vérolé67

Bonsoir Tornado, Merci beaucoup de te soucier de mes problèmes et désolé à mon tour pour le retard ... J'ai commencé par suivre tes instructions quand je me suis dit que je devrais faire ce dont j'avais entendu parlé sans jamais l'avoir fait: un test de connexion. Le résultat s'est fait attendre mais était clair: 41,70 Kbit/s !! Pour un abonnement 1Mo. Du coup, je ne pense pas que cela soit lié à mon PC, qu'en penses-tu? Concernant tes préconisations, je les mettrais en oeuvre dès que possible mais la lenteur des applications autres qu'internet n'est pas trop génante. De plus, je crois avoir compris que l'ajout de RAM (jumelles) pouvait engendrer quelques ralentissements; justement, la lenteur observée (non internet) pourrait dater de cette période où j'ai ajouté la RAM. Dans tous les cas, merci encore pour ton implication. Bonne soirée.

Bonsoir Tornado, Du temps, je ne peut qu'en gagner à trouver une solution; en revanche, je ne voudrais pas t'en faire perdre à ton tour: Je pense de plus en plus que c'est du côté du fournisseur d'accès que cela pose problème. Cela fait environ 3 semaines et coïncide plutôt avec des problèmes de téléphone. Comme si il n'y avait pas assez de débit disponible (?). La défragmentation n'est pas nécessaire mais j'en ferai quand même une ne serait-ce que pour que la suivante soit moins longue. Voyant que rien ne semble retenir ton attention dans le rapport, je te propose de laisser tomber. Désolé si j'étais à côté de la plaque mais le technicien qui est passé (Les mains dans les poches, sans matériel pour tester) à prétendu que cela venait du PC. Je pense que la solution va passer par un changement de fournisseur d'accès. En tous cas, merci beaucoup pour ton aide. Bonne soirée.

Bonjour, J'ai un soucis de lenteur. Cela se manifeste pour ouvrir de simples documents mais aussi pour la connexion et le téléchargement internet. Je ne sais pas si la lenteur internet est liée à mon PC comme le prétend le technicien de mon fournisseur d'accès (estvideo.com) mais je tente ma chance en faisant appel à vos compétences et en déposant ce rapport: Logfile of HijackThis v1.99.1 Scan saved at 18:53:42, on 30/09/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\carpserv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\ALCWZRD.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Michel\Bureau\Download divers\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.estvideo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.targa.co.uk O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.targa.co.uk O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...te.cab?10971642 61734 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) Merci d'avance à toute personne qui prendra le temps de trouver le(s) problème(s). A bientôt j'espère.

C'est très gentil de ta part did71 mais cela n'est pas si génant: Il me signale juste que des mises à jours sont prêtes à être téléchargées et de temps en temps, il faut fermer une fenêtre. Si je ne veux pas télécharger les mises à jours JAVA, c'est parceque la dernière fois que je l'ai fait, j'ai eu quelques soucis. Encore merci et bravo.

did71: MERCI !! Enfin je ne vois plus apparaître ce message à fermer régulièrement. Alors bravo et merci ! Ce qui est surprenant, c'est que j'avais fait cette manipulation plusieurs fois. La différence vient peut-être du lien que tu m'as transmis pour SmitfraudFix ... Je l'avais pourtant téléchargé à partir d'un lien sur ce forum il n'y a que quelque jours !? Une autre explication pourrait être que je faisais toujours le choix 1 avant de faire le 2, alors que là, j'ai fait directement le choix 2. (??) Quoi qu'il en soit, il risque d'y avoir d'autres choses dans les rapports mais pour l'instant, aucun symptôme désagréable. Juste peut-être JAVA qui me harcelle aussi pour télécharger une version plus récente. Il y a moyen de le faire se taire ? Voici les rapports obtenus: SmitFraudFix v2.25 Rapport fait à 20:09:01,51 le 15/03/2006 Executé à partir de C:\Documents and Settings\Michel\Bureau\Download divers\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\WINDOWS\system32\dfrgsrv.exe supprimé C:\WINDOWS\system32\ginuerep.dll supprimé C:\Documents and Settings\Michel\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyFalcon 2.0.lnk supprimé C:\Documents and Settings\Michel\Bureau\SpyFalcon.lnk supprimé C:\Documents and Settings\Michel\Favoris\Antivirus Test Online.url supprimé C:\Documents and Settings\Michel\Menu Démarrer\SpyFalcon 2.0.lnk supprimé C:\Documents and Settings\Michel\Menu Démarrer\Programmes\SpyFalcon supprimé C:\Program Files\SpyFalcon\ supprimé »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport Logfile of HijackThis v1.99.1 Scan saved at 20:21:03, on 15/03/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\WINDOWS\system32\carpserv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\ALCWZRD.EXE C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Michel\Bureau\Download divers\hijackthis\HijackThis.exe O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.targa.co.uk O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1097164261734 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) Merci encore.

Merci did71 pour ta rapidité. Voici le résultat: SmitFraudFix v2.25 Rapport fait à 19:58:01,39 le 15/03/2006 Executé à partir de C:\Documents and Settings\Michel\Bureau\Download divers\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\ »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32 C:\WINDOWS\system32\dfrgsrv.exe PRESENT ! C:\WINDOWS\system32\ginuerep.dll PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\Michel\Application Data C:\Documents and Settings\Michel\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyFalcon 2.0.lnk PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer C:\Documents and Settings\Michel\Menu Démarrer\SpyFalcon 2.0.lnk PRESENT ! C:\Documents and Settings\Michel\Menu Démarrer\Programmes\SpyFalcon PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Recherche Favoris C:\Documents and Settings\Michel\Favoris\Antivirus Test Online.url PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau C:\Documents and Settings\Michel\Bureau\SpyFalcon.lnk PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files C:\Program Files\SpyFalcon\ PRESENT! »»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" [HKEY_CLASSES_ROOT\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\system32\browseui.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\system32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" [HKEY_CLASSES_ROOT\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\system32\browseui.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\system32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}"="Prestige Software" [HKEY_CLASSES_ROOT\CLSID\{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}\InProcServer32] @="C:\WINDOWS\system32\ginuerep.dll" [HKEY_CURRENT_USER\Software\Classes\CLSID\{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}\InProcServer32] @="C:\WINDOWS\system32\ginuerep.dll" »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport Pour info, j'avais déjà fait cette action, suivi du choix 2 (en mode sans échec), après avoir viré manuellement les fichiers Spyfalcon de programme files + via ajout/suppression de programmes + vidage corbeille ... Merci encore.

Bonjour à tous, D'avance merci à ceux qui voudront bien se pencher sur mon problème. J'ai bien repéré qu'il y avait un post dédié à l'éradication de Spyfalcon. Après avoir téléchargé la version d'antivir, j'ai tenté de le paramétrer comme l'explique le document mentionné dans le post. Le problème est que les menus qui apparaissent ne ressemblent pas du tout à ce qui est dans la documentation. Il a malgré tout pris le dessus sur AVAST au niveau de la protection P2P, ... Je pense avoir tout essayé ce qui était préconisé dans les nombreux sujets dédiés au sujet mais cette cochonerie s'active même en mode sans échec !! Je tente ma chance en transmettant ce rapport Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 19:36:49, on 15/03/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\carpserv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\ALCWZRD.EXE C:\Program Files\SpyFalcon\SpyFalcon.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\SpyFalcon\SpyFalcon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Michel\Bureau\Download divers\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://francesim.com/Default.aspx?C=1&SC=202&T=M&P=-1 O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [spyFalcon] C:\Program Files\SpyFalcon\SpyFalcon.exe /h O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.targa.co.uk O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1097164261734 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) Merci de bien vouloir me dire ce que je peux faire. A bientôt.

Salut Charles, Qc001, J'ai fixé la sélection O2 - BHO: (no name) - {85012860-9384-8974-FC58-BDC9D8C76FC1} - (no file) J'ai l'impression que certains problèmes persistent comme le débranchement vers certains sites non souhaités sous internet mais je ne sais toujours pas si cela peut être lié au site lui même. Dans tous les cas, désormais je n'ai plus besoin "d'abandonner la connexion" toutes les 6 à 7 minutes. L'autre principal problème qui était le plantage répété d'applications (liées à l'explorateur je crois), semble également éradiqué. Encore un grand MERCI à tous. Faut-il compléter le titre ou l'objet du post avec la mention "(résolu)" ?

Voici ce qu' Hijackthis a détecté: Logfile of HijackThis v1.99.1 Scan saved at 23:46:16, on 19/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\WINDOWS\system32\carpserv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\ALCWZRD.EXE C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Michel\Bureau\Download divers\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {85012860-9384-8974-FC58-BDC9D8C76FC1} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.targa.co.uk O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...e.cab?109716426 1734 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) Merci encore.

Et pourtant Qc001, je t'ai fait une confiance aveugle: Avant de lire ton dernier post, j'avais désactivé la protection et lancé Panda. Voici le résultat: Incident Statut Analyse Adware:adware/navipromo No Désinfecté C:\WINDOWS\SYSTEM32\xnairo_nav.dat Adware:adware/gator No Désinfecté C:\WINDOWS\GatorFDDLI.log Dialer:dialer.ags No Désinfecté HKEY_CURRENT_USER\SOFTWARE\MONTORGUEIL Adware:adware/slagent No Désinfecté Registre Windows Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Michel\Cookies\michel@atdmt[2].txt Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Michel\Cookies\michel@doubleclick[1].txt Spyware:Cookie/Hypercount No Désinfecté C:\Documents and Settings\Michel\Cookies\michel@hypercount[1].txt Spyware:Cookie/Reliablestats No Désinfecté C:\Documents and Settings\Michel\Cookies\michel@stats1.reliablestats[2].txt Spyware:Cookie/Toplist No Désinfecté C:\Documents and Settings\Michel\Cookies\michel@toplist[1].txt Spyware:Cookie/Valueclick No Désinfecté C:\Documents and Settings\Michel\Cookies\michel@valueclick[1].txt Spyware:Cookie/WebPower No Désinfecté C:\Documents and Settings\Michel\Cookies\michel@webpower[1].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Michel\Cookies\michel@xiti[1].txt Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Michel\Cookies\michel@atdmt[2].txt Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Michel\Cookies\michel@doubleclick[1].txt Spyware:Cookie/Hypercount No Désinfecté C:\Documents and Settings\Michel\Cookies\michel@hypercount[1].txt Spyware:Cookie/Reliablestats No Désinfecté C:\Documents and Settings\Michel\Cookies\michel@stats1.reliablestats[2].txt Spyware:Cookie/Toplist No Désinfecté C:\Documents and Settings\Michel\Cookies\michel@toplist[1].txt Spyware:Cookie/Valueclick No Désinfecté C:\Documents and Settings\Michel\Cookies\michel@valueclick[1].txt Spyware:Cookie/WebPower No Désinfecté C:\Documents and Settings\Michel\Cookies\michel@webpower[1].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Michel\Cookies\michel@xiti[1].txt Spyware:Cookie/adstat No Désinfecté C:\Documents and Settings\Michel\Mes documents\messécu\Cookies\michel@ad.stat.4u[1].txt Spyware:Cookie/Hbmediapro No Désinfecté C:\Documents and Settings\Michel\Mes documents\messécu\Cookies\michel@adopt.hbmediapro[2].txt Spyware:Cookie/Ask No Désinfecté C:\Documents and Settings\Michel\Mes documents\messécu\Cookies\michel@ask[1].txt Spyware:Cookie/Belnk No Désinfecté C:\Documents and Settings\Michel\Mes documents\messécu\Cookies\michel@ath.belnk[2].txt Spyware:Cookie/Azjmp No Désinfecté C:\Documents and Settings\Michel\Mes documents\messécu\Cookies\michel@azjmp[2].txt Spyware:Cookie/Belnk No Désinfecté C:\Documents and Settings\Michel\Mes documents\messécu\Cookies\michel@belnk[1].txt Spyware:Cookie/BurstNet No Désinfecté C:\Documents and Settings\Michel\Mes documents\messécu\Cookies\michel@burstnet[1].txt Spyware:Cookie/Enhance No Désinfecté C:\Documents and Settings\Michel\Mes documents\messécu\Cookies\michel@c.enhance[1].txt Spyware:Cookie/GoStats No Désinfecté C:\Documents and Settings\Michel\Mes documents\messécu\Cookies\michel@c2.gostats[2].txt Spyware:Cookie/GoStats No Désinfecté C:\Documents and Settings\Michel\Mes documents\messécu\Cookies\michel@c3.gostats[2].txt Spyware:Cookie/Com.com No Désinfecté C:\Documents and Settings\Michel\Mes documents\messécu\Cookies\michel@com[2].txt Spyware:Cookie/Belnk No Désinfecté C:\Documents and Settings\Michel\Mes documents\messécu\Cookies\michel@dist.belnk[2].txt Spyware:Cookie/fe.lea.lycos No Désinfecté C:\Documents and Settings\Michel\Mes documents\messécu\Cookies\michel@fe.lea.lycos[2].txt Spyware:Cookie/fe.lea.lycos No Désinfecté C:\Documents and Settings\Michel\Mes documents\messécu\Cookies\michel@fe.lea.lycos[3].txt Spyware:Cookie/GoStats No Désinfecté C:\Documents and Settings\Michel\Mes documents\messécu\Cookies\michel@gostats[2].txt Spyware:Cookie/Itrack No Désinfecté C:\Documents and Settings\Michel\Mes documents\messécu\Cookies\michel@ilead.itrack[2].txt Spyware:Cookie/TouchClarity No Désinfecté C:\Documents and Settings\Michel\Mes documents\messécu\Cookies\michel@intercasino.touchclarity[1].txt Spyware:Cookie/Microsofte No Désinfecté C:\Documents and Settings\Michel\Mes documents\messécu\Cookies\michel@microsofteup.112.2o7[1].txt Spyware:Cookie/Outster No Désinfecté C:\Documents and Settings\Michel\Mes documents\messécu\Cookies\michel@outster[2].txt Spyware:Cookie/Paypopup No Désinfecté C:\Documents and Settings\Michel\Mes documents\messécu\Cookies\michel@paypopup[1].txt Spyware:Cookie/Searchportal No Désinfecté C:\Documents and Settings\Michel\Mes documents\messécu\Cookies\michel@searchportal.information[2].txt Spyware:Cookie/Reliablestats No Désinfecté C:\Documents and Settings\Michel\Mes documents\messécu\Cookies\michel@stats1.reliablestats[1].txt Spyware:Cookie/Toplist No Désinfecté C:\Documents and Settings\Michel\Mes documents\messécu\Cookies\michel@toplist[1].txt Spyware:Cookie/Tucows No Désinfecté C:\Documents and Settings\Michel\Mes documents\messécu\Cookies\michel@tucows[1].txt Spyware:Cookie/WebPower No Désinfecté C:\Documents and Settings\Michel\Mes documents\messécu\Cookies\michel@webpower[2].txt Spyware:Cookie/myaffiliateprogram No Désinfecté C:\Documents and Settings\Michel\Mes documents\messécu\Cookies\michel@www.myaffiliateprogram[1].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Michel\Mes documents\messécu\Cookies\michel@xiti[1].txt Spyware:Cookie/Xmts No Désinfecté C:\Documents and Settings\Michel\Mes documents\messécu\Cookies\michel@xmts[1].txt Spyware:Cookie/Yadro No Désinfecté C:\Documents and Settings\Michel\Mes documents\messécu\Cookies\michel@yadro[1].txt A priori, Panda se contente de détecter ce qui ne va pas mais ne propose pas de désinfecter. Que puis-je faire ? Merci d'avance.

Salut Charles, Qc001, Merci pour vos réponses. Le dernier lien Charles (Hausecall) me fait planter IE après l'avoir laissé passer via le pare-feu. Concernant Panda, Qc001, j'ai quand même la crainte de stopper la protection résidente vu que le fichier semble clairement reconnu comme étant un ver par AVAST. Que dois-je faire ? Merci d'avance.

C'est enfin terminé. Avast m'a fait mettre pas mal de fichiers en quarantaine. Voici le rapport du scan: ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Thursday, January 19, 2006 17:11:09 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 19/01/2006 Kaspersky Anti-Virus database records: 171890 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ Scan Statistics: Total number of scanned objects: 359061 Number of viruses found: 11 Number of infected objects: 188 Number of suspicious objects: 0 Duration of the scan process: 7533 sec Infected Object Name - Virus Name C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP167\A0125353.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP168\A0125403.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP169\A0125578.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP169\A0125616.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP170\A0125664.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP170\A0125698.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP170\A0125709.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP171\A0125772.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP172\A0125821.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP172\A0125858.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP172\A0125902.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP172\A0125948.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP172\A0125972.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP172\A0126975.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP172\A0127005.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP172\A0127038.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP173\A0128041.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP173\A0129042.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP173\A0129073.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP173\A0129090.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP173\A0129103.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP173\A0129131.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP173\A0129144.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP174\A0130144.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP174\A0130205.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP174\A0130231.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.i C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP174\A0130232.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP174\A0130251.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP186\A0131230.exe Infected: not-a-virus:AdWare.Win32.Gator.o C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP186\A0131563.exe Infected: Trojan-Downloader.Win32.INService.gen C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP202\A0134012.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP202\A0134033.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP202\A0134053.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP203\A0134102.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP203\A0134113.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP203\A0134158.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP203\A0134168.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP204\A0134187.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP204\A0134233.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP204\A0134244.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP204\A0134260.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP204\A0134331.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP204\A0134355.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP204\A0134368.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP204\A0134397.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP205\A0134436.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP205\A0134470.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP205\A0134477.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0134507.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0134517.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0134527.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0134529.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0135525.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0136525.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0136526.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0136527.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0137525.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0137526.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0137527.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0137539.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0137540.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0137541.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0138540.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0138541.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0138542.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0138548.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0139540.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0139541.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0139542.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0139545.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0139550.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0139571.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0139572.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0139573.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0139575.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0140567.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0140568.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0140569.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0141567.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0141568.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0141569.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0141572.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0142567.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0142568.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0142570.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0143568.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0143569.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0143570.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0143578.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0143590.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0143591.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP206\A0143592.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP207\A0143614.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP207\A0143615.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP207\A0143616.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP207\A0143624.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP207\A0143625.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP207\A0143626.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP207\A0144625.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP207\A0144626.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP207\A0144627.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP207\A0145625.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP207\A0145626.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP207\A0145627.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP208\A0145638.exe Infected: Trojan-Downloader.Win32.Centim.an C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP208\A0146629.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP208\A0146630.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP208\A0146631.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP208\A0146633.exe Infected: Trojan.Win32.Favadd.an C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP208\A0147626.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP208\A0147627.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP208\A0147628.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP208\A0147629.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP208\A0148625.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP208\A0148626.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP209\A0148648.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP209\A0148649.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP209\A0148650.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP209\A0149645.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP209\A0149646.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP209\A0149647.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP210\A0150645.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP210\A0150646.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP210\A0150647.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP211\A0150660.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP211\A0150661.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP211\A0150662.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP212\A0150682.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP212\A0150683.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP212\A0150684.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP212\A0150696.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP212\A0150697.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP212\A0150698.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP212\A0151696.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP212\A0151697.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP212\A0151698.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP212\A0152696.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP212\A0152697.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP212\A0152698.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP212\A0152701.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP212\A0153697.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP212\A0153698.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP212\A0153699.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP212\A0153720.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP212\A0153721.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP212\A0153750.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP212\A0153751.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP213\A0154752.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP213\A0154753.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP213\A0154761.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP213\A0154762.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP213\A0154771.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP213\A0154772.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP213\A0155772.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP213\A0155773.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP213\A0155816.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP213\A0155817.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP214\A0155843.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP214\A0155844.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP214\A0156844.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP214\A0156845.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP214\A0156923.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP214\A0156924.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP214\A0156935.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP214\A0156936.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP214\A0157936.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP214\A0157937.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP214\A0158936.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP214\A0158937.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP214\A0158978.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP214\A0158979.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP215\A0160033.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP215\A0160034.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP215\A0160064.exe Infected: Trojan.Win32.DNSChanger.as C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP215\A0160065.exe Infected: Trojan-Downloader.Win32.Centim.an C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP215\A0160081.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP215\A0160104.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP217\A0160135.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP217\A0160171.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP218\A0160257.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP218\A0160294.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP219\A0160320.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP219\A0160321.exe Infected: Trojan.Win32.Small.fb C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP219\A0160324.exe Infected: Trojan.Win32.Favadd.an C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP220\A0160441.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP220\A0160442.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{A0353982-7F7F-42B2-9509-239C2AFEDD0F}\RP220\A0160443.exe Infected: not-a-virus:AdWare.Win32.PurityScan.bm C:\WINDOWS\system32\xnairo.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m Scan process completed. Merci d'avance.

Ok, merci, voici le log et je fais le scan en ligne avant de répondre à nouveau: Logfile of HijackThis v1.99.1 Scan saved at 14:47:52, on 19/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\ALCWZRD.EXE C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cmd.exe C:\Documents and Settings\Michel\Bureau\Download divers\hijackthis\HijackThis.exe C:\WINDOWS\system32\ping.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {85012860-9384-8974-FC58-BDC9D8C76FC1} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.targa.co.uk O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...e.cab?109716426 1734 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iexplore.exe doesn't exist HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx doesn't exist HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run doesn't exist HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe ----------------------- ----------------------- REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\7-Zip] @="{23170F69-40C1-278A-1000-000100020000}" [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Fichiers hors connexion] @="{750fdf0e-2a26-11d1-a3ea-080036587f03}" [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\InoShell] @="{DCED20BE-3645-11D4-BC95-00C04F0E0588}" [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With] @="{09799AFB-AD67-11d1-ABCD-00C04FC30936}" [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu] @="{A470F8CF-A1E8-4f65-8335-227475AA5C46}" [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}] @="Épingle du menu Démarrer" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook" "{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AOLSAV"="C:\\PROGRA~1\\TECHCI~1\\AOLSAV\\AOLAgent.exe" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe" "SoundMan"="SOUNDMAN.EXE" "RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER" "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg" "OEM-Reset"="" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\"" "CARPService"="carpserv.exe" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime" "AlcWzrd"="ALCWZRD.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\"" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce] Scheduled Tasks Folder Contents * C:\WINDOWS\Tasks\desktop.ini C:\WINDOWS\Tasks\SA.DAT A tout de suite.

Merci Charles, mais lors de l'utilisation de PANDA, un ver est détecté et le message d'erreur est le suivant: Une erreur s'est produite lors du téléchargement de Panda ActiveScan. Recommencez l'opération. Si l'erreur se produit de nouveau, redémarrez votre ordinateur et essayer une nouvelle foisLes raisons de l’erreur peuvent être: Ne pas autoriser le téléchargement du contrôle ActiveScan de l’application. Des problèmes avec la connexion Internet. Une erreur est survenue au cours de l’installation d’ActiveScan. Merci de vérifier que votre connexion Internet fonctionne puis cliquez sur 'Réessayer'. Concernant Ewido, je crains qu'il ne révèle quelques passages sur des sites déconseillés par les experts en sécurité que vous êtes (Sites de Q) mais ... je ne regrette rien et si c'était à refaire, ... je le referai voici le 1er rapport (interrompu par ma femme qui voulait dormir): --------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 00:34:13, 18/01/2006 + Somme de contrôle: 8BB4AE5D + Résultats du scan: HKU\S-1-5-21-2290462465-2139536985-3894593739-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{008DB894-99ED-445D-8547-0E7C9808898D} -> Spyware.Slagent : Nettoyer et sauvegarder HKU\S-1-5-21-2290462465-2139536985-3894593739-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08BEC6AA-49FC-4379-3587-4B21E286C19E} -> Spyware.SBSoft : Nettoyer et sauvegarder HKU\S-1-5-21-2290462465-2139536985-3894593739-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@atdmt[2].txt -> Spyware.Cookie.Atdmt : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@counter.hitslink[1].txt -> Spyware.Cookie.Hitslink : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@counter1.sextracker[1].txt -> Spyware.Cookie.Sextracker : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@counter11.sextracker[2].txt -> Spyware.Cookie.Sextracker : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@counter12.sextracker[1].txt -> Spyware.Cookie.Sextracker : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@counter15.sextracker[2].txt -> Spyware.Cookie.Sextracker : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@counter4.sextracker[2].txt -> Spyware.Cookie.Sextracker : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@counter7.sextracker[2].txt -> Spyware.Cookie.Sextracker : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@counter8.sextracker[1].txt -> Spyware.Cookie.Sextracker : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@cs.sexcounter[2].txt -> Spyware.Cookie.Sexcounter : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@cz3.clickzs[2].txt -> Spyware.Cookie.Clickzs : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@cz7.clickzs[2].txt -> Spyware.Cookie.Clickzs : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@estat[1].txt -> Spyware.Cookie.Estat : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@findwhat[1].txt -> Spyware.Cookie.Findwhat : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@paycounter[1].txt -> Spyware.Cookie.Paycounter : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@server.iad.liveperson[2].txt -> Spyware.Cookie.Liveperson : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@sextracker[1].txt -> Spyware.Cookie.Sextracker : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@valueclick[1].txt -> Spyware.Cookie.Valueclick : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@xxxcounter[1].txt -> Spyware.Cookie.Xxxcounter : Nettoyer et sauvegarder ::Fin du rapport Et voici le second: --------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 13:22:38, 19/01/2006 + Somme de contrôle: B7BB7CCE + Résultats du scan: C:\WINDOWS\system32\msclock32.dll -> Adware.NaviPromo : Nettoyer et sauvegarder C:\WINDOWS\system32\msplock32.dll -> Adware.NaviPromo : Nettoyer et sauvegarder C:\WINDOWS\system32\wυauboot.exe -> Downloader.PurityScan.k : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@counter11.sextracker[1].txt -> Spyware.Cookie.Sextracker : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@counter15.sextracker[1].txt -> Spyware.Cookie.Sextracker : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@counter4.sextracker[1].txt -> Spyware.Cookie.Sextracker : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@counter7.sextracker[1].txt -> Spyware.Cookie.Sextracker : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@counter8.sextracker[1].txt -> Spyware.Cookie.Sextracker : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@counter9.sextracker[1].txt -> Spyware.Cookie.Sextracker : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@paycounter[2].txt -> Spyware.Cookie.Paycounter : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@sextracker[2].txt -> Spyware.Cookie.Sextracker : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@valueclick[1].txt -> Spyware.Cookie.Valueclick : Nettoyer et sauvegarder C:\Documents and Settings\Michel\Cookies\michel@xxxcounter[1].txt -> Spyware.Cookie.Xxxcounter : Nettoyer et sauvegarder ::Fin du rapport Merci encore.

Salut Charles, Jack Merci encore. Voici le résultat de la dernière procédure: Logfile of HijackThis v1.99.1 Scan saved at 13:31:46, on 19/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\WINDOWS\system32\carpserv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\ALCWZRD.EXE C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Documents and Settings\Michel\Bureau\Download divers\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {85012860-9384-8974-FC58-BDC9D8C76FC1} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.targa.co.uk O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1097164261734 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) Merci d'avance à qui voudra bien me dire si c'est OK.

Merci pour la réponse Charles, Voici le rapport FixWareout: Fixwareout ver 1.003 Last edited 1/12/2006 Post this report in the forums please Reg Entries that were deleted HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\xedocne HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\repiwoh HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\23plhps HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\mgcppp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\tesvaf HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\32refaselif HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\gib_ogol HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\gigmd HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Search by size and names... C:\WINDOWS\SYSTEM32\CSLOY.EXE C:\WINDOWS\SYSTEM32\DMGIG.EXE C:\WINDOWS\SYSTEM32\DMMJZ.EXE »»»»» Misc files »»»»» Checking for older varients covered by the Rem3 tool Et voici le rapport Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 22:13:42, on 17/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\carpserv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\ALCMTR.EXE C:\WINDOWS\system32\w?auboot.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Documents and Settings\Michel\Bureau\Download divers\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {85012860-9384-8974-FC58-BDC9D8C76FC1} - C:\WINDOWS\system32\fdstm.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int152802.exe -auto O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [dmeuy.exe] C:\WINDOWS\system32\dmeuy.exe O4 - HKCU\..\Run: [Wwvmcdy] C:\WINDOWS\system32\w?auboot.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Acus] C:\Documents and Settings\Michel\Application Data\rotm.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.targa.co.uk O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1097164261734 O16 - DPF: {E3943A24-2F83-4505-9AE5-F705E81B50CB} - http://akamai.downloadv3.com/binaries/EGDA...ESS_1055_XP.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) Cela ne me gène pas plus que ça, mais ma page de démarrage a basculé vers msn. Merci de bien vouloir me dire si tout est normal. A bientôt.

Salut Charles, Jack Lorsque je lance FixWareout et vais jusqu'à "finish", Windows AntiSpyware me dit qu'une application a besoin de mon accord et lorsque je le donne, il ne s'arrête pas de me reposer la même question : Allow ou Block. Il n'y a que "Block" qui me sort de cette boucle. Faut-il que je désactive l'antispyware et cela ne présente-t-il pas un risque ? Merci d'avance.

Bonsoir à tous, Tout d'abord, désolé de ne répondre que maintenant ... Jack, MERCI !! Après avoir fait ce que disais, plus de soucis. En tous cas, à priori. Sauf peut-être les sites qui ne sont pas ceux attendus mais je crois que cela peut venir du site lui-même ... Tu confirmes ? Voici tout de même le rapport que j'ai obtenu, si tu veux bien toutefois t'y plonger : Logfile of HijackThis v1.99.1 Scan saved at 23:02:07, on 12/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\WINDOWS\system32\carpserv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\ALCMTR.EXE C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\WINDOWS\system32\w?auboot.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Documents and Settings\Michel\Bureau\Download divers\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.evc.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.targa.co.uk R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {85012860-9384-8974-FC58-BDC9D8C76FC1} - C:\WINDOWS\system32\fdstm.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int152802.exe -auto O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [dmczp.exe] C:\WINDOWS\system32\dmczp.exe O4 - HKCU\..\Run: [Wwvmcdy] C:\WINDOWS\system32\w?auboot.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Acus] C:\Documents and Settings\Michel\Application Data\rotm.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.targa.co.uk O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1097164261734 O16 - DPF: {E3943A24-2F83-4505-9AE5-F705E81B50CB} - http://akamai.downloadv3.com/binaries/EGDA...ESS_1055_XP.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{49CF56DE-9E3B-490C-9757-76792371E21F}: NameServer = 85.255.115.236,85.255.112.168 O17 - HKLM\System\CCS\Services\Tcpip\..\{4C430387-22CE-4E6A-9ED9-85D312E6E41A}: NameServer = 85.255.115.236,85.255.112.168 O17 - HKLM\System\CCS\Services\Tcpip\..\{7FE31BA0-ED64-43B8-A30F-FF82E401D6D2}: NameServer = 85.255.115.236,85.255.112.168 O17 - HKLM\System\CCS\Services\Tcpip\..\{C3116177-F0DA-4D80-8B46-0E8C5514D839}: NameServer = 85.255.115.236,85.255.112.168 O17 - HKLM\System\CCS\Services\Tcpip\..\{CB0E73FD-0A39-4DAC-BABF-10D1DAD2BB70}: NameServer = 85.255.115.236,85.255.112.168 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) Je crois avoir reconnu que certains fichiers n'étaient plus présents: C:\Program Files\Internet Explorer\iexplore.exe O4 - HKLM\..\Run: [dmwzv.exe] C:\WINDOWS\system32\dmwzv.exe O4 - HKLM\..\Run: [hgqhp.exe] C:\WINDOWS\system32\hgqhp.exe Alors qu'un autre y est désormais: O4 - HKLM\..\Run: [dmczp.exe] C:\WINDOWS\system32\dmczp.exe Peut-être connais-tu l'impact de chacun d'eux et/ou leur origine ? Dans tous les cas, encore merci.

Bonjour à tous, Avant tout, merci à tous ceux qui apportent une aide aux personnes infectées. Ce n'est pas faute d'avoir essayé de m'en sortir seul, mais ... Quelques symptômes: 1) AVAST détecte 2 ou 3 troyens et un adware ce qui m'oblige à "abandonner la connexion" et ce, toutes les 6 à 7 minutes. 2) Sous internet, des pages débranchent vers d'autres qui ne sont pas celles attendues. 3) Certains programmes subitement "ne répondent plus" et lorsqu'ils sont les seuls ouverts obligent, après avoir fait "terminer maintenant", à éteindre l'ordinateur. 4) ... ? L'action effectuée: En mode sans échec, suppression des fichiers "Local Settings\Temp , ..." préconisés dans le document d'aide à l'analyse de rapport Hijackthis. Les dossiers qui sont restés impossibles à supprimer sont: C:\Documents and Settings\Michel\Local Settings\Temp\AAWTMP\C1230531\BB19F C:\Documents and Settings\Michel\Local Settings\Temp\AAWTMP\C99859\3CA830 Les autres que j'avais réussi à supprimer sont revenus entre temps. Le résultat du scan Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 19:52:21, on 11/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\WINDOWS\system32\carpserv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\ALCMTR.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\w?auboot.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Documents and Settings\Michel\Bureau\Download divers\hijackthis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.evc.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.targa.co.uk R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {85012860-9384-8974-FC58-BDC9D8C76FC1} - C:\WINDOWS\system32\fdstm.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int152802.exe -auto O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [dmwzv.exe] C:\WINDOWS\system32\dmwzv.exe O4 - HKLM\..\Run: [hgqhp.exe] C:\WINDOWS\system32\hgqhp.exe O4 - HKCU\..\Run: [Wwvmcdy] C:\WINDOWS\system32\w?auboot.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Acus] C:\Documents and Settings\Michel\Application Data\rotm.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.targa.co.uk O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1097164261734 O16 - DPF: {E3943A24-2F83-4505-9AE5-F705E81B50CB} - http://akamai.downloadv3.com/binaries/EGDA...ESS_1055_XP.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{49CF56DE-9E3B-490C-9757-76792371E21F}: NameServer = 85.255.115.236,85.255.112.168 O17 - HKLM\System\CCS\Services\Tcpip\..\{4C430387-22CE-4E6A-9ED9-85D312E6E41A}: NameServer = 85.255.115.236,85.255.112.168 O17 - HKLM\System\CCS\Services\Tcpip\..\{7FE31BA0-ED64-43B8-A30F-FF82E401D6D2}: NameServer = 85.255.115.236,85.255.112.168 O17 - HKLM\System\CCS\Services\Tcpip\..\{C3116177-F0DA-4D80-8B46-0E8C5514D839}: NameServer = 85.255.115.236,85.255.112.168 O17 - HKLM\System\CCS\Services\Tcpip\..\{CB0E73FD-0A39-4DAC-BABF-10D1DAD2BB70}: NameServer = 85.255.115.236,85.255.112.168 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) Merci d'avance à qui voudra bien prendre le temps de l'analyser et un grand BRAVO si il me sort de là. A bientôt.