nirvan32

Bonsoir à tous, DID71, Antivir me met le message suivant lorsque je veux dézipper SmitfraudFix : processe.exe contains signature of the SPR/Processor.20 program. Que dois-je faire ? Merci de ton aide.

Re bonsoir Did71 Voila le rapport SpySweeper : ******** 21:01: | Start of Session, jeudi 30 mars 2006 | 21:01: Spy Sweeper started 21:01: Sweep initiated using definitions version 644 21:01: Starting Memory Sweep 21:06: Memory Sweep Complete, Elapsed Time: 00:04:54 21:06: Starting Registry Sweep 21:06: Found Adware: gain - common components 21:06: HKCR\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}\ (7 subtraces) (ID = 126731) 21:06: HKLM\software\classes\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}\ (7 subtraces) (ID = 126751) 21:06: Found Adware: internetoptimizer 21:06: HKCR\clsid\{00000010-6f7d-442c-93e3-4a4827c2e4c8}\ (11 subtraces) (ID = 128881) 21:06: HKLM\software\classes\clsid\{00000010-6f7d-442c-93e3-4a4827c2e4c8}\ (11 subtraces) (ID = 128892) 21:06: HKLM\software\microsoft\windows\currentversion\run\ || internet optimizer (ID = 128916) 21:07: HKLM\software\classes\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\ (9 subtraces) (ID = 135201) 21:07: HKCR\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\ (9 subtraces) (ID = 135217) 21:07: Found Adware: shopathomeselect 21:07: HKLM\software\winsock2\layered provider sample\ (ID = 141736) 21:07: Found Adware: spysheriff 21:07: HKU\.default\software\microsoft\windows\currentversion\run\ || spysheriff (ID = 142121) 21:07: HKU\.default\software\spysheriff\ (30 subtraces) (ID = 142122) 21:07: Found Adware: syswebtelecom 21:07: HKCR\interface\{66b0c472-a6b5-4e86-8330-f4875af90929}\ (8 subtraces) (ID = 143558) 21:07: HKCR\interface\{639581d0-8376-4073-b73b-45993fa45156}\ (8 subtraces) (ID = 143560) 21:07: HKLM\software\classes\interface\{66b0c472-a6b5-4e86-8330-f4875af90929}\ (8 subtraces) (ID = 143567) 21:07: HKLM\software\classes\interface\{639581d0-8376-4073-b73b-45993fa45156}\ (8 subtraces) (ID = 143569) 21:07: Found Adware: targetsaver 21:07: HKLM\software\microsoft\windows\currentversion\uninstall\tsa\ (2 subtraces) (ID = 143607) 21:07: Found Adware: winad 21:07: HKCR\appid\loaderx.exe\ (1 subtraces) (ID = 147150) 21:07: HKCR\appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}\ (1 subtraces) (ID = 147151) 21:07: HKCR\clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}\ (14 subtraces) (ID = 147153) 21:07: HKLM\software\classes\appid\loaderx.exe\ (1 subtraces) (ID = 147164) 21:07: HKLM\software\classes\appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}\ (1 subtraces) (ID = 147165) 21:07: HKLM\software\classes\clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}\ (14 subtraces) (ID = 147167) 21:07: HKLM\software\classes\typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}\ (9 subtraces) (ID = 147176) 21:07: HKCR\typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}\ (9 subtraces) (ID = 147244) 21:07: Found Adware: command 21:07: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ (7 subtraces) (ID = 892523) 21:07: Found Adware: dollarrevenue 21:07: HKLM\software\policies\ || {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} (ID = 916803) 21:07: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || nomodify (ID = 958653) 21:07: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || noremove (ID = 958654) 21:07: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || norepair (ID = 958655) 21:07: HKLM\system\currentcontrolset\services\cmdservice\ (12 subtraces) (ID = 958670) 21:07: HKLM\software\policies\ || {6bf52a52-394a-11d3-b153-00c04f79faa6} (ID = 967836) 21:07: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (6 subtraces) (ID = 1016064) 21:07: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (8 subtraces) (ID = 1016072) 21:07: Found Trojan Horse: trojan-backdoor-snd 21:07: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\mixer\ (4 subtraces) (ID = 1028541) 21:07: HKLM\software\policies\ || {645ff040-5081-101b-9f08-00aa002f954e} (ID = 1036890) 21:07: HKLM\software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be}\ (7 subtraces) (ID = 1110756) 21:07: HKLM\software\microsoft\drsmartload2\ (1 subtraces) (ID = 1134137) 21:07: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || uninstallstring (ID = 1134952) 21:07: Found Trojan Horse: rbot 21:07: HKLM\software\microsoft\windows\currentversion\runservices\ || winsystems25 (ID = 1187956) 21:07: HKLM\software\microsoft\windows\currentversion\runservices\ || sysctl32 (ID = 1189233) 21:07: Found Trojan Horse: trojan-downloader-conhook 21:07: HKLM\software\microsoft\windows\currentversion\explorer\shellexecutehooks\ || {20d57a66-f7df-467d-907b-9b7f4a118ab7} (ID = 1190602) 21:07: Found Adware: findthewebsiteyouneed hijack 21:07: HKU\S-1-5-21-527237240-926492609-839522115-1003\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437) 21:07: HKU\S-1-5-18\software\microsoft\windows\currentversion\run\ || spysheriff (ID = 142123) 21:07: HKU\S-1-5-18\software\spysheriff\ (30 subtraces) (ID = 142125) 21:07: Found Adware: spywareno! components 21:07: HKU\S-1-5-18\software\sno2\ (ID = 782236) 21:07: Found Adware: cws_secure32.html hijack 21:07: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || local page (ID = 946022) 21:07: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || start page (ID = 946023) 21:07: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || default_page_url (ID = 946026) 21:07: Found Adware: spysheriff fakealert 21:07: HKU\S-1-5-18\software\microsoft\windows\currentversion\run\ || windows installer (ID = 1088024) 21:07: Found Trojan Horse: infected mushrooms 21:07: HKU\S-1-5-18\software\microsoft\windows\currentversion\run\ || winmedia (ID = 1219418) 21:07: Registry Sweep Complete, Elapsed Time:00:00:37 21:07: Starting Cookie Sweep 21:07: Cookie Sweep Complete, Elapsed Time: 00:00:00 21:07: Starting File Sweep 21:07: Found Adware: whenu savenow 21:07: c:\program files\vvsn (ID = -2147480376) 21:07: c:\program files\network monitor (ID = -2147459771) 21:07: Found Adware: bullguard popup ad 21:07: c:\windows\temp\bullguard (1 subtraces) (ID = -2147476409) 21:08: Found Adware: zquest 21:08: dr140306.exe (ID = 267188) 21:08: a0000153.exe (ID = 270018) 21:08: a0000337.exe (ID = 268082) 21:08: a0000203.dll (ID = 267439) 21:08: a0000038.exe (ID = 251354) 21:08: a0000303.exe (ID = 268083) 21:08: Found Adware: look2me 21:08: a0000193.exe (ID = 65722) 21:08: a0000190.exe (ID = 270018) 21:08: a0000271.dll (ID = 256434) 21:09: a0000259.exe (ID = 270018) 21:09: newname4.exe (ID = 268845) 21:09: Found Adware: webhancer 21:09: a0000161.exe (ID = 267886) 21:09: Found Trojan Horse: sdbot 21:09: a0000108.exe (ID = 267738) 21:09: a0000194.com (ID = 65722) 21:09: a.exe (ID = 271541) 21:09: a0000272.dll (ID = 253303) 21:09: a0000059.exe (ID = 260103) 21:09: a0000273.dll (ID = 253304) 21:09: mousepad4.exe (ID = 268843) 21:09: a0000326.dll (ID = 267439) 21:10: Found Trojan Horse: trojan-backdoor-us15info 21:10: a0000309.exe (ID = 183857) 21:10: a0000330.exe (ID = 183857) 21:10: a0000320.exe (ID = 193995) 21:10: a0000310.exe (ID = 183857) 21:10: a0000311.exe (ID = 183857) 21:10: a0000331.exe (ID = 183857) 21:10: a0000351.exe (ID = 270019) 21:10: a0000312.exe (ID = 183857) 21:10: a0000313.exe (ID = 183857) 21:10: a0000314.exe (ID = 183857) 21:10: a0000332.exe (ID = 183857) 21:10: a0000293.exe (ID = 65739) 21:10: a0000333.exe (ID = 183857) 21:10: a0000315.exe (ID = 183857) 21:10: a0000316.exe (ID = 183857) 21:11: a0000189.exe (ID = 267167) 21:11: a0000317.exe (ID = 183857) 21:11: a0000318.exe (ID = 183857) 21:11: a0000187.exe (ID = 323) 21:11: a0000188.exe (ID = 323) 21:11: a0000334.exe (ID = 185985) 21:11: a0000152.exe (ID = 267167) 21:11: a0000308.exe (ID = 185985) 21:11: a0000168.dll (ID = 267884) 21:11: a0000335.exe (ID = 183857) 21:12: a0000074.exe (ID = 185985) 21:12: a0000078.exe (ID = 185985) 21:12: a0000265.exe (ID = 323) 21:12: a0000076.exe (ID = 193995) 21:12: a0000327.com (ID = 65739) 21:12: a0000207.exe (ID = 185985) 21:12: a0000060.exe (ID = 185985) 21:12: a0000145.exe (ID = 323) 21:12: a0000147.exe (ID = 323) 21:12: a0000319.exe (ID = 183857) 21:12: a0000336.exe (ID = 185985) 21:12: a0000156.exe (ID = 257353) 21:13: Found Trojan Horse: trojan-backdoor-superbgirlz 21:13: a0000325.exe (ID = 183963) 21:13: tsuninst.exe (ID = 193501) 21:13: Found Trojan Horse: trojan downloader matcash 21:13: a0000107.exe (ID = 246327) 21:13: a0000270.dll (ID = 253301) 21:14: Found Adware: maxifiles 21:14: a0000198.exe (ID = 244762) 21:14: a0000169.dll (ID = 267881) 21:14: a0000170.exe (ID = 267900) 21:15: a0000061.exe (ID = 193995) 21:15: a0000386.dll (ID = 159) 21:15: a0000295.exe (ID = 65722) 21:16: a0000344.exe (ID = 231443) 21:18: a0000199.exe (ID = 244762) 21:18: gatorpdpsetup.log (ID = 61399) 21:18: bulldownload.exe (ID = 52017) 21:19: a0000048.exe (ID = 269275) 21:20: a0000298.exe (ID = 268083) 21:20: a0000321.exe (ID = 183857) 21:20: a0000210.exe (ID = 185985) 21:20: a0000070.exe (ID = 193995) 21:21: a0000208.exe (ID = 193995) 21:21: a0000294.exe (ID = 268081) 21:21: a0000297.exe (ID = 268082) 21:21: a0000079.exe (ID = 183857) 21:21: class-barrel (ID = 78229) 21:21: Found Adware: coolwebsearch (cws) 21:21: a0000346.exe (ID = 239915) 21:21: a0000201.exe (ID = 193995) 21:22: Found Adware: effective-i toolbar 21:22: a0000212.exe (ID = 59853) 21:22: a0000322.exe (ID = 183857) 21:22: a0000045.exe (ID = 271541) 21:22: a0000340.exe (ID = 268081) 21:22: a0000323.exe (ID = 183857) 21:22: a0000324.exe (ID = 183857) 21:23: vocabulary (ID = 78283) 21:23: a0000263.exe (ID = 260102) 21:23: a0000155.exe (ID = 168558) 21:23: a0000328.exe (ID = 183857) 21:23: a0000099.exe (ID = 183857) 21:23: a0000261.exe (ID = 260125) 21:23: a0000080.exe (ID = 183857) 21:23: a0000041.exe (ID = 246327) 21:23: newname2[1].exe (ID = 269030) 21:23: Warning: Failed to read file "c:\system volume information\_restore{7c361fab-4dee-4c40-9ed4-926bd19870d6}\rp1\a0000329.exe". Opération réussie 21:23: Found Trojan Horse: trojan-downloader-toolbarpartner 21:23: a0000154.exe (ID = 268844) 21:23: a0000213.exe (ID = 267157) 21:24: a0000101.exe (ID = 183857) 21:24: a0000011.dll (ID = 159) 21:24: a0000102.exe (ID = 183857) 21:24: rp5[1].exe (ID = 271541) 21:26: mousepad5.exe (ID = 270020) 21:26: newname5.exe (ID = 270021) 21:26: a0000202.exe (ID = 185985) 21:27: a0000081.exe (ID = 183857) 21:27: a0000082.exe (ID = 183857) 21:27: a0000083.exe (ID = 183857) 21:27: a0000209.exe (ID = 168558) 21:28: dc36.exe (ID = 183857) 21:28: a0000056.exe (ID = 239915) 21:28: a0000338.exe (ID = 183857) 21:29: spysheriff.lnk (ID = 143527) 21:29: spysheriff.lnk (ID = 143527) 21:29: a0000106.exe (ID = 269275) 21:29: a0000073.exe (ID = 185985) 21:29: a0000072.exe (ID = 257306) 21:29: dc32.exe (ID = 183857) 21:29: a0000264.exe (ID = 269030) 21:29: info[1].txt (ID = 90430) 21:29: toolbar[1].txt (ID = 267167) 21:29: a0000269.exe (ID = 267167) 21:29: a0000084.exe (ID = 183857) 21:29: a0000339.exe (ID = 183857) 21:29: a0000296.exe (ID = 185985) 21:29: a0000067.exe (ID = 185985) 21:29: a0000068.exe (ID = 185985) 21:29: a0000167.exe (ID = 267882) 21:29: a0000341.exe (ID = 183857) 21:29: a0000300.exe (ID = 183857) 21:30: dc33.exe (ID = 183857) 21:30: dc37.exe (ID = 183857) 21:30: dc35.exe (ID = 185985) 21:30: a0000342.exe (ID = 183857) 21:30: a0000301.exe (ID = 183857) 21:30: dc34.exe (ID = 183857) 21:30: a0000085.exe (ID = 183857) 21:30: a0000086.exe (ID = 183857) 21:30: a0000343.exe (ID = 183857) 21:30: a0000292.exe (ID = 183857) 21:30: a0000302.exe (ID = 183857) 21:30: atmtd.dll (ID = 166754) 21:30: dc38.htm (ID = 183857) 21:30: a0000304.exe (ID = 183857) 21:30: a0000305.exe (ID = 183857) 21:31: a0000069.exe (ID = 193995) 21:31: a0000306.exe (ID = 183857) 21:31: a0000195.exe (ID = 168558) 21:31: atmtd.dll._ (ID = 166754) 21:31: a0000307.exe (ID = 185985) 21:31: 00r7uoqi.dat (ID = 75821) 21:31: em4nopt7.dat (ID = 75607) 21:31: scd8hq1s.dat (ID = 75674) 21:31: a0000087.exe (ID = 183857) 21:31: a0000088.exe (ID = 183857) 21:31: a0000089.exe (ID = 185985) 21:31: a0000090.exe (ID = 183857) 21:32: tool2[1].txt (ID = 323) 21:32: a0000267.exe (ID = 323) 21:32: a0000350.exe (ID = 268841) 21:32: a0000200.exe (ID = 168558) 21:32: a0000274.exe (ID = 253306) 21:32: a0000105.exe (ID = 183963) 21:32: a0000196.exe (ID = 168558) 21:32: uninstall_nmon.vbs (ID = 231442) 21:32: a0000197.exe (ID = 168558) 21:34: a0000091.exe (ID = 183857) 21:34: a0000092.exe (ID = 183857) 21:34: a0000093.exe (ID = 183857) 21:34: a0000040.exe (ID = 59853) 21:35: a0000075.exe (ID = 193995) 21:35: a0000094.exe (ID = 183857) 21:35: a0000103.exe (ID = 183857) 21:36: a0000095.exe (ID = 183857) 21:37: a0000104.exe (ID = 183857) 21:37: a0000096.exe (ID = 183857) 21:37: a0000055.exe (ID = 256449) 21:37: a0000262.exe (ID = 257353) 21:37: a0000071.exe (ID = 257306) 21:37: a0000260.exe (ID = 257304) 21:37: Found Adware: findthewebsiteyouneed hijacker 21:37: a0000110.exe (ID = 253754) 21:37: a0000064.exe (ID = 254982) 21:37: a0000109.exe (ID = 253753) 21:37: a0000097.exe (ID = 183857) 21:37: secure32.html (ID = 184319) 21:38: a0000077.exe (ID = 185985) 21:38: a0000058.exe (ID = 246327) 21:38: a0000066.exe (ID = 256449) 21:38: a0000098.exe (ID = 183857) 21:38: a0000162.ini (ID = 267887) 21:38: a0000163.ini (ID = 188794) 21:38: oxiililln4o0kx11oyh1lxci.vbs (ID = 185675) 21:38: File Sweep Complete, Elapsed Time: 00:31:25 21:38: Full Sweep has completed. Elapsed time 00:37:10 21:38: Traces Found: 490 21:40: Removal process initiated 21:40: Quarantining All Traces: infected mushrooms 21:40: Quarantining All Traces: look2me 21:40: Quarantining All Traces: rbot 21:40: Quarantining All Traces: sdbot 21:40: Quarantining All Traces: spysheriff fakealert 21:40: Quarantining All Traces: trojan downloader matcash 21:40: Quarantining All Traces: trojan-backdoor-us15info 21:41: Quarantining All Traces: trojan-downloader-toolbarpartner 21:41: Quarantining All Traces: coolwebsearch (cws) 21:41: Quarantining All Traces: dollarrevenue 21:41: Quarantining All Traces: internetoptimizer 21:41: Quarantining All Traces: maxifiles 21:41: Quarantining All Traces: spysheriff 21:41: Quarantining All Traces: trojan-backdoor-snd 21:41: Quarantining All Traces: trojan-backdoor-superbgirlz 21:41: Quarantining All Traces: trojan-downloader-conhook 21:41: Quarantining All Traces: winad 21:41: Quarantining All Traces: zquest 21:41: Quarantining All Traces: bullguard popup ad 21:41: Quarantining All Traces: command 21:41: Quarantining All Traces: cws_secure32.html hijack 21:41: Quarantining All Traces: effective-i toolbar 21:41: Quarantining All Traces: findthewebsiteyouneed hijacker 21:41: Quarantining All Traces: findthewebsiteyouneed hijack 21:41: Quarantining All Traces: shopathomeselect 21:41: Quarantining All Traces: spywareno! components 21:41: Quarantining All Traces: syswebtelecom 21:41: Quarantining All Traces: targetsaver 21:41: Quarantining All Traces: webhancer 21:41: Quarantining All Traces: gain - common components 21:41: Quarantining All Traces: whenu savenow 21:42: Removal process completed. Elapsed time 00:01:59 ******** 20:59: | Start of Session, jeudi 30 mars 2006 | 20:59: Spy Sweeper started 21:00: Your spyware definitions have been updated. 21:01: | End of Session, jeudi 30 mars 2006 | Et voila le rapport Hijack This : Logfile of HijackThis v1.99.1 Scan saved at 21:45:20, on 30/03/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Wanadoo\CnxMon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\yhsjfvt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\System32\ebgqvvmd.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [bh1sobfs] C:\WINDOWS\System32\bh1sobfs.exe O4 - HKLM\..\Run: [WinDLL (steam.dll)] rundll32.exe C:\WINDOWS\System32\steam.dll,start O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Microsoft Update] wuamkop.exe O4 - HKLM\..\Run: [bxmon] rundll32.exe C:\WINDOWS\System32\bxmon.dll,start O4 - HKLM\..\Run: [AdobeReaderPro] winzip.exe O4 - HKLM\..\Run: [Realtek Sound Manager] yhsjfvt.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [WinFix service] ebgqvvmd.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\RunServices: [Microsoft Update] wuamkop.exe O4 - HKLM\..\RunServices: [AdobeReaderPro] winzip.exe O4 - HKLM\..\RunServices: [Realtek Sound Manager] yhsjfvt.exe O4 - HKLM\..\RunServices: [WinFix service] ebgqvvmd.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: officejet 6100.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: sysec(sysec) (sysec) - Unknown owner - C:\WINDOWS\system32\systsec.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing) J'ai quand même l'impression que ça s'améliore. Je n'ai pas eu de pub intempestives depuis un p'tit moment !! C'est bon signe ?! A+

Re bonjour Did71 Voila le rapport VundoFix : VundoFix V4.2.42 Checking Java version... Sun Java not detected Scan started at 19:39:46 30/03/2006 Listing files found while scanning.... C:\WINDOWS\System32\pmnnk.dll C:\WINDOWS\System32\pmnlj.dll C:\WINDOWS\System32\jlnmp.ini C:\WINDOWS\System32\jlnmp.bak1 C:\WINDOWS\System32\jlnmp.bak2 C:\WINDOWS\System32\jlnmp.tmp C:\WINDOWS\System32\pmnnk.dll VundoFix V4.2.42 Checking Java version... Sun Java not detected Scan started at 19:39:59 30/03/2006 Listing files found while scanning.... C:\WINDOWS\System32\pmnnk.dll C:\WINDOWS\System32\pmnlj.dll C:\WINDOWS\System32\jlnmp.ini C:\WINDOWS\System32\jlnmp.bak1 C:\WINDOWS\System32\jlnmp.bak2 C:\WINDOWS\System32\pmnnk.dll C:\WINDOWS\system32\jlnmp.bak1 C:\WINDOWS\system32\jlnmp.bak2 C:\WINDOWS\system32\jlnmp.ini C:\WINDOWS\system32\pmnlj.dll No infected files were found. VundoFix V4.2.42 Checking Java version... Sun Java not detected Scan started at 19:43:04 30/03/2006 Listing files found while scanning.... C:\WINDOWS\System32\pmnnk.dll C:\WINDOWS\System32\pmnlj.dll C:\WINDOWS\System32\jlnmp.ini C:\WINDOWS\System32\jlnmp.bak1 C:\WINDOWS\System32\jlnmp.bak2 C:\WINDOWS\System32\pmnnk.dll C:\WINDOWS\system32\jlnmp.bak1 C:\WINDOWS\system32\jlnmp.bak2 C:\WINDOWS\system32\jlnmp.ini C:\WINDOWS\system32\pmnlj.dll Attempting to delete C:\WINDOWS\System32\pmnnk.dll C:\WINDOWS\System32\pmnnk.dll Could not be deleted. Attempting to delete C:\WINDOWS\System32\pmnlj.dll C:\WINDOWS\System32\pmnlj.dll Has been deleted! Attempting to delete C:\WINDOWS\System32\jlnmp.ini C:\WINDOWS\System32\jlnmp.ini Has been deleted! Attempting to delete C:\WINDOWS\System32\jlnmp.bak1 C:\WINDOWS\System32\jlnmp.bak1 Has been deleted! Attempting to delete C:\WINDOWS\System32\jlnmp.bak2 C:\WINDOWS\System32\jlnmp.bak2 Has been deleted! Attempting to delete C:\WINDOWS\System32\pmnnk.dll C:\WINDOWS\System32\pmnnk.dll Could not be deleted. Performing Repairs to the registry. Done! A priori, il ne peut pas supprimer pmnnk.dll Et voila le rapport Hijack This : Logfile of HijackThis v1.99.1 Scan saved at 19:47:19, on 30/03/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Wanadoo\CnxMon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\yhsjfvt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\System32\ebgqvvmd.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup C:\Program Files\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [bh1sobfs] C:\WINDOWS\System32\bh1sobfs.exe O4 - HKLM\..\Run: [WinDLL (steam.dll)] rundll32.exe C:\WINDOWS\System32\steam.dll,start O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Microsoft Update] wuamkop.exe O4 - HKLM\..\Run: [bxmon] rundll32.exe C:\WINDOWS\System32\bxmon.dll,start O4 - HKLM\..\Run: [AdobeReaderPro] winzip.exe O4 - HKLM\..\Run: [Realtek Sound Manager] yhsjfvt.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [WinFix service] ebgqvvmd.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\RunServices: [Microsoft Update] wuamkop.exe O4 - HKLM\..\RunServices: [winsystems25] winsystems.exe O4 - HKLM\..\RunServices: [sysctl32] sysctl.exe O4 - HKLM\..\RunServices: [AdobeReaderPro] winzip.exe O4 - HKLM\..\RunServices: [Realtek Sound Manager] yhsjfvt.exe O4 - HKLM\..\RunServices: [WinFix service] ebgqvvmd.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: officejet 6100.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O20 - Winlogon Notify: Mixer - sndmixex.dll (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U0FORFJJTkUgQ0hBU1NBR05F\command.exe (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: sysec(sysec) (sysec) - Unknown owner - C:\WINDOWS\system32\systsec.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing) Merci et A+

Bonjour à tous. Suite au message de Did71, voila le rapport de Look2me-Destroyer : Look2Me-Destroyer V1.0.12 Scanning for infected files..... Scan started at 30/03/2006 19:04:05 Infected! C:\WINDOWS\system32\e402ledo1h0c.dll Infected! C:\WINDOWS\system32\k6260gfse6260.dll Infected! C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000034.dll Infected! C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000131.dll Infected! C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000165.dll Infected! C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000171.dll Infected! C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000216.dll Infected! C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000217.dll Infected! C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000218.dll Infected! C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000219.dll Infected! C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000220.dll Infected! C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000221.dll Infected! C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000222.dll Infected! C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000223.dll Infected! C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000224.dll Infected! C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000256.dll Infected! C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000277.dll Infected! C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000281.dll Infected! C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000345.dll Infected! C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000357.dll Infected! C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000361.dll Infected! C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000373.dll Infected! C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000380.dll Infected! C:\WINDOWS\system32\Abdiodev.dll Infected! C:\WINDOWS\system32\j0j6la1s1d.dll Infected! C:\WINDOWS\system32\k6260gfse6260.dll Attempting to delete infected files... Attempting to delete: C:\WINDOWS\system32\k6260gfse6260.dll C:\WINDOWS\system32\k6260gfse6260.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000034.dll C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000034.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000131.dll C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000131.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000165.dll C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000165.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000171.dll C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000171.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000216.dll C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000216.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000217.dll C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000217.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000218.dll C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000218.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000219.dll C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000219.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000220.dll C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000220.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000221.dll C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000221.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000222.dll C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000222.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000223.dll C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000223.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000224.dll C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000224.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000256.dll C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000256.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000277.dll C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000277.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000281.dll C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000281.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000345.dll C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000345.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000357.dll C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000357.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000361.dll C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000361.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000373.dll C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000373.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000380.dll C:\System Volume Information\_restore{7C361FAB-4DEE-4C40-9ED4-926BD19870D6}\RP1\A0000380.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\Abdiodev.dll C:\WINDOWS\system32\Abdiodev.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\j0j6la1s1d.dll C:\WINDOWS\system32\j0j6la1s1d.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\k6260gfse6260.dll C:\WINDOWS\system32\k6260gfse6260.dll Deleted successfully! Making registry repairs. Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Controls Folder Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SideBySide Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{145E358F-C52E-40D6-A1DE-CBD6F24C2399}" HKCR\Clsid\{145E358F-C52E-40D6-A1DE-CBD6F24C2399} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{B84BF2F5-6841-4D62-AA5C-BF7998105B97}" HKCR\Clsid\{B84BF2F5-6841-4D62-AA5C-BF7998105B97} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{47BB5488-5FF5-4146-8602-67BE05B34FB7}" HKCR\Clsid\{47BB5488-5FF5-4146-8602-67BE05B34FB7} Restoring Windows certificates. Replaced hosts file with default windows hosts file Restoring SeDebugPrivilege for Administrateurs - Succeeded Et voila le rapport Hijack This Logfile of HijackThis v1.99.1 Scan saved at 19:12:57, on 30/03/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\Wanadoo\CnxMon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\System32\yhsjfvt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\ebgqvvmd.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\System32\pmnnk.dll O2 - BHO: WTLHelper Object - {75DC57F8-D831-4AB8-86B7-4F826F4A0873} - C:\WINDOWS\System32\pmnlj.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [bh1sobfs] C:\WINDOWS\System32\bh1sobfs.exe O4 - HKLM\..\Run: [WinDLL (steam.dll)] rundll32.exe C:\WINDOWS\System32\steam.dll,start O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Microsoft Update] wuamkop.exe O4 - HKLM\..\Run: [bxmon] rundll32.exe C:\WINDOWS\System32\bxmon.dll,start O4 - HKLM\..\Run: [AdobeReaderPro] winzip.exe O4 - HKLM\..\Run: [Realtek Sound Manager] yhsjfvt.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [WinFix service] ebgqvvmd.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\RunServices: [Microsoft Update] wuamkop.exe O4 - HKLM\..\RunServices: [winsystems25] winsystems.exe O4 - HKLM\..\RunServices: [sysctl32] sysctl.exe O4 - HKLM\..\RunServices: [AdobeReaderPro] winzip.exe O4 - HKLM\..\RunServices: [Realtek Sound Manager] yhsjfvt.exe O4 - HKLM\..\RunServices: [WinFix service] ebgqvvmd.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: officejet 6100.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O20 - Winlogon Notify: Mixer - sndmixex.dll (file missing) O20 - Winlogon Notify: pmnlj - C:\WINDOWS\System32\pmnlj.dll O20 - Winlogon Notify: pmnnk - C:\WINDOWS\SYSTEM32\pmnnk.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U0FORFJJTkUgQ0hBU1NBR05F\command.exe (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: sysec(sysec) (sysec) - Unknown owner - C:\WINDOWS\system32\systsec.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing) Par contre j'ai Antivir qui me trouve toujours le virus pmnnk.dll. Il revient toujour, malgré l'invite d'antivir de le supprimer. Merci beaucoup pour votre aide à tous. A+

Bonsoir à tous !! J'ai relancé les scans Avast, Antivir et ewido. Voici le rapport d'Ewido --------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 23:01:29, 27/03/2006 + Somme de contrôle: 63B994D0 + Résultats du scan: [1188] C:\WINDOWS\system32\dvrgres.dll -> Adware.Look2Me : Erreur durant le nettoyage [1496] C:\WINDOWS\system32\dvrgres.dll -> Adware.Look2Me : Erreur durant le nettoyage :mozilla.11:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder :mozilla.12:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder :mozilla.13:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.14:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.15:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyer et sauvegarder :mozilla.23:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder :mozilla.28:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder :mozilla.33:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder :mozilla.34:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Hitslink : Nettoyer et sauvegarder :mozilla.35:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Hitslink : Nettoyer et sauvegarder :mozilla.37:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.38:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.39:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.40:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.41:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.42:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.43:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.44:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.45:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.46:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.47:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder :mozilla.48:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder :mozilla.49:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder C:\Program Files\Network Monitor\__delete_on_reboot__netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Nettoyer et sauvegarder C:\WINDOWS\system32\mac71u.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\pmnnk.dll -> Downloader.ConHook.y : Nettoyer et sauvegarder C:\WINDOWS\system32\__delete_on_reboot__guard.tmp -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\__delete_on_reboot__paytime.exe -> Hijacker.StartPage.adi : Nettoyer et sauvegarder ::Fin du rapport Voici le rapport d'Antivir Report file date: lundi 27 mars 2006 23:12 Jobname: 'Manual Selection' Scanning for 335274 virus strains and unwanted programs. Licensed to: AntiVir PersonalEdition Classic Serial number: 0000149996-WURGE-0001 Platform: Windows XP Windows version: (Service Pack 1) [5.1.2600] Username: SANDRINE Computer name: SANDRINE-I9BOML Version informations: AVSCAN.EXE : 7.0.0.28 532520 15/03/2006 10:19:03 AVSCAN.DLL : 7.0.0.28 40488 15/03/2006 10:19:02 LUKE.DLL : 7.0.0.28 114728 15/03/2006 10:19:03 LUKERES.DLL : 7.0.0.28 25600 15/03/2006 10:19:03 ANTIVIR0.VDF : 6.32.0.60 4323840 15/03/2006 06:46:33 ANTIVIR1.VDF : 6.34.0.11 1424384 15/03/2006 06:46:34 ANTIVIR2.VDF : 6.34.0.46 77312 15/03/2006 05:59:44 ANTIVIR3.VDF : 6.34.0.48 64000 15/03/2006 05:59:44 AVEWIN32.DLL : 7.0.0.3 1167872 28/02/2006 15:06:46 AVPREF.DLL : 6.34.0.0 38440 18/01/2006 11:06:00 AVREP.DLL : 6.34.0.20 2428968 09/03/2006 14:42:01 AVPACK32.DLL : 6.33.0.6 331816 09/01/2006 08:03:37 AVREG.DLL : 6.31.0.90 27688 28/07/2005 09:06:36 NETNT.DLL : 6.32.0.0 6696 27/09/2005 06:56:49 NETNW.DLL : 6.32.0.0 9768 27/09/2005 06:56:49 Start of the scan: lundi 27 mars 2006 23:12 Starting to scan the registry. The registry was scanned ( 48 files ). Starting the file scan: C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Veracruz.exe [DETECTION] Is the Trojan horse TR/Drop.VB.kk.1 [iNFO] The file was moved to '449a5597.qua'! C:\Documents and Settings\LocalService\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\LocalService\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\210VM38V\secure32[1].htm [DETECTION] Contains signature of the SPR/Hoax.Renos.Y program [iNFO] The file was moved to '448b55c1.qua'! C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5QBW1M1\drsmartload[1].exe [DETECTION] Contains suspicious code HEURISTIC/VB.Downloader [iNFO] The file was moved to '449b55d2.qua'! C:\Documents and Settings\NetworkService\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\SANDRINE\ntuser.dat [WARNING] The file could not be opened! C:\Documents and Settings\SANDRINE\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\SANDRINE\Bureau\SmitfraudFix.zip [0] Archive type: ZIP --> SmitfraudFix/Process.exe [DETECTION] Contains signature of the SPR/Processor.20 program C:\Documents and Settings\SANDRINE\Bureau\SmitfraudFix\SmitfraudFix\Process.exe [WARNING] The file could not be opened! C:\Documents and Settings\SANDRINE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\SANDRINE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\SANDRINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cache\633285d9d01 [0] Archive type: ZIP --> SmitfraudFix/Process.exe [DETECTION] Contains signature of the SPR/Processor.20 program [iNFO] The file was moved to '445b5659.qua'! C:\Documents and Settings\SANDRINE\Local Settings\Temporary Internet Files\Content.IE5\3FL6E2V7\keyboard1[1].exe [DETECTION] Contains suspicious code HEURISTIC/VB.Downloader [iNFO] The file was moved to '44a156ce.qua'! C:\Documents and Settings\SANDRINE\Local Settings\Temporary Internet Files\Content.IE5\G50ZCJ0R\Veracruz[1].exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-18\Dc10.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-18\Dc11.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-18\Dc12.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-18\Dc13.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-18\Dc14.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-18\Dc15.exe [WARNING] The file could not be opened! C:\RECYCLER\S-1-5-18\Dc151.htm [WARNING] The file could not be opened! C:\WINDOWS\keyboard4.exe [DETECTION] Contains suspicious code HEURISTIC/VB.Downloader [iNFO] The file was moved to '44a15fb0.qua'! C:\WINDOWS\keyboard5.exe [DETECTION] Contains suspicious code HEURISTIC/VB.Downloader [iNFO] The file was moved to '44a15fb4.qua'! C:\WINDOWS\system32\dnl8013ue.dll [WARNING] The file could not be opened! C:\WINDOWS\system32\dvrgres.dll [WARNING] The file could not be opened! C:\WINDOWS\system32\e402ledo1h0c.dll [WARNING] The file could not be opened! C:\WINDOWS\system32\pmnnk.dll [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Y [WARNING] An error has been performed and the file was not deleted. ErrorID: 16003 [WARNING] The file could not be deleted! C:\WINDOWS\system32\systsec.exe [DETECTION] Contains suspicious code HEURISTIC/Malware.FKM [WARNING] An error has been performed and the file was not deleted. ErrorID: 16003 [WARNING] The file could not be deleted! C:\WINDOWS\system32\config\default [WARNING] The file could not be opened! C:\WINDOWS\system32\config\default.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system.LOG [WARNING] The file could not be opened! C:\WINDOWS\Temp\adv.exe [DETECTION] Contains suspicious code HEURISTIC/Trojan.Downloader [iNFO] The file was moved to '449e62f5.qua'! C:\WINDOWS\Temp\JETB824.tmp [WARNING] The file could not be opened! C:\WINDOWS\Temp\mc-110-12-0000248.exe [WARNING] The file could not be opened! C:\WINDOWS\Temp\Perflib_Perfdata_720.dat [WARNING] The file could not be opened! C:\WINDOWS\Temp\ZLT03a46.TMP [WARNING] The file could not be opened! C:\WINDOWS\Temp\_avast4_\Webshlock.txt [WARNING] The file could not be opened! End of the scan: mardi 28 mars 2006 00:10 Used time: 57:51 min The scan has been done completely. 1643 Scanning directories 118459 Files were scanned 11 viruses and/or unwanted programs was found 0 files were deleted 0 files were repaired 8 files were moved to quarantine 0 files were renamed 896 Archives were scanned 93 Warnings 4 Notes Et voici le rapport de Hijack This Logfile of HijackThis v1.99.1 Scan saved at 00:12:24, on 28/03/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\Wanadoo\CnxMon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\System32\yhsjfvt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\System32\ebgqvvmd.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\systsec.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\System32\ssmypics.scr C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\AntiVir PersonalEdition Classic\avcenter.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\System32\pmnnk.dll O2 - BHO: WTLHelper Object - {75DC57F8-D831-4AB8-86B7-4F826F4A0873} - C:\WINDOWS\System32\pmnlj.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [bh1sobfs] C:\WINDOWS\System32\bh1sobfs.exe O4 - HKLM\..\Run: [WinDLL (steam.dll)] rundll32.exe C:\WINDOWS\System32\steam.dll,start O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Microsoft Update] wuamkop.exe O4 - HKLM\..\Run: [bxmon] rundll32.exe C:\WINDOWS\System32\bxmon.dll,start O4 - HKLM\..\Run: [AdobeReaderPro] winzip.exe O4 - HKLM\..\Run: [Realtek Sound Manager] yhsjfvt.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [WinFix service] ebgqvvmd.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\RunServices: [Microsoft Update] wuamkop.exe O4 - HKLM\..\RunServices: [winsystems25] winsystems.exe O4 - HKLM\..\RunServices: [sysctl32] sysctl.exe O4 - HKLM\..\RunServices: [AdobeReaderPro] winzip.exe O4 - HKLM\..\RunServices: [Realtek Sound Manager] yhsjfvt.exe O4 - HKLM\..\RunServices: [WinFix service] ebgqvvmd.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: officejet 6100.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\dnl8013ue.dll O20 - Winlogon Notify: Mixer - sndmixex.dll (file missing) O20 - Winlogon Notify: pmnlj - C:\WINDOWS\System32\pmnlj.dll O20 - Winlogon Notify: pmnnk - C:\WINDOWS\SYSTEM32\pmnnk.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U0FORFJJTkUgQ0hBU1NBR05F\command.exe (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing) La situation s'est elle améliorée ? J'ai encore des pubs qui s'ouvrent dans les onglets de firefox. Merci de votre aide et bonne nuit.

Bonjour à tous, Tesgaz, je suis désolée d'avoir évoqué le sujet du P2P, ce qui est interdit par la charte de ce forum. Je ne recommencerai plus, c'est promis !!! J'ai d'ailleurs supprimé, comme il m'a été conseillé, edonkey. Et désolée également d'avoir loupé quelques procédures, comme le fait de vider la corbeille, par exemple. En revanche pour Antivir, je pense l'avoir pas trop mal configuré (enfin je crois). Juste un p'tit problème pour l'option n°2 de SmitFraudFix, mon ordi semble mouliner gravement. L'analyse et le nettoyage n'ont pas pu être menés à terme. J'ai bien répondu oui à la question voulez-vous nettoyer le registre. Il a bien commencé son travail, mais ne l'a jamais terminé. J'ai pourtant patienté au moins deux heures !!! Quelqu'un peut-il me dire si c'est normal ? Je réessayerai ce soir, en tout cas. Merci beaucoup en tout cas pour vos messages et votre aide et s'il te plait Did71, ne part pas !!! Tes conseils me seront certainement très précieux. Bonne journée à tous

Re bonsoir, Voici le rapport smitFraudFix : SmitFraudFix v2.26 Rapport fait à 21:30:53,14 le 26/03/2006 Executé à partir de C:\Documents and Settings\SANDRINE\Bureau\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\ C:\drsmartload1.exe PRESENT ! C:\gimmysmileys?.exe PRESENT ! C:\keyboard?.exe PRESENT ! C:\newname?.exe PRESENT ! C:\secure32.html PRESENT ! C:\winstall.exe PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS C:\WINDOWS\gimmygames.dat PRESENT ! C:\WINDOWS\ms1.exe PRESENT ! C:\WINDOWS\secure32.html PRESENT ! C:\WINDOWS\teller2.chk PRESENT! C:\WINDOWS\tool2.exe PRESENT ! C:\WINDOWS\tool3.exe PRESENT ! C:\WINDOWS\toolbar.exe PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\SANDRINE\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» Recherche Favoris »»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files C:\Program Files\SpySheriff\ PRESENT! »»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" [HKEY_CLASSES_ROOT\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" [HKEY_CLASSES_ROOT\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{FD9A3B7A-C50E-430C-B94C-385FFFA1AFFA}"="OLE Object" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{C71F2C0D-E782-4B13-B74A-1034F4549FC5}"="OLE Object" »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport Quand à Edonkey, même si je m'en sert rarement, je crois que je vais suivre le conseil de le supprimer. Quelqu'un a t-il une idée d'un P2P de remplacement. On m'a parlé de Freenet. A+

Re bonjour, Merci did71. J'ai fait les deux scans. Voici le rapport de EWIDO : --------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 21:15:09, 26/03/2006 + Somme de contrôle: 131DAAE0 + Résultats du scan: HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Nettoyer et sauvegarder HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Adware.InternetOptimizer : Nettoyer et sauvegarder HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Adware.InternetOptimizer : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Adware.Altnet : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Adware.Altnet : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Adware.Altnet : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Adware.Altnet : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Adware.Altnet : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Adware.Altnet : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\CLSID\{6001CDF7-6F45-471b-A203-0225615E35A7} -> Adware.Generic : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Adware.MoneyTree : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID -> Adware.MoneyTree : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer -> Adware.MoneyTree : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 -> Adware.MoneyTree : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\MediaAccess.Installer -> Adware.WinAd : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\MediaAccess.Installer\CLSID -> Adware.WinAd : Nettoyer et sauvegarder HKLM\SOFTWARE\Classes\MediaAccess.Installer\CurVer -> Adware.WinAd : Nettoyer et sauvegarder HKLM\SOFTWARE\ClickSpring -> Adware.PurityScan : Nettoyer et sauvegarder HKLM\SOFTWARE\Cydoor -> Adware.Cydoor : Nettoyer et sauvegarder HKLM\SOFTWARE\Gator.com -> Adware.Gator : Nettoyer et sauvegarder HKLM\SOFTWARE\Gator.com\AppInfo -> Adware.Gator : Nettoyer et sauvegarder HKLM\SOFTWARE\Gator.com\CMEII -> Adware.Gator : Nettoyer et sauvegarder HKLM\SOFTWARE\Gator.com\GInternet -> Adware.Gator : Nettoyer et sauvegarder HKLM\SOFTWARE\Gator.com\GInternet\Proxy -> Adware.Gator : Nettoyer et sauvegarder HKLM\SOFTWARE\Media Access -> Adware.WinAD : Nettoyer et sauvegarder HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Nettoyer et sauvegarder HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Adware.MoneyTree : Nettoyer et sauvegarder HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Adware.InternetOptimizer : Nettoyer et sauvegarder HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Nettoyer et sauvegarder HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Media Access -> Adware.WinAD : Nettoyer et sauvegarder HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\salm -> Adware.180Solutions : Nettoyer et sauvegarder HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spy Sheriff -> Adware.SpySheriff : Nettoyer et sauvegarder HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : Nettoyer et sauvegarder HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Nettoyer et sauvegarder HKLM\SOFTWARE\salm -> Adware.180Solutions : Nettoyer et sauvegarder HKLM\SOFTWARE\webhancer -> Adware.WebHancer : Nettoyer et sauvegarder HKLM\SOFTWARE\webhancer\CC -> Adware.WebHancer : Nettoyer et sauvegarder HKU\S-1-5-21-527237240-926492609-839522115-1003\Software\Avenue Media -> Adware.InternetOptimizer : Nettoyer et sauvegarder HKU\S-1-5-21-527237240-926492609-839522115-1003\Software\Cydoor -> Adware.Cydoor : Nettoyer et sauvegarder HKU\S-1-5-21-527237240-926492609-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Nettoyer et sauvegarder HKU\S-1-5-21-527237240-926492609-839522115-1003\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Nettoyer et sauvegarder HKU\S-1-5-21-527237240-926492609-839522115-1003\Software\salm -> Adware.180Solutions : Nettoyer et sauvegarder [1484] C:\WINDOWS\system32\mac71u.dll -> Adware.Look2Me : Erreur durant le nettoyage [884] C:\WINDOWS\System32\winded.exe -> Backdoor.Rbot : Nettoyer et sauvegarder [2136] C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : Nettoyer et sauvegarder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5QBW1M1\1[1].exe -> Backdoor.Small.ia : Nettoyer et sauvegarder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G5QBW1M1\loader3[1].exe -> Downloader.Tiny.ba : Nettoyer et sauvegarder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7WVY5A3\kie_l[1].exe -> Downloader.Agent.afl : Nettoyer et sauvegarder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I7WVY5A3\paytime[1].txt -> Hijacker.StartPage.adi : Nettoyer et sauvegarder :mozilla.7:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.8:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.9:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.10:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.11:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.12:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.13:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.17:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.18:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.19:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.20:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.21:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.22:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.23:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.24:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyer et sauvegarder :mozilla.26:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyer et sauvegarder :mozilla.41:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder :mozilla.42:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder :mozilla.43:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder :mozilla.44:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder :mozilla.45:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder :mozilla.46:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder :mozilla.47:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder :mozilla.48:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder :mozilla.60:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder :mozilla.61:C:\Documents and Settings\SANDRINE\Application Data\Mozilla\Firefox\Profiles\v14hcq6x.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder C:\Documents and Settings\SANDRINE\Cookies\sandrine@advertising[1].txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder C:\Documents and Settings\SANDRINE\Cookies\sandrine@project2.realtracker[2].txt -> TrackingCookie.Realtracker : Nettoyer et sauvegarder C:\Documents and Settings\SANDRINE\Local Settings\Temp\06bohmnl.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Nettoyer et sauvegarder C:\Documents and Settings\SANDRINE\Local Settings\Temp\__unin__.exe -> Adware.Altnet : Nettoyer et sauvegarder C:\Documents and Settings\SANDRINE\Local Settings\Temporary Internet Files\Content.IE5\8XQNOPUJ\ucmoreiex[1].exe/UCMTSAIE.DLL -> Adware.Ucmore : Nettoyer et sauvegarder C:\Documents and Settings\SANDRINE\Local Settings\Temporary Internet Files\Content.IE5\8XQNOPUJ\ucmoreiex[1].exe/IUCMORE.DLL -> Adware.Ucmore : Nettoyer et sauvegarder C:\h2.exe/crypt32.ocx -> Backdoor.Flood.ay : Nettoyer et sauvegarder C:\h2.exe/cryptui.ocx -> Backdoor.Small.a : Nettoyer et sauvegarder C:\h2.exe/lans.bat -> Trojan.Passer : Nettoyer et sauvegarder C:\Program Files\altnet -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\cevakrnl.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\cevakrnl.ivd.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\cevakrnl.rvd.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\cevakrnl.xmd.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\cran.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\cran.cvd.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\emalware.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\emalware.cvd.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\emalware.ivd.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\emalware.ivd.cab (incomplete) -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\hqx.xmd.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\iso.xmd.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\java.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\java.cvd.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\mbox.xmd.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\mdx_97.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\mdx_97.ivd.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\mdx_w95.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\mdx_w95.cvd.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\mdx_x95.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\mdx_x95.cvd.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\mso.xmd.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\na.cvd.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\plugins.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab (incomplete) -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\rup.xmd.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\sdx.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\sdx.ivd.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\update.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\update.txt.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\update.txt.cab (incomplete) -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\ve.xmd.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\zip.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\altnet\My Altnet Shares\Bullguard Protection\zip.xmd.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\Program Files\Media Access -> Adware.MediaAccess : Nettoyer et sauvegarder C:\Program Files\Media Access\Info.txt -> Adware.MediaAccess : Nettoyer et sauvegarder C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Nettoyer et sauvegarder C:\Program Files\SpySheriff -> Adware.SpySheriff : Nettoyer et sauvegarder C:\Program Files\SpySheriff\base.avd -> Adware.SpySheriff : Nettoyer et sauvegarder C:\Program Files\SpySheriff\base001.avd -> Adware.SpySheriff : Nettoyer et sauvegarder C:\Program Files\SpySheriff\base002.avd -> Adware.SpySheriff : Nettoyer et sauvegarder C:\Program Files\SpySheriff\found.wav -> Adware.SpySheriff : Nettoyer et sauvegarder C:\Program Files\SpySheriff\heur000.dll -> Adware.SpySheriff : Nettoyer et sauvegarder C:\Program Files\SpySheriff\heur001.dll -> Adware.SpySheriff : Nettoyer et sauvegarder C:\Program Files\SpySheriff\heur002.dll -> Adware.SpySheriff : Nettoyer et sauvegarder C:\Program Files\SpySheriff\heur003.dll -> Adware.SpySheriff : Nettoyer et sauvegarder C:\Program Files\SpySheriff\notfound.wav -> Adware.SpySheriff : Nettoyer et sauvegarder C:\Program Files\SpySheriff\removed.wav -> Adware.SpySheriff : Nettoyer et sauvegarder C:\Program Files\SpySheriff\SpySheriff.dvm -> Adware.SpySheriff : Nettoyer et sauvegarder C:\Program Files\SpySheriff\SpySheriff.exe -> Adware.SpySheriff : Nettoyer et sauvegarder C:\Program Files\SpySheriff\Uninstall.exe -> Adware.SpySheriff : Nettoyer et sauvegarder C:\RECYCLER\S-1-5-18\Dc87.exe -> Downloader.Small.buy : Nettoyer et sauvegarder C:\RECYCLER\S-1-5-18\Dc88.exe -> Downloader.TSUpdate.o : Nettoyer et sauvegarder C:\RECYCLER\S-1-5-18\Dc89.exe -> Downloader.TSUpdate.o : Nettoyer et sauvegarder C:\RECYCLER\S-1-5-18\Dc90.exe -> Adware.Look2Me : Nettoyer et sauvegarder C:\RECYCLER\S-1-5-18\Dc91.exe -> Adware.Look2Me : Nettoyer et sauvegarder C:\RECYCLER\S-1-5-18\Dc92.exe -> Downloader.Small.buy : Nettoyer et sauvegarder C:\RECYCLER\S-1-5-18\Dc93.exe -> Downloader.Small.buy : Nettoyer et sauvegarder C:\RECYCLER\S-1-5-21-527237240-926492609-839522115-1003\Dc48\Sudoku.exe -> Dropper.VB.kk : Nettoyer et sauvegarder C:\ucmoreiex.exe/UCMTSAIE.DLL -> Adware.Ucmore : Nettoyer et sauvegarder C:\ucmoreiex.exe/IUCMORE.DLL -> Adware.Ucmore : Nettoyer et sauvegarder C:\WHCC2.exe/whAgent.exe -> Adware.WebHancer : Nettoyer et sauvegarder C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Nettoyer et sauvegarder C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Nettoyer et sauvegarder C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SPMJCTOX\AppWrap[1].exe -> Adware.Zestyfind : Nettoyer et sauvegarder C:\WINDOWS\system32\dpband.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\gp82l3lo1.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\hCl.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\k0800almedqa0.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\mkrdim.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\paytime.exe -> Hijacker.StartPage.adi : Nettoyer et sauvegarder C:\WINDOWS\system32\pmnnk.dll -> Downloader.ConHook.y : Nettoyer et sauvegarder C:\WINDOWS\system32\q0680ajuedo80.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\qeartz.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\taappcmp.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\system32\wtsdmoe2.dll -> Adware.Look2Me : Nettoyer et sauvegarder C:\WINDOWS\Temp\A.tmp -> Downloader.Tiny.ba : Nettoyer et sauvegarder C:\WINDOWS\Temp\Altnet -> Adware.Altnet : Nettoyer et sauvegarder C:\WINDOWS\Temp\Altnet\adm.exe -> Adware.Altnet : Nettoyer et sauvegarder C:\WINDOWS\Temp\Altnet\Atl.dll -> Adware.Altnet : Nettoyer et sauvegarder C:\WINDOWS\Temp\Altnet\dmfiles.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\WINDOWS\Temp\Altnet\DMinfo2.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\WINDOWS\Temp\Altnet\dminstall3.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Adware.Altnet : Nettoyer et sauvegarder C:\WINDOWS\Temp\Altnet\mysearch.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\WINDOWS\Temp\Altnet\pmexe.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\WINDOWS\Temp\Altnet\pmfiles.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\WINDOWS\Temp\Altnet\pminstall.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\WINDOWS\Temp\Altnet\Setup.cab -> Adware.Altnet : Nettoyer et sauvegarder C:\WINDOWS\Temp\Altnet\Setup.exe -> Adware.Altnet : Nettoyer et sauvegarder C:\WINDOWS\Temp\C.tmp -> Proxy.Wopla.q : Nettoyer et sauvegarder ::Fin du rapport Et ici, c'est le rapport de Hijack This : Logfile of HijackThis v1.99.1 Scan saved at 21:16:34, on 26/03/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Network Monitor\netmon.exe C:\WINDOWS\system32\pctspk.exe C:\PROGRA~1\Wanadoo\CnxMon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\svchost.exe C:\windows\mousepad5.exe C:\WINDOWS\system32\systsec.exe C:\WINDOWS\System32\yhsjfvt.exe C:\WINDOWS\System32\ebgqvvmd.exe C:\WINDOWS\System32\ctfmon.exe C:\Documents3584.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\tool2.exe C:\WINDOWS\System32\paytime.exe C:\Program Files\SpySheriff\SpySheriff.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\SecuritySuite.exe C:\Program Files\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\System32\pmnnk.dll O2 - BHO: WTLHelper Object - {75DC57F8-D831-4AB8-86B7-4F826F4A0873} - C:\WINDOWS\System32\pmnlj.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [bh1sobfs] C:\WINDOWS\System32\bh1sobfs.exe O4 - HKLM\..\Run: [WinDLL (steam.dll)] rundll32.exe C:\WINDOWS\System32\steam.dll,start O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\eDonkey2000.exe" -t O4 - HKLM\..\Run: [Microsoft Update] wuamkop.exe O4 - HKLM\..\Run: [bxmon] rundll32.exe C:\WINDOWS\System32\bxmon.dll,start O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard5.exe O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad5.exe O4 - HKLM\..\Run: [AdobeReaderPro] winzip.exe O4 - HKLM\..\Run: [newname] C:\windows\newname5.exe O4 - HKLM\..\Run: [Realtek Sound Manager] yhsjfvt.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [WinFix service] ebgqvvmd.exe O4 - HKLM\..\RunServices: [Microsoft Update] wuamkop.exe O4 - HKLM\..\RunServices: [winsystems25] winsystems.exe O4 - HKLM\..\RunServices: [sysctl32] sysctl.exe O4 - HKLM\..\RunServices: [AdobeReaderPro] winzip.exe O4 - HKLM\..\RunServices: [Realtek Sound Manager] yhsjfvt.exe O4 - HKLM\..\RunServices: [WinFix service] ebgqvvmd.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [WinMedia] C:\Documents3584.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: officejet 6100.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\cgprops.dll (file missing) O20 - Winlogon Notify: Mixer - sndmixex.dll (file missing) O20 - Winlogon Notify: pmnlj - C:\WINDOWS\System32\pmnlj.dll O20 - Winlogon Notify: pmnnk - C:\WINDOWS\SYSTEM32\pmnnk.dll O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\l06olaj31do.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U0FORFJJTkUgQ0hBU1NBR05F\command.exe (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing) Mon cas est-il désespéré ou y a t-il un espoir pour mon ordi ? Merci bcp pour votre aide à tous. Mais je crois que ça ne va pas être gagné !!!

Re bonjour, Alors j'ai suivie toutes les étapes préconisées, mais ça n'a pas l'air d'avoir été efficace !!! J'ai toujours ces saletés de fenêtres qui s'ouvrent de façon intempestive dans firefox. Voici le rapport d'Hijack This après l'utilisation d'Antivir, qui a trouvé et mis en quarantaine une centaine !!! de menaces (que j'ai ensuite supprimées). Avast continue de m'en trouver d'autres. En plus j'ai les messages suivants : Erreur de chargement de C\windows\system32\steam.dll. C'est la même chose pour barseek.dll et bxmon.dll. Il me met également le message suivant : une exception s'est produite lors de la tentative d'exécution de C\windows\system32\mcapsspc.dll,DllGetVersion Please help me !!!!!! Je désespère !!!! Merci ---------------------------------------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 19:04:08, on 26/03/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Wanadoo\CnxMon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\rundll32.exe C:\windows\mousepad5.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\windows\newname5.exe C:\Program Files\webHancer\Programs\whagent.exe C:\WINDOWS\System32\yhsjfvt.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\ebgqvvmd.exe C:\WINDOWS\System32\ctfmon.exe C:\Documents3584.exe C:\Program Files\Network Monitor\netmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\WINDOWS\system32\pctspk.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\systsec.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\TEMP\adv.exe c:\Veracruz.exe C:\DOCUME~1\SANDRINE\LOCALS~1\Temp\DR_SudokuInstaller.exe C:\WINDOWS\tool2.exe C:\Program Files\Yazzle Sudoku\Sudoku.exe C:\Program Files\Yazzle Sudoku\OINSetup.exe C:\WINDOWS\System32\winded.exe C:\Program Files\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\System32\pmnnk.dll O2 - BHO: WTLHelper Object - {75DC57F8-D831-4AB8-86B7-4F826F4A0873} - C:\WINDOWS\System32\pmnlj.dll O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [bh1sobfs] C:\WINDOWS\System32\bh1sobfs.exe O4 - HKLM\..\Run: [WinDLL (steam.dll)] rundll32.exe C:\WINDOWS\System32\steam.dll,start O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKLM\..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\eDonkey2000.exe" -t O4 - HKLM\..\Run: [Microsoft Update] wuamkop.exe O4 - HKLM\..\Run: [bxmon] rundll32.exe C:\WINDOWS\System32\bxmon.dll,start O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard5.exe O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad5.exe O4 - HKLM\..\Run: [AdobeReaderPro] winzip.exe O4 - HKLM\..\Run: [newname] C:\windows\newname5.exe O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe O4 - HKLM\..\Run: [Realtek Sound Manager] yhsjfvt.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [WinFix service] ebgqvvmd.exe O4 - HKLM\..\Run: [Microsoft System Debug] winded.exe O4 - HKLM\..\RunServices: [Microsoft Update] wuamkop.exe O4 - HKLM\..\RunServices: [winsystems25] winsystems.exe O4 - HKLM\..\RunServices: [sysctl32] sysctl.exe O4 - HKLM\..\RunServices: [AdobeReaderPro] winzip.exe O4 - HKLM\..\RunServices: [Realtek Sound Manager] yhsjfvt.exe O4 - HKLM\..\RunServices: [WinFix service] ebgqvvmd.exe O4 - HKLM\..\RunServices: [Microsoft System Debug] winded.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [WinMedia] C:\Documents3584.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: officejet 6100.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by WebHancer O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\cgprops.dll (file missing) O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\p8n80i5ue8.dll O20 - Winlogon Notify: Mixer - sndmixex.dll (file missing) O20 - Winlogon Notify: pmnlj - C:\WINDOWS\System32\pmnlj.dll O20 - Winlogon Notify: pmnnk - C:\WINDOWS\SYSTEM32\pmnnk.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U0FORFJJTkUgQ0hBU1NBR05F\command.exe (file missing) O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)

Merci bcp pour vos réponses. Je fais lancer la procédure. Par contre j'ai l'antivirus AVAST. Est-ce que c'est compatible avec Antivir, ou est-ce que je dois l'enlever ? Merci

Bonjour à tous, Mon ordi me fait plein de misères (ouverture de fenêtres de pubs non désirées, barres de recherche non voulues...) !!! Je vous donne ici le rapport de Hijack This de mon ordi. C'est pour moi du chinois. Quelqu'un peut-il me dire ce que je dois supprimer. Je crois déjà que je dois supprimer http://www.findthewebsiteyouneed.com, webHancer et New.net, mais pour les autres, j'avoue que je suis perdue. Merci pour votre aide. Logfile of HijackThis v1.99.1 Scan saved at 14:31:34, on 26/03/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\SANDRINE\Bureau\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\System32\pmnnk.dll O2 - BHO: WTLHelper Object - {75DC57F8-D831-4AB8-86B7-4F826F4A0873} - C:\WINDOWS\System32\pmnlj.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [bh1sobfs] C:\WINDOWS\System32\bh1sobfs.exe O4 - HKLM\..\Run: [WinDLL (steam.dll)] rundll32.exe C:\WINDOWS\System32\steam.dll,start O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKLM\..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\eDonkey2000.exe" -t O4 - HKLM\..\Run: [Microsoft Update] wuamkop.exe O4 - HKLM\..\Run: [bxmon] rundll32.exe C:\WINDOWS\System32\bxmon.dll,start O4 - HKLM\..\Run: [winsystems25] winsystems.exe O4 - HKLM\..\Run: [sysctl32] sysctl.exe O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard5.exe O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad5.exe O4 - HKLM\..\Run: [AdobeReaderPro] winzip.exe O4 - HKLM\..\Run: [newname] C:\windows\newname5.exe O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe O4 - HKLM\..\Run: [Realtek Sound Manager] yhsjfvt.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\RunServices: [Microsoft Update] wuamkop.exe O4 - HKLM\..\RunServices: [winsystems25] winsystems.exe O4 - HKLM\..\RunServices: [sysctl32] sysctl.exe O4 - HKLM\..\RunServices: [AdobeReaderPro] winzip.exe O4 - HKLM\..\RunServices: [Realtek Sound Manager] yhsjfvt.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [WinMedia] C:\Documents3584.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: officejet 6100.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by WebHancer O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\cgprops.dll (file missing) O20 - Winlogon Notify: pmnlj - C:\WINDOWS\System32\pmnlj.dll O20 - Winlogon Notify: pmnnk - C:\WINDOWS\SYSTEM32\pmnnk.dll O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\kt04l7dq1.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U0FORFJJTkUgQ0hBU1NBR05F\command.exe (file missing) O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe