-4d59-ac55-0443120188d1}\ (11 traces secondaires) (ID = 127407) 23:50: HKLM\software\classes\clsid\{66b90adb-0be3-40ae-8680-84a6f0577ca0}\ (17 traces secondaires) (ID = 127409) 23:50: HKLM\software\classes\clsid\{74cc49f7-eb32-4a08-b204-948962a6e3db}\ (11 traces secondaires) (ID = 127411) 23:50: HKLM\software\classes\clsid\{454b4812-e572-4703-a1bb-63490809eac0}\ (11 traces secondaires) (ID = 127415) 23:50: HKLM\software\classes\clsid\{460ac4db-b0de-4626-a0f0-175dd84dcb9b}\ (2 traces secondaires) (ID = 127416) 23:50: HKLM\software\classes\clsid\{580a1f3f-89b4-433b-bbdb-b97aeb13f3fc}\ (11 traces secondaires) (ID = 127417) 23:50: HKLM\software\classes\clsid\{2178c864-b8bc-41ae-a1fb-eb6a32f87eb1}\ (12 traces secondaires) (ID = 127419) 23:50: HKLM\software\classes\clsid\{a14c0d8d-e753-4e73-9e2b-4070791d8940}\ (10 traces secondaires) (ID = 127425) 23:50: HKLM\software\classes\clsid\{a798e2b4-b6a0-4b96-8c53-8ec7a3b0895a}\ (16 traces secondaires) (ID = 127426) 23:50: HKLM\software\classes\clsid\{c2baa4c9-ae1e-4605-ae2f-a1c49a30d881}\ (11 traces secondaires) (ID = 127431) 23:50: HKLM\software\classes\clsid\{ed8525ea-2bfc-4440-bd8a-20efb9d5e541}\ (11 traces secondaires) (ID = 127436) 23:50: HKLM\software\classes\clsid\{fa16bce1-5e36-472a-8466-e0cdd5ce00e6}\ (10 traces secondaires) (ID = 127437) 23:50: HKLM\software\classes\hbcoresrv.dynamicprop\ (5 traces secondaires) (ID = 127441) 23:50: HKLM\software\classes\hbtcoresrv.hbtcoreservices.1\ (3 traces secondaires) (ID = 127457) 23:50: HKLM\software\classes\hbtcoresrv.hbtcoreservices\ (5 traces secondaires) (ID = 127458) 23:50: HKLM\software\classes\hbtcoresrv.lfgax.1\ (3 traces secondaires) (ID = 127459) 23:50: HKLM\software\classes\hbtcoresrv.lfgax\ (5 traces secondaires) (ID = 127460) 23:50: HKLM\software\classes\hbthostie.bho.1\ (3 traces secondaires) (ID = 127461) 23:50: HKLM\software\classes\hbthostie.bho\ (5 traces secondaires) (ID = 127462) 23:50: HKLM\software\classes\hbthostol.hbtmailanim.1\ (3 traces secondaires) (ID = 127463) 23:50: HKLM\software\classes\hbthostol.hbtmailanim\ (5 traces secondaires) (ID = 127464) 23:50: HKLM\software\classes\hbthostol.hbtwebmailsend.1\ (3 traces secondaires) (ID = 127465) 23:50: HKLM\software\classes\hbthostol.hbtwebmailsend\ (5 traces secondaires) (ID = 127466) 23:50: HKLM\software\classes\hbtinstie.hbinstobj.1\ (3 traces secondaires) (ID = 127467) 23:50: HKLM\software\classes\hbtinstie.hbinstobj\ (5 traces secondaires) (ID = 127468) 23:50: HKLM\software\classes\hbtools.hbtcommband.1\ (3 traces secondaires) (ID = 127472) 23:50: HKLM\software\classes\hbtools.hbtcommband\ (5 traces secondaires) (ID = 127473) 23:50: HKLM\software\classes\hbtools.hbttravelcomparebar.1\ (3 traces secondaires) (ID = 127474) 23:50: HKLM\software\classes\hbtools.hbttravelcomparebar\ (5 traces secondaires) (ID = 127475) 23:50: HKLM\software\classes\hbtsrv.hbtcoreservices.1\ (3 traces secondaires) (ID = 127476) 23:50: HKLM\software\classes\hbtsrv.hbtcoreservices\ (5 traces secondaires) (ID = 127477) 23:50: HKLM\software\classes\hbttoolbar.hbthtmlmenuui.1\ (3 traces secondaires) (ID = 127478) 23:50: HKLM\software\classes\hbttoolbar.hbthtmlmenuui\ (5 traces secondaires) (ID = 127479) 23:50: HKLM\software\classes\hbttoolbar.hbttoolbarctl.1\ (3 traces secondaires) (ID = 127480) 23:50: HKLM\software\classes\hbttoolbar.hbttoolbarctl\ (5 traces secondaires) (ID = 127481) 23:50: HKLM\software\classes\hbttools.hbmain.1\ (3 traces secondaires) (ID = 127482) 23:50: HKLM\software\classes\hbttools.hbmain\ (5 traces secondaires) (ID = 127483) 23:50: HKLM\software\classes\interface\{3f04cbf7-cd62-4403-b090-b432dedcb159}\ (8 traces secondaires) (ID = 127490) 23:50: HKLM\software\classes\interface\{34f4d917-31e4-464c-b8b3-84c1ce76b395}\ (8 traces secondaires) (ID = 127499) 23:50: HKLM\software\classes\interface\{8578d35e-c6c0-4808-9a80-0f6c29a2c423}\ (8 traces secondaires) (ID = 127503) 23:50: HKLM\software\classes\interface\{bc190da5-0187-4d99-b3ac-6c45ea1b9324}\ (8 traces secondaires) (ID = 127514) 23:50: HKLM\software\classes\rprtspsclient.psexecuter.1\ (3 traces secondaires) (ID = 127521) 23:50: HKLM\software\classes\rprtspsclient.psexecuter\ (5 traces secondaires) (ID = 127522) 23:50: HKLM\software\classes\shprrprts.hbax.1\ (3 traces secondaires) (ID = 127524) 23:50: HKLM\software\classes\shprrprts.hbax\ (5 traces secondaires) (ID = 127525) 23:50: HKLM\software\classes\shprrprts.hbcommband.1\ (3 traces secondaires) (ID = 127526) 23:50: HKLM\software\classes\shprrprts.hbcommband\ (5 traces secondaires) (ID = 127527) 23:50: HKLM\software\classes\shprrprts.hbinfoband.1\ (3 traces secondaires) (ID = 127528) 23:50: HKLM\software\classes\shprrprts.hbinfoband\ (5 traces secondaires) (ID = 127529) 23:50: HKLM\software\classes\shprrprts.iebutton.1\ (3 traces secondaires) (ID = 127530) 23:50: HKLM\software\classes\shprrprts.iebutton\ (5 traces secondaires) (ID = 127531) 23:50: HKLM\software\classes\shprrprts.iebuttona.1\ (3 traces secondaires) (ID = 127532) 23:50: HKLM\software\classes\shprrprts.iebuttona\ (5 traces secondaires) (ID = 127533) 23:50: HKLM\software\classes\shprrprts.smrtshprctl.1\ (3 traces secondaires) (ID = 127534) 23:50: HKLM\software\classes\shprrprts.smrtshprctl\ (5 traces secondaires) (ID = 127535) 23:50: HKLM\software\classes\typelib\{4cf5a3c1-07a2-4336-9b54-6870452ebde1}\ (9 traces secondaires) (ID = 127537) 23:50: HKLM\software\classes\typelib\{71e9cf40-af72-4b55-bd3f-1fea2a0eaea6}\ (9 traces secondaires) (ID = 127542) 23:50: HKLM\software\classes\typelib\{71efe583-62fe-4419-9918-ca3b683f7b36}\ (9 traces secondaires) (ID = 127543) 23:50: HKLM\software\classes\typelib\{793af621-5cd0-4b92-b765-6712f6aaf48e}\ (9 traces secondaires) (ID = 127545) 23:50: HKLM\software\classes\typelib\{842d315a-7e1e-448b-96e8-9e76d1820be2}\ (9 traces secondaires) (ID = 127546) 23:50: HKLM\software\classes\typelib\{9967a873-40f3-4c7e-9239-6c8760f19f61}\ (9 traces secondaires) (ID = 127547) 23:50: HKLM\software\classes\typelib\{45397063-d7d0-47c2-9508-26487608a298}\ (9 traces secondaires) (ID = 127549) 23:50: HKLM\software\classes\typelib\{b9f51d42-cca0-4408-bb02-d433d1865a3a}\ (9 traces secondaires) (ID = 127552) 23:50: HKLM\software\classes\typelib\{b5901229-25cc-43c9-b604-3bb6ac2b48a5}\ (9 traces secondaires) (ID = 127555) 23:50: HKLM\software\classes\typelib\{c83daed4-0611-4f7a-978e-7feafcb2f91b}\ (9 traces secondaires) (ID = 127557) 23:50: HKLM\software\classes\typelib\{f8ee014f-b34c-4544-8e45-95a7971d323b}\ (9 traces secondaires) (ID = 127558) 23:50: HKLM\software\classes\wallpaper.wallpapermanager\ (5 traces secondaires) (ID = 127559) 23:50: HKLM\software\hbtools\ (65 traces secondaires) (ID = 127564) 23:50: HKLM\software\microsoft\internet explorer\explorer bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e}\ (1 traces secondaires) (ID = 127569) 23:50: HKLM\software\microsoft\internet explorer\extensions\{946b3e9e-e21a-49c8-9f63-900533fafe14}\ (6 traces secondaires) (ID = 127577) 23:50: HKLM\software\microsoft\internet explorer\extensions\{946b3e9e-e21a-49c8-9f63-900533fafe14}\ || buttontext (ID = 127578) 23:50: HKLM\software\microsoft\internet explorer\extensions\{946b3e9e-e21a-49c8-9f63-900533fafe14}\ || default visible (ID = 127579) 23:50: HKLM\software\microsoft\internet explorer\extensions\{946b3e9e-e21a-49c8-9f63-900533fafe14}\ || hoticon (ID = 127580) 23:50: HKLM\software\microsoft\internet explorer\extensions\{946b3e9e-e21a-49c8-9f63-900533fafe14}\ || icon (ID = 127581) 23:50: HKLM\software\microsoft\internet explorer\toolbar\ || {74cc49f7-eb32-4a08-b204-948962a6e3db} (ID = 127583) 23:50: HKLM\software\microsoft\office\outlook\addins\hbthostol.hbtmailanim\ (4 traces secondaires) (ID = 127590) 23:50: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{2a8a997f-bb9f-48f6-aa2b-2762d50f9289}\ (1 traces secondaires) (ID = 127592) 23:50: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{74cc49f7-eb32-4a08-b204-948962a6e3db}\ (1 traces secondaires) (ID = 127593) 23:50: HKLM\software\microsoft\windows\currentversion\run\ || hbtools (ID = 127613) 23:50: HKLM\software\microsoft\windows\currentversion\run\ || weatherontray (ID = 127617) 23:50: HKLM\software\microsoft\windows\currentversion\uninstall\hbtoolsoutlooktools\ (3 traces secondaires) (ID = 127618) 23:50: HKLM\software\microsoft\windows\currentversion\uninstall\hbtoolswebtools\ (3 traces secondaires) (ID = 127619) 23:50: HKLM\software\shopperreports\ (24 traces secondaires) (ID = 127632) 23:50: HKCR\typelib\{4cf5a3c1-07a2-4336-9b54-6870452ebde1}\ (9 traces secondaires) (ID = 127635) 23:50: HKCR\typelib\{71e9cf40-af72-4b55-bd3f-1fea2a0eaea6}\ (9 traces secondaires) (ID = 127640) 23:50: HKCR\typelib\{71efe583-62fe-4419-9918-ca3b683f7b36}\ (9 traces secondaires) (ID = 127641) 23:50: HKCR\typelib\{793af621-5cd0-4b92-b765-6712f6aaf48e}\ (9 traces secondaires) (ID = 127643) 23:50: HKCR\typelib\{842d315a-7e1e-448b-96e8-9e76d1820be2}\ (9 traces secondaires) (ID = 127644) 23:50: HKCR\typelib\{9967a873-40f3-4c7e-9239-6c8760f19f61}\ (9 traces secondaires) (ID = 127645) 23:50: HKCR\typelib\{45397063-d7d0-47c2-9508-26487608a298}\ (9 traces secondaires) (ID = 127647) 23:50: HKCR\typelib\{b9f51d42-cca0-4408-bb02-d433d1865a3a}\ (9 traces secondaires) (ID = 127651) 23:50: HKCR\typelib\{b5901229-25cc-43c9-b604-3bb6ac2b48a5}\ (9 traces secondaires) (ID = 127654) 23:50: HKCR\typelib\{c83daed4-0611-4f7a-978e-7feafcb2f91b}\ (9 traces secondaires) (ID = 127656) 23:50: HKCR\typelib\{f8ee014f-b34c-4544-8e45-95a7971d323b}\ (9 traces secondaires) (ID = 127657) 23:50: HKCR\wallpaper.wallpapermanager.1\ (3 traces secondaires) (ID = 127658) 23:50: HKCR\wallpaper.wallpapermanager\ (5 traces secondaires) (ID = 127659) 23:50: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/hbinstie.dll\ (2 traces secondaires) (ID = 484423) 23:50: Trouvé Adware: winantispyware 2005 23:50: HKCR\checkproduct2.checkproduct\ (5 traces secondaires) (ID = 527503) 23:50: HKCR\checkproduct2.checkproduct.1\ (3 traces secondaires) (ID = 527509) 23:50: HKCR\appid\checkproduct2.dll\ (1 traces secondaires) (ID = 527632) 23:50: HKCR\appid\{8c65aef6-e413-4314-815b-82717a3f1603}\ (1 traces secondaires) (ID = 527648) 23:50: HKCR\clsid\{c427b3e3-28dc-4001-9590-d99b6776119b}\ (15 traces secondaires) (ID = 527829) 23:50: HKCR\interface\{4f79d1c5-24f9-4e59-8022-604d4b41d5ca}\ (8 traces secondaires) (ID = 527937) 23:50: HKCR\typelib\{30ed49a5-ca6c-4918-b5f3-5e6818c91d8b}\ (9 traces secondaires) (ID = 528091) 23:50: HKLM\software\classes\checkproduct2.checkproduct\ (5 traces secondaires) (ID = 528199) 23:50: HKLM\software\classes\checkproduct2.checkproduct.1\ (3 traces secondaires) (ID = 528205) 23:50: HKLM\software\classes\appid\checkproduct2.dll\ (1 traces secondaires) (ID = 528341) 23:50: HKLM\software\classes\appid\{8c65aef6-e413-4314-815b-82717a3f1603}\ (1 traces secondaires) (ID = 528357) 23:50: HKLM\software\classes\clsid\{c427b3e3-28dc-4001-9590-d99b6776119b}\ (15 traces secondaires) (ID = 528538) 23:50: HKLM\software\classes\typelib\{30ed49a5-ca6c-4918-b5f3-5e6818c91d8b}\ (9 traces secondaires) (ID = 528800) 23:50: HKLM\software\classes\appid\{8c65aef6-e413-4314-815b-82717a3f1603}\ (1 traces secondaires) (ID = 543259) 23:50: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\hbinstie.dll (ID = 655022) 23:50: HKCR\clsid\{420c35c9-e4f2-49f9-bf67-2be1ecf86989}\ (11 traces secondaires) (ID = 774202) 23:50: HKCR\interface\{023a4648-601a-4c30-8a2e-c72ebfa99af6}\ (8 traces secondaires) (ID = 774214) 23:50: HKCR\interface\{175816a5-219e-4079-b2f9-53c501c409ba}\ (8 traces secondaires) (ID = 774223) 23:50: HKCR\interface\{19ebcbe0-9245-4397-bc5d-883d34782043}\ (8 traces secondaires) (ID = 774232) 23:50: HKCR\interface\{1c1793e0-1034-4cac-837d-aa545f6961bf}\ (8 traces secondaires) (ID = 774241) 23:50: HKCR\interface\{1e07646f-07c4-4847-a250-0ec8114f2963}\ (8 traces secondaires) (ID = 774250) 23:50: HKCR\interface\{27c4569f-8728-4958-a920-a607cae8153c}\ (8 traces secondaires) (ID = 774259) 23:50: HKCR\interface\{38370864-346f-4afa-8c4b-4fbff518c0bb}\ (8 traces secondaires) (ID = 774268) 23:50: HKCR\interface\{397a208b-3d09-4b3e-93e8-ca171886612e}\ (8 traces secondaires) (ID = 774277) 23:50: HKCR\interface\{421745e9-16df-4ee4-a758-d51f939c49cb}\ (8 traces secondaires) (ID = 774286) 23:50: HKCR\interface\{4331ec56-0aab-499e-8757-dd2ee44ad671}\ (8 traces secondaires) (ID = 774295) 23:50: HKCR\interface\{54286c3a-e044-4e65-bd44-528d6ae28a18}\ (8 traces secondaires) (ID = 774304) 23:50: HKCR\interface\{5d9c84e7-fa45-49e2-a0b8-b6b5e9a4f6be}\ (8 traces secondaires) (ID = 774322) 23:50: HKCR\interface\{5f2b9de7-f878-4762-8cfe-e9c58f082f0e}\ (8 traces secondaires) (ID = 774331) 23:50: HKCR\interface\{8654592e-952a-4e7c-a960-304763b35fa6}\ (8 traces secondaires) (ID = 774349) 23:50: HKCR\interface\{8a61a950-c325-4f44-ba64-273180ff3464}\ (8 traces secondaires) (ID = 774358) 23:50: HKCR\interface\{8d5c4ec6-af8e-4b85-ba27-64babe410510}\ (8 traces secondaires) (ID = 774367) 23:50: HKCR\interface\{8e98faf8-794f-47f9-af90-15305564ed81}\ (8 traces secondaires) (ID = 774376) 23:50: HKCR\interface\{af15975b-1498-4740-8e6c-90af78e4198c}\ (8 traces secondaires) (ID = 774385) 23:50: HKCR\interface\{b53d4cd4-406d-43cc-8244-7893d72236dd}\ (8 traces secondaires) (ID = 774394) 23:50: HKCR\interface\{b671426c-5c1a-48ac-9652-bc9402b1c404}\ (8 traces secondaires) (ID = 774403) 23:50: HKCR\interface\{b9bb3219-f84c-4060-966b-4a1e73e24226}\ (8 traces secondaires) (ID = 774412) 23:50: HKCR\interface\{bc8c2e5f-d8b4-4997-bce3-8775c3707956}\ (8 traces secondaires) (ID = 774421) 23:50: HKCR\interface\{d082721f-4bd4-4b8b-bb82-06753ee6174f}\ (8 traces secondaires) (ID = 774430) 23:50: HKCR\interface\{d24f9d3c-5d4c-47f8-9ab7-632b44ad6a0d}\ (8 traces secondaires) (ID = 774439) 23:50: HKCR\interface\{f43ec88b-b6c8-4969-a763-e2bf55602cce}\ (8 traces secondaires) (ID = 774448) 23:50: HKCR\interface\{f786cb18-3809-4e49-bc99-9a66da47db8b}\ (8 traces secondaires) (ID = 774457) 23:50: HKCR\interface\{f814be58-1bf9-4b50-829a-e889f86127ad}\ (8 traces secondaires) (ID = 774466) 23:50: HKLM\software\classes\clsid\{420c35c9-e4f2-49f9-bf67-2be1ecf86989}\inprocserver32\ (2 traces secondaires) (ID = 774480) 23:50: HKLM\software\classes\clsid\{420c35c9-e4f2-49f9-bf67-2be1ecf86989}\progid\ (1 traces secondaires) (ID = 774483) 23:50: HKLM\software\classes\clsid\{420c35c9-e4f2-49f9-bf67-2be1ecf86989}\programmable\ (ID = 774485) 23:50: HKLM\software\classes\clsid\{420c35c9-e4f2-49f9-bf67-2be1ecf86989}\typelib\ (1 traces secondaires) (ID = 774486) 23:50: HKLM\software\classes\clsid\{420c35c9-e4f2-49f9-bf67-2be1ecf86989}\versionindependentprogid\ (1 traces secondaires) (ID = 774488) 23:50: HKLM\software\classes\interface\{023a4648-601a-4c30-8a2e-c72ebfa99af6}\ (8 traces secondaires) (ID = 774490) 23:50: HKLM\software\classes\interface\{175816a5-219e-4079-b2f9-53c501c409ba}\ (8 traces secondaires) (ID = 774499) 23:50: HKLM\software\classes\interface\{19ebcbe0-9245-4397-bc5d-883d34782043}\ (8 traces secondaires) (ID = 774508) 23:50: HKLM\software\classes\interface\{1c1793e0-1034-4cac-837d-aa545f6961bf}\ (8 traces secondaires) (ID = 774517) 23:50: HKLM\software\classes\interface\{1e07646f-07c4-4847-a250-0ec8114f2963}\ (8 traces secondaires) (ID = 774526) 23:50: HKLM\software\classes\interface\{27c4569f-8728-4958-a920-a607cae8153c}\ (8 traces secondaires) (ID = 774535) 23:50: HKLM\software\classes\interface\{38370864-346f-4afa-8c4b-4fbff518c0bb}\ (8 traces secondaires) (ID = 774544) 23:50: HKLM\software\classes\interface\{397a208b-3d09-4b3e-93e8-ca171886612e}\ (8 traces secondaires) (ID = 774553) 23:50: HKLM\software\classes\interface\{421745e9-16df-4ee4-a758-d51f939c49cb}\ (8 traces secondaires) (ID = 774562) 23:50: HKLM\software\classes\interface\{4331ec56-0aab-499e-8757-dd2ee44ad671}\ (8 traces secondaires) (ID = 774571) 23:50: HKLM\software\classes\interface\{54286c3a-e044-4e65-bd44-528d6ae28a18}\ (8 traces secondaires) (ID = 774580) 23:50: HKLM\software\classes\interface\{5d9c84e7-fa45-49e2-a0b8-b6b5e9a4f6be}\ (8 traces secondaires) (ID = 774598) 23:50: HKLM\software\classes\interface\{5f2b9de7-f878-4762-8cfe-e9c58f082f0e}\ (8 traces secondaires) (ID = 774607) 23:50: HKLM\software\classes\interface\{601a9784-1114-4089-9b3e-cbd70dafc6ad}\ (8 traces secondaires) (ID = 774616) 23:50: HKLM\software\classes\interface\{8654592e-952a-4e7c-a960-304763b35fa6}\ (8 traces secondaires) (ID = 774625) 23:50: HKLM\software\classes\interface\{8a61a950-c325-4f44-ba64-273180ff3464}\ (8 traces secondaires) (ID = 774634) 23:50: HKLM\software\classes\interface\{8d5c4ec6-af8e-4b85-ba27-64babe410510}\ (8 traces secondaires) (ID = 774643) 23:50: HKLM\software\classes\interface\{8e98faf8-794f-47f9-af90-15305564ed81}\ (8 traces secondaires) (ID = 774652) 23:50: HKLM\software\classes\interface\{af15975b-1498-4740-8e6c-90af78e4198c}\ (8 traces secondaires) (ID = 774661) 23:50: HKLM\software\classes\interface\{b53d4cd4-406d-43cc-8244-7893d72236dd}\ (8 traces secondaires) (ID = 774670) 23:50: HKLM\software\classes\interface\{b671426c-5c1a-48ac-9652-bc9402b1c404}\ (8 traces secondaires) (ID = 774679) 23:50: HKLM\software\classes\interface\{b9bb3219-f84c-4060-966b-4a1e73e24226}\ (8 traces secondaires) (ID = 774688) 23:50: HKLM\software\classes\interface\{bc8c2e5f-d8b4-4997-bce3-8775c3707956}\ (8 traces secondaires) (ID = 774697) 23:50: HKLM\software\classes\interface\{d082721f-4bd4-4b8b-bb82-06753ee6174f}\ (8 traces secondaires) (ID = 774706) 23:50: HKLM\software\classes\interface\{d24f9d3c-5d4c-47f8-9ab7-632b44ad6a0d}\ (8 traces secondaires) (ID = 774715) 23:50: HKLM\software\classes\interface\{f43ec88b-b6c8-4969-a763-e2bf55602cce}\ (8 traces secondaires) (ID = 774724) 23:50: HKLM\software\classes\interface\{f786cb18-3809-4e49-bc99-9a66da47db8b}\ (8 traces secondaires) (ID = 774733) 23:50: HKLM\software\classes\interface\{f814be58-1bf9-4b50-829a-e889f86127ad}\ (8 traces secondaires) (ID = 774742) 23:50: HKLM\software\microsoft\code store database\distribution units\{8c875948-9c60-4381-9248-0df180542d53}\ (11 traces secondaires) (ID = 774751) 23:50: HKLM\software\microsoft\windows\currentversion\uninstall\hotbar shopperreports\ (5 traces secondaires) (ID = 774763) 23:50: Trouvé Adware: hotbar resultsmaster hijack 23:50: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 818235) 23:50: HKLM\software\microsoft\windows\currentversion\internet settings\5.0\user agent\post platform\ || hbtools 4.7.2 (ID = 1058300) 23:50: HKLM\software\microsoft\internet explorer\extensions\{946b3e9e-e21a-49c8-9f63-900533fafe15}\ (6 traces secondaires) (ID = 1058305) 23:50: HKU\S-1-5-21-1660113786-3654081215-4201638371-1006\software\hbtools\ (326 traces secondaires) (ID = 127563) 23:50: HKU\S-1-5-21-1660113786-3654081215-4201638371-1006\software\microsoft\internet explorer\explorer bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e}\ (2 traces secondaires) (ID = 127568) 23:50: HKU\S-1-5-21-1660113786-3654081215-4201638371-1006\software\microsoft\internet explorer\explorer bars\{66b90adb-0be3-40ae-8680-84a6f0577ca0}\ (2 traces secondaires) (ID = 127570) 23:50: HKU\S-1-5-21-1660113786-3654081215-4201638371-1006\software\microsoft\internet explorer\explorer bars\{2178c864-b8bc-41ae-a1fb-eb6a32f87eb1}\ (2 traces secondaires) (ID = 127571) 23:50: HKU\S-1-5-21-1660113786-3654081215-4201638371-1006\software\microsoft\internet explorer\explorer bars\{a798e2b4-b6a0-4b96-8c53-8ec7a3b0895a}\ (2 traces secondaires) (ID = 127572) 23:50: HKU\S-1-5-21-1660113786-3654081215-4201638371-1006\software\microsoft\internet explorer\extensions\cmdmapping\ || {946b3e9e-e21a-49c8-9f63-900533fafe14} (ID = 127575) 23:50: HKU\S-1-5-21-1660113786-3654081215-4201638371-1006\software\microsoft\internet explorer\extensions\cmdmapping\ || {e77eda01-3c56-4a96-8d08-02b42891c169} (ID = 127576) 23:50: HKU\S-1-5-21-1660113786-3654081215-4201638371-1006\software\microsoft\internet explorer\toolbar\webbrowser\ || {74cc49f7-eb32-4a08-b204-948962a6e3db} (ID = 127586) 23:50: HKU\S-1-5-21-1660113786-3654081215-4201638371-1006\software\shopperreports\ (6 traces secondaires) (ID = 127631) 23:50: HKU\S-1-5-21-1660113786-3654081215-4201638371-1006\software\microsoft\installer\features\10b0642b36134f8f914ea8e11ee5b503\ (1 traces secondaires) (ID = 788006) 23:50: HKU\S-1-5-21-1660113786-3654081215-4201638371-1006\software\microsoft\installer\products\d493500bd4a54ea6bc805fc9cda952c5\ (2 traces secondaires) (ID = 788008) 23:50: HKU\S-1-5-21-1660113786-3654081215-4201638371-1006\software\microsoft\internet explorer\extensions\cmdmapping\ || {946b3e9e-e21a-49c8-9f63-900533fafe15} (ID = 1058296) 23:50: Analyse du Registre terminée, temps passé :00:00:37 23:50: Démarrage de l’analyse des cookies 23:50: Trouvé Spy Cookie: hotbar cookie 23:50: carre [email protected][1].txt (ID = 4207) 23:50: Trouvé Spy Cookie: askmen cookie 23:50: carre jacqueline@askmen[2].txt (ID = 2247) 23:50: Trouvé Spy Cookie: atlas dmt cookie 23:50: carre jacqueline@atdmt[2].txt (ID = 2253) 23:50: Trouvé Spy Cookie: bluestreak cookie 23:50: carre jacqueline@bluestreak[2].txt (ID = 2314) 23:50: Trouvé Spy Cookie: casalemedia cookie 23:50: carre jacqueline@casalemedia[1].txt (ID = 2354) 23:50: Trouvé Spy Cookie: comclick cookie 23:50: carre [email protected][1].txt (ID = 2450) 23:50: carre jacqueline@hotbar[1].txt (ID = 2797) 23:50: Trouvé Spy Cookie: 2o7.net cookie 23:50: carre [email protected][1].txt (ID = 1958) 23:50: Trouvé Spy Cookie: rn11 cookie 23:50: carre jacqueline@rn11[2].txt (ID = 3261) 23:50: Trouvé Spy Cookie: adjuggler cookie 23:50: carre [email protected][1].txt (ID = 2071) 23:50: Trouvé Spy Cookie: serving-sys cookie 23:50: carre jacqueline@serving-sys[2].txt (ID = 3343) 23:50: Trouvé Spy Cookie: statcounter cookie 23:50: carre jacqueline@statcounter[1].txt (ID = 3447) 23:50: Trouvé Spy Cookie: reliablestats cookie 23:50: carre [email protected][1].txt (ID = 3254) 23:50: carre [email protected][1].txt (ID = 2798) 23:50: Trouvé Spy Cookie: tribalfusion cookie 23:50: carre jacqueline@tribalfusion[1].txt (ID = 3589) 23:50: Trouvé Spy Cookie: weborama cookie 23:50: carre jacqueline@weborama[2].txt (ID = 3658) 23:50: carre [email protected][1].txt (ID = 2248) 23:50: Trouvé Spy Cookie: xiti cookie 23:50: carre jacqueline@xiti[1].txt (ID = 3717) 23:50: Analyse des cookies terminée, temps passé : 00:00:01 23:50: Démarrage de l’analyse des fichiers 23:50: c:\documents and settings\carre jacqueline\application data\shopperreports (122 traces secondaires) (ID = -2147480876) 23:51: c:\documents and settings\carre jacqueline\application data\hbtools (1863 traces secondaires) (ID = -2147480879) 23:51: c:\program files\winfixer 2005 (1 traces secondaires) (ID = -2147476702) 23:51: c:\program files\shopperreports (6 traces secondaires) (ID = -2147477479) 23:51: c:\program files\hbtools (20 traces secondaires) (ID = -2147480872) 23:51: d_icons_buttons_2000.res (ID = 121823) 23:51: d_icons_buttons_1000.xip (ID = 114339) 23:51: icons2.res (ID = 121846) 23:51: d_icons_buttons_1000.res (ID = 121822) 23:51: ybcbshox.exe (ID = 208938) 23:51: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || zxxgpcuj (ID = 0) 23:51: d_icons_buttons_1000.res (ID = 121822) 23:52: d_icons_weather.res (ID = 121840) 23:52: dbenderc.dll (ID = 62276) 23:52: hbinstie.dll (ID = 62318) 23:52: d_icons_buttons_bbar4.res (ID = 121833) 23:52: d_icons_weather.res (ID = 121840) 23:52: d_icons_buttons_3000.res (ID = 121824) 23:53: Trouvé Adware: cnsmin 23:53: backup-20051224-205821-576.dll (ID = 53285) 23:53: progress.res (ID = 62367) 23:53: progress.res (ID = 62367) 23:53: d_icons_buttons_bbar1.res (ID = 121825) 23:53: country.exe (ID = 121818) 23:55: Avertissement: Failed to open file "c:\recycler\.jpg 23:55: tsd_bg.res (ID = 62382) 23:55: t2_bg.res (ID = 121851) 23:55: progress.res (ID = 62367) 23:55: d_icons_buttons_3000.res (ID = 121824) 23:55: default_hotbarcom.mnu (ID = 121820) 23:55: Avertissement: Failed to open file "c:\recycler\.jpg 23:55: Avertissement: Failed to open file "c:\recycler\.jpg 23:56: Avertissement: Failed to open file "c:\recycler\.jpg 23:56: d_icons_buttons_x.xip (ID = 121859) 23:56: progress.res (ID = 62367) 23:56: d_icons_buttons_bbar2.res (ID = 121831) 23:56: icons2.xip (ID = 121862) 23:56: d_icons_buttons_3000.xip (ID = 114353) 23:56: progress.res (ID = 62367) 23:57: Avertissement: Failed to open file "c:\recycler\.jpg 23:57: Avertissement: Failed to open file "c:\recycler\.jpg 23:57: d_icons_weather.xip (ID = 121860) 23:57: t2_bg.xip (ID = 121869) 23:57: d_icons_buttons_bbar2.xip (ID = 114393) 23:57: d_icons_buttons_bbar10.xip (ID = 114391) 23:57: d_icons_buttons_bbar12.xip (ID = 114375) 23:57: Avertissement: Failed to open file "c:\recycler\.jpg 23:57: Avertissement: Failed to open file "c:\recycler\.jpg 23:57: Avertissement: Failed to open file "c:\recycler\.jpg 23:57: Avertissement: Failed to open file "c:\recycler\.jpg 23:57: Avertissement: Failed to open file "c:\recycler\.jpg 23:57: setup.exe (ID = 164820) 23:58: setup.exe (ID = 164820) 23:58: Avertissement: Failed to open file "c:\recycler\.jpg 23:58: country.exe (ID = 121818) 23:59: Avertissement: Failed to open file "c:\recycler\.jpg 23:59: Avertissement: Failed to open file "c:\recycler\.jpg 23:59: Avertissement: Failed to open file "c:\recycler\.jpg 00:00: Avertissement: Failed to open file "c:\recycler\.jpg 00:00: d_icons_buttons_bbar1.res (ID = 121825) 00:00: d_icons_buttons_bbar6.res (ID = 121835) 00:00: s_icons_buttons.xip (ID = 130929) 00:01: default_hotbarcom.mnu (ID = 121820) 00:01: country.xip (ID = 121857) 00:01: tsd_bg.xip (ID = 62383) 00:01: Avertissement: Failed to open file "c:\recycler\.jpg 00:02: hbtools.exe (ID = 208939) 00:03: Avertissement: Failed to open file "c:\recycler\.jpg 00:03: d_icons_buttons_bbar11.res (ID = 121827) 00:03: d_icons_buttons_bbar8.res (ID = 121837) 00:03: d_icons_buttons_bbar8.xip (ID = 114356) 00:03: d_icons_buttons_bbar11.xip (ID = 114340) 00:03: fuepxakv.exe (ID = 208939) 00:03: d_icons_buttons_bbar3.xip (ID = 114342) 00:03: d_icons_buttons_bbar4.xip (ID = 114355) 00:04: crxml.dll (ID = 119203) 00:04: hbinstie.dll (ID = 62318) 00:04: d_icons_buttons_bbar5.res (ID = 121834) 00:04: d_icons_buttons_2000.xip (ID = 114390) 00:04: d_icons_buttons_bbar8.res (ID = 121837) 00:04: d_icons_buttons_bbar11.res (ID = 121827) 00:05: d_icons_buttons_bbar9.res (ID = 121838) 00:05: d_icons_buttons_bbar7.res (ID = 121836) 00:05: d_icons_buttons_bbar2.res (ID = 121831) 00:05: d_icons_buttons_bbar12.res (ID = 121828) 00:05: tsd_bg.res (ID = 62382) 00:05: d_icons_buttons_bbar4.res (ID = 121833) 00:06: t2_bg.res (ID = 121851) 00:06: progress.res (ID = 62367) 00:06: winfixer2005scannersetup.exe (ID = 164822) 00:06: d_icons_buttons_bbar5.xip (ID = 114376) 00:06: d_icons_buttons_bbar6.xip (ID = 114394) 00:06: d_icons_buttons_bbar1.xip (ID = 114354) 00:06: d_icons_buttons_bbar7.xip (ID = 114343) 00:06: d_icons_buttons_bbar9.xip (ID = 114377) 00:07: d_icons_buttons_bbar3.res (ID = 121832) 00:07: top7.xip (ID = 162956) 00:07: hbtguard.exe (ID = 208938) 00:07: d_icons_buttons_bbar12.res (ID = 121828) 00:07: d_icons_buttons_x.res (ID = 121839) 00:07: d_icons_buttons_bbar6.res (ID = 121835) 00:07: d_icons_buttons_bbar7.res (ID = 121836) 00:07: d_icons_buttons_bbar9.res (ID = 121838) 00:07: d_icons_buttons_bbar10.res (ID = 121826) 00:07: d_icons_buttons_x.res (ID = 121839) 00:07: d_icons_buttons_bbar5.res (ID = 121834) 00:07: d_icons_buttons_bbar10.res (ID = 121826) 00:07: d_icons_buttons_bbar3.res (ID = 121832) 00:07: Avertissement: Failed to open file "c:\recycler\.jpg 00:08: wowpapers.lnk (ID = 62386) 00:08: icons2.res (ID = 121846) 00:09: d_icons_buttons_2000.res (ID = 121823) 00:09: hbtools.inf (ID = 62333) 00:09: backup-20051224-205821-576.inf (ID = 53286) 00:09: backup-20051224-205821-161.inf (ID = 62333) 00:09: linkpathlegal.txt (ID = 121849) 00:09: d_icons_buttons_logos.res (ID = 62283) 00:09: d_icons_buttons_other.res (ID = 62283) 00:09: d_icons_buttons_bar.res (ID = 62283) 00:09: default_mails.mnu (ID = 121821) 00:09: email-def-511724-9595.mnu (ID = 121842) 00:09: email-def-511724-548964.mnu (ID = 121841) 00:09: ads.cdf (ID = 121815) 00:09: hotbar-premium.cdf (ID = 121845) 00:09: hotbar-premium-hotbar-premium.mnu (ID = 121844) 00:09: linkpathlegal.txt (ID = 121849) 00:09: d_icons_buttons_logos.res (ID = 62283) 00:09: d_icons_buttons_other.res (ID = 62283) 00:09: d_icons_buttons_bar.res (ID = 62283) 00:09: default_mails.mnu (ID = 121821) 00:09: email-def-511724-9595.mnu (ID = 121842) 00:09: email-def-511724-548964.mnu (ID = 121841) 00:09: ads.cdf (ID = 121815) 00:09: hotbar-premium.cdf (ID = 121845) 00:09: hotbar-premium-hotbar-premium.mnu (ID = 121844) 00:09: persist.dbs (ID = 208919) 00:09: email-def-email-backgrounds.mnu (ID = 121844) 00:09: email-premium-email-premium.mnu (ID = 121844) 00:09: email-premium-email-premium_oi.mnu (ID = 121844) 00:09: email-def-511745-514279.mnu (ID = 121844) 00:09: email-def-email-backgrounds.mnu (ID = 121844) 00:09: email-premium-email-premium.mnu (ID = 121844) 00:09: email-def-511724-9595.mnu (ID = 121842) 00:09: email-def-511745-514279.mnu (ID = 121844) 00:09: email-def-511724-9696.mnu (ID = 121842) 00:09: email-def-511724-548964.mnu (ID = 121841) 00:09: samplegroups2.xip (ID = 208933) 00:09: linkpathlegal.xip (ID = 121866) 00:09: email-def-email-backgrounds.mnu (ID = 121844) 00:09: email-premium-email-premium.mnu (ID = 121844) 00:09: d_icons_buttons_logos.xip (ID = 62294) 00:09: email-premium-email-premium_oi.mnu (ID = 121844) 00:09: d_icons_buttons_other.xip (ID = 62294) 00:09: email-def-511745-514279.mnu (ID = 121844) 00:09: progress.xip (ID = 62368) 00:09: d_icons_buttons_bar.xip (ID = 62294) 00:09: d_icons_buttons_bbar13.xip (ID = 114341) 00:09: d_icons_buttons_bbar14.xip (ID = 114341) 00:09: business_promo.xip (ID = 121856) 00:09: hotbar_promo.xip (ID = 114346) 00:09: ads.xip (ID = 121855) 00:09: hotbar-premium.xip (ID = 114359) 00:09: progress.xip (ID = 62368) 00:09: email-def-email-backgrounds.mnu (ID = 121844) 00:09: email-premium-email-premium.mnu (ID = 121844) 00:09: email-def-511724-9595.mnu (ID = 121842) 00:09: email-def-511745-514279.mnu (ID = 121844) 00:09: email-def-511724-9696.mnu (ID = 121842) 00:09: email-def-511724-548964.mnu (ID = 121841) 00:09: hotbar_promo.xip (ID = 114346) 00:09: progress.xip (ID = 62368) 00:09: business_promo.xip (ID = 121856) 00:09: d_icons_buttons_bbar13.res (ID = 121829) 00:09: d_icons_buttons_bbar14.res (ID = 121829) 00:09: d_icons_buttons_bbar13.res (ID = 121829) 00:09: d_icons_buttons_bbar14.res (ID = 121829) 00:10: Analyse des fichiers terminée, temps passé : 00:19:39 00:10: Analyse complète terminée. Durée 00:24:41 00:10: Traces trouvées : 4607 00:16: Processus de suppression lancé. 00:16: Mise en quarantaine de toutes les traces : cnsmin 00:16: Mise en quarantaine de toutes les traces : hotbar 00:20: hotbar est en cours d'utilisation. Il sera supprimé au redémarrage. 00:21: c:\documents and settings\carre jacqueline\application data\hbtools est en cours d'utilisation. Il sera supprimé au redémarrage. 00:21: c:\program files\shopperreports est en cours d'utilisation. Il sera supprimé au redémarrage. 00:21: c:\program files\hbtools est en cours d'utilisation. Il sera supprimé au redémarrage. 00:21: Mise en quarantaine de toutes les traces : hotbar resultsmaster hijack 00:21: Mise en quarantaine de toutes les traces : winantispyware 2005 00:21: Mise en quarantaine de toutes les traces : 2o7.net cookie 00:21: Mise en quarantaine de toutes les traces : adjuggler cookie 00:21: Mise en quarantaine de toutes les traces : askmen cookie 00:21: Mise en quarantaine de toutes les traces : atlas dmt cookie 00:21: Mise en quarantaine de toutes les traces : bluestreak cookie 00:21: Mise en quarantaine de toutes les traces : casalemedia cookie 00:21: Mise en quarantaine de toutes les traces : comclick cookie 00:21: Mise en quarantaine de toutes les traces : hotbar cookie 00:21: Mise en quarantaine de toutes les traces : reliablestats cookie 00:21: Mise en quarantaine de toutes les traces : rn11 cookie 00:21: Mise en quarantaine de toutes les traces : serving-sys cookie 00:21: Mise en quarantaine de toutes les traces : statcounter cookie 00:21: Mise en quarantaine de toutes les traces : tribalfusion cookie 00:21: Mise en quarantaine de toutes les traces : weborama cookie 00:21: Mise en quarantaine de toutes les traces : xiti cookie 00:22: Préparation du redémarrage de votre ordinateur. Veuillez patienter... 00:22: Processus de suppression lancé. Durée 00:05:28 ******** 23:40: | Start of Session, samedi 24 décembre 2005 | 23:40: Spy Sweeper started 23:40: Sweep initiated using definitions version 589 23:40: Starting Memory Sweep 23:43: Sweep Canceled 23:45: Les définitions de logiciels espions ont été mises à jour. 23:45: | Fin de session, samedi 24 décembre 2005 | ******** 22:57: | Start of Session, samedi 24 décembre 2005 | 22:57: Spy Sweeper started 22:57: Sweep initiated using definitions version 589 22:57: Starting Memory Sweep 23:01: Memory Sweep Complete, Elapsed Time: 00:04:33 23:01: Starting Registry Sweep 23:02: Found Adware: hotbar 23:02: HKCR\appid\weatherontray.exe\ (1 subtraces) (ID = 127217) 23:02: HKCR\appid\{0507fdde-f3b7-49f5-9e8f-c557e991f39b}\ (1 subtraces) (ID = 127218) 23:02: HKCR\clsid\{0ab71193-ec19-4d70-85c2-e46e2ff02755}\ (20 subtraces) (ID = 127227) 23:02: HKCR\clsid\{0774f696-d801-4c18-81a7-a3a32b8bef19}\ (10 subtraces) (ID = 127230) 23:02: HKCR\clsid\{1e0004ec-5df0-48c7-a8f0-fbb0488a3d94}\ (11 subtraces) (ID = 127231) 23:02: HKCR\clsid\{1e6ac766-9094-4bcf-abd3-39e2eaea5fcd}\ (18 subtraces) (ID = 127232) 23:02: HKCR\clsid\{2a8a997f-bb9f-48f6-aa2b-2762d50f9289}\ (10 subtraces) (ID = 127233) 23:02: HKCR\clsid\{3fa917b9-df69-477f-9e4f-b60d929de79f}\ (23 subtraces) (ID = 127235) 23:02: HKCR\clsid\{7e66936c-fea0-4984-ad26-7b6661ac5b2e}\ (26 subtraces) (ID = 127239) 23:02: HKCR\clsid\{8c875948-9c60-4381-9248-0df180542d53}\ (11 subtraces) (ID = 127241) 23:02: HKCR\clsid\{31a59636-0fa3-4a56-954d-db7ad02840d8}\ (14 subtraces) (ID = 127242) 23:02: HKCR\clsid\{40d8240a-e3a0-4d59-ac55-0443120188d1}\ (11 subtraces) (ID = 127244) 23:02: HKCR\clsid\{66b90adb-0be3-40ae-8680-84a6f0577ca0}\ (17 subtraces) (ID = 127246) 23:02: HKCR\clsid\{74cc49f7-eb32-4a08-b204-948962a6e3db}\ (11 subtraces) (ID = 127248) 23:02: HKCR\clsid\{454b4812-e572-4703-a1bb-63490809eac0}\ (11 subtraces) (ID = 127252) 23:02: HKCR\clsid\{580a1f3f-89b4-433b-bbdb-b97aeb13f3fc}\ (11 subtraces) (ID = 127253) 23:02: HKCR\clsid\{2178c864-b8bc-41ae-a1fb-eb6a32f87eb1}\ (12 subtraces) (ID = 127255) 23:02: HKCR\clsid\{354382db-df55-4da9-85a3-41696a0f510f}\ (11 subtraces) (ID = 127260) 23:02: HKCR\clsid\{a14c0d8d-e753-4e73-9e2b-4070791d8940}\ (10 subtraces) (ID = 127261) 23:02: HKCR\clsid\{a798e2b4-b6a0-4b96-8c53-8ec7a3b0895a}\ (16 subtraces) (ID = 127262) 23:02: HKCR\clsid\{c2baa4c9-ae1e-4605-ae2f-a1c49a30d881}\ (11 subtraces) (ID = 127267) 23:02: HKCR\clsid\{fa16bce1-5e36-472a-8466-e0cdd5ce00e6}\ (10 subtraces) (ID = 127272) 23:02: HKCR\hbcoresrv.dynamicprop.1\ (3 subtraces) (ID = 127276) 23:02: HKCR\hbcoresrv.dynamicprop\ (5 subtraces) (ID = 127277) 23:02: HKCR\hbtcoresrv.hbtcoreservices.1\ (3 subtraces) (ID = 127291) 23:02: HKCR\hbtcoresrv.hbtcoreservices\ (5 subtraces) (ID = 127292) 23:02: HKCR\hbtcoresrv.lfgax.1\ (3 subtraces) (ID = 127293) 23:02: HKCR\hbtcoresrv.lfgax\ (5 subtraces) (ID = 127294) 23:02: HKCR\hbthostie.bho.1\ (3 subtraces) (ID = 127295) 23:02: HKCR\hbthostie.bho\ (5 subtraces) (ID = 127296) 23:02: HKCR\hbthostol.hbtmailanim.1\ (3 subtraces) (ID = 127297) 23:02: HKCR\hbthostol.hbtmailanim\ (5 subtraces) (ID = 127298) 23:02: HKCR\hbthostol.hbtwebmailsend.1\ (3 subtraces) (ID = 127299) 23:02: HKCR\hbthostol.hbtwebmailsend\ (5 subtraces) (ID = 127300) 23:02: HKCR\hbtinstie.hbinstobj.1\ (3 subtraces) (ID = 127301) 23:02: HKCR\hbtinstie.hbinstobj\ (5 subtraces) (ID = 127302) 23:02: HKCR\hbtools.hbtcommband.1\ (3 subtraces) (ID = 127306) 23:02: HKCR\hbtools.hbtcommband\ (5 subtraces) (ID = 127307) 23:02: HKCR\hbtools.hbttravelcomparebar.1\ (3 subtraces) (ID = 127308) 23:02: HKCR\hbtools.hbttravelcomparebar\ (5 subtraces) (ID = 127309) 23:02: HKCR\hbtsrv.hbtcoreservices.1\ (3 subtraces) (ID = 127310) 23:02: HKCR\hbtsrv.hbtcoreservices\ (5 subtraces) (ID = 127311) 23:02: HKCR\hbttoolbar.hbthtmlmenuui.1\ (3 subtraces) (ID = 127312) 23:02: HKCR\hbttoolbar.hbthtmlmenuui\ (5 subtraces) (ID = 127313) 23:02: HKCR\hbttoolbar.hbttoolbarctl.1\ (3 subtraces) (ID = 127314) 23:02: HKCR\hbttoolbar.hbttoolbarctl\ (5 subtraces) (ID = 127315) 23:02: HKCR\hbttools.hbmain.1\ (3 subtraces) (ID = 127316) 23:02: HKCR\hbttools.hbmain\ (5 subtraces) (ID = 127317) 23:02: HKCR\interface\{3f04cbf7-cd62-4403-b090-b432dedcb159}\ (8 subtraces) (ID = 127325) 23:02: HKCR\interface\{34f4d917-31e4-464c-b8b3-84c1ce76b395}\ (8 subtraces) (ID = 127334) 23:02: HKCR\interface\{8578d35e-c6c0-4808-9a80-0f6c29a2c423}\ (8 subtraces) (ID = 127339) 23:02: HKCR\interface\{bc190da5-0187-4d99-b3ac-6c45ea1b9324}\ (8 subtraces) (ID = 127353) 23:02: HKCR\rprtspsclient.psexecuter.1\ (3 subtraces) (ID = 127362) 23:02: HKCR\rprtspsclient.psexecuter\ (5 subtraces) (ID = 127363) 23:02: HKCR\shprrprts.hbax.1\ (3 subtraces) (ID = 127365) 23:02: HKCR\shprrprts.hbax\ (5 subtraces) (ID = 127366) 23:02: HKCR\shprrprts.hbcommband.1\ (3 subtraces) (ID = 127367) 23:02: HKCR\shprrprts.hbcommband\ (5 subtraces) (ID = 127368) 23:02: HKCR\shprrprts.hbinfoband.1\ (3 subtraces) (ID = 127369) 23:02: HKCR\shprrprts.hbinfoband\ (5 subtraces) (ID = 127370) 23:02: HKCR\shprrprts.iebutton.1\ (3 subtraces) (ID = 127371) 23:02: HKCR\shprrprts.iebutton\ (5 subtraces) (ID = 127372) 23:02: HKCR\shprrprts.iebuttona.1\ (3 subtraces) (ID = 127373) 23:02: HKCR\shprrprts.iebuttona\ (5 subtraces) (ID = 127374) 23:02: HKCR\shprrprts.smrtshprctl.1\ (3 subtraces) (ID = 127375) 23:02: HKCR\shprrprts.smrtshprctl\ (5 subtraces) (ID = 127376) 23:02: HKLM\software\classes\appid\weatherontray.exe\ (1 subtraces) (ID = 127380) 23:02: HKLM\software\classes\appid\{0507fdde-f3b7-49f5-9e8f-c557e991f39b}\ (1 subtraces) (ID = 127381) 23:02: HKLM\software\classes\clsid\{0ab71193-ec19-4d70-85c2-e46e2ff02755}\ (20 subtraces) (ID = 127393) 23:02: HKLM\software\classes\clsid\{0774f696-d801-4c18-81a7-a3a32b8bef19}\ (10 subtraces) (ID = 127395) 23:02: HKLM\software\classes\clsid\{1e0004ec-5df0-48c7-a8f0-fbb0488a3d94}\ (11 subtraces) (ID = 127396) 23:02: HKLM\software\classes\clsid\{1e6ac766-9094-4bcf-abd3-39e2eaea5fcd}\ (18 subtraces) (ID = 127397) 23:02: HKLM\software\classes\clsid\{2a8a997f-bb9f-48f6-aa2b-2762d50f9289}\ (10 subtraces) (ID = 127398) 23:02: HKLM\software\classes\clsid\{3fa917b9-df69-477f-9e4f-b60d929de79f}\ (23 subtraces) (ID = 127399) 23:02: HKLM\software\classes\clsid\{7e66936c-fea0-4984-ad26-7b6661ac5b2e}\ (26 subtraces) (ID = 127402) 23:02: HKLM\software\classes\clsid\{8c875948-9c60-4381-9248-0df180542d53}\ (11 subtraces) (ID = 127404) 23:02: HKLM\software\classes\clsid\{31a59636-0fa3-4a56-954d-db7ad02840d8}\ (14 subtraces) (ID = 127405) 23:02: HKLM\software\classes\clsid\{40d8240a-e3a0-4d59-ac55-0443120188d1}\ (11 subtraces) (ID = 127407) 23:02: HKL

bon sang de bonsoir, commentfais tu pour te devouer ainsi pour un clampin parfaitement inconnu qui se noie dans une flaque d'eau ? .. je suis tout simplement sur le cul devant tant de gentillesse;.. voici mon dernier hijackthis.log : Logfile of HijackThis v1.99.1 Scan saved at 21:47:36, on 24/12/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\HPConfig.exe C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wlancfg.exe C:\WINDOWS\System32\carpserv.exe C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe C:\PROGRA~1\MESSAG~1\Demon.exe C:\PROGRA~1\Wanadoo\CnxMon.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing) O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe j'espère que l'ordi est propre maintenant ! histoire de te laisser avaler le dessert tranquille ? ..; pour ce qui concerne le firewall, je pensais qu'antivir guard etait suffisant ? ..; dis moi si je dois telecharger un pare-feu plus performant, ou activer celui de windows ? je nage un peu..; encore une fois mille mercis pour ta disponibilité et ton efficacité redoutables.. et bonne soirée ! JP

rebonsoir,ça y est, j'ai bricolé...a priori pas de bug, sauf peut etre une fenetre oubliée et laissée ouverte lors du "fix hijack"..;voici le nouveau hijack.log : Logfile of HijackThis v1.99.1 Scan saved at 21:14:19, on 24/12/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\HPConfig.exe C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wlancfg.exe C:\WINDOWS\System32\carpserv.exe C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe C:\PROGRA~1\MESSAG~1\Demon.exe C:\PROGRA~1\Wanadoo\CnxMon.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe C:\WINDOWS\System32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing) O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe verdict ?... merci ! JP

OK,Jack, je m'execute sans tarder... a suivre... MERCI !! JP

oups ! le copier coller a derapé... je le reprends : Logfile of HijackThis v1.99.1 Scan saved at 18:52:02, on 24/12/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/2Q00CPT/040C/bF8.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/redirec...=search&ap=b204 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...=search&ap=b204 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirec...=search&ap=b204 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redire...1c02&lc=040c&ac R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Servi...omeLeftPane.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Windows Registry Startupx] C:\DOCUME~1\CARREJ~1\LOCALS~1\Temp\admin.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.7.2.1\HbtOEAddOn.exe O4 - HKLM\..\Run: [zxxgpcuj] C:\WINDOWS\System32\ybcbshox.exe O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [Picasa Media Detector] C:\Documents and Settings\Carre Jacqueline\Mes documents\'05_11_29_01\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [install_Choix] D:\choix.exe O4 - HKLM\..\RunServices: [Windows Registry Startupx] C:\DOCUME~1\CARREJ~1\LOCALS~1\Temp\admin.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ? O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing) O9 - Extra 'Tools' menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (HbtInstObj) - http://installs.hotbar.com/installs/hbtool...ams/hbtools.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe

bonjour, je suis infecté par un virus qu'antivir a appelé ADSPY/HBT Core.4 ; voici le rapport obtenu apres la procedure HijackThis :quelqu'un peut il me sortir de la melasse ?d'avance un HENAURME merci ! Logfile of HijackThis v1.99.1 Scan saved at 18:52:02, on 24/12/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/2Q00CPT/040C/bF8.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/redirec...=search&ap=b204 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...=search&ap=b204 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirec...=search&ap=b204 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redire...1c02&lc=040c&ac R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Servi...omeLeftPane.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll (file missing)