Mister H

Salut, Voilà tout est fait. Au démarage de l'ordi, avec ouverture de sesssion comprise,3 minutes pour être prêt à surfer, je pense que c'est bien non? Juste deux petits trucs. Le premier, juste à l'ouverture de windows xp, un écran noir,une grosse barre blanche dans le bas de mon écran, une seconde puis disparaît, puis à nouveau démarage de XP. Le second, je n'ai plus mes fenêtes internet qui se mettent à la bonne grandeur, elles sont trop larges pour mon écran.(c'est sûrement un rien du tout à faire, mais faut le connaître ) Sinon, nickel Un de ces quatres, je sens que je vais nettoyer mon pc, je viendrai sûrement vous embêter avec un rapport hijacthis. Merci Charles Ingals, j'ajoute le résolu au premier post. Manly pour son Mister H

Merci à Charles Ingals pour votre aide précieuse. Mister H enfin rentré du boulot (comme il est tôt ce soir, c'est rare). Mister H

Bonsoir, Enfin arrivé (presque 10 minutes avec l'aide de ma Dame, Manly, pour trouver où écrire). Je me demande encore pourquoi elle m'a inscrit ici, je suis au niveau moins 35 en informatique, mais pourrai probablement trouver de l'aide lorsque le besoin s'en fera sentir. Trop occupé par ma profession de magicien-ventriloque, vous n'aurez que de (très) rares occasions de me lire. A bientôt. Mister H

voici le rapport Hijackthis Logfile of HijackThis v1.99.1 Scan saved at 18:27:08, on 21/11/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Compaq\EAB\EabServr.exe C:\Program Files\Citi Internet Number\CitiINum.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE C:\PROGRA~1\Nokia\NOKIAP~2\TRAYAP~1.EXE C:\WINDOWS\vsnpstd.exe C:\Program Files\Customizer XP\RAM_2K.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\Program Files\HijackThis\MisterH.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.proximus-interactive.be.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...rch&ap=b204 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redire...;lc=080c&ac R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet access provided by Proximus R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: CitiEUBrowserHelper Class - {0748BCEA-3708-4842-A65F-7AA6E56EBCD9} - C:\WINDOWS\System32\BhoCitEU.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\compaq\cpqsetup\cpqset.exe O4 - HKLM\..\Run: [CitiINum_French] C:\Program Files\Citi Internet Number\CitiINum.exe /dontopenmycards O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~2\TRAYAP~1.EXE O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\Customizer XP\RAM_2K.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing) O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Citi Internet Number - {F2011928-474C-466d-8C33-99B0ED86EEB9} - C:\Program Files\Citi Internet Number\CitiINum.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://www.proximus-interactive.be.htm O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version= O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-bef.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe voilà, à bientôt Manly, son Mister toujours au boulot ps je ne vois pas de différence avec le fichier renomé. aurais-je fais une fausse manip?

voici le rapport KASPERSKY KASPERSKY ON-LINE SCANNER REPORT Tuesday, November 21, 2006 5:49:03 PM Système d'exploitation : Microsoft Windows XP Home Edition, (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 21/11/2006 Enregistrements dans la base antivirus Kaspersky : 229726 Paramètres d'analyse Analyser avec la base antivirus suivante standard Analyser les archives vrai Analyser les bases de messagerie vrai Cible de l'analyse Poste de travail A:\ C:\ D:\ Statistiques de l'analyse Total d'objets analysés 44432 Nombre de virus trouvés 1 Nombre d'objets infectés 0 / 0 Nombre d'objets suspects 14 Durée de l'analyse 01:41:49 Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\PATRICK HUBERT\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\cert8.db L'objet est verrouillé ignoré C:\Documents and Settings\PATRICK HUBERT\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\formhistory.dat L'objet est verrouillé ignoré C:\Documents and Settings\PATRICK HUBERT\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\history.dat L'objet est verrouillé ignoré C:\Documents and Settings\PATRICK HUBERT\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\key3.db L'objet est verrouillé ignoré C:\Documents and Settings\PATRICK HUBERT\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\parent.lock L'objet est verrouillé ignoré C:\Documents and Settings\PATRICK HUBERT\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\search.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\PATRICK HUBERT\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\urlclassifier2.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\PATRICK HUBERT\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED/[From "Le memo" ][Date Thu, 09 Feb 2006 22:14:13 +0100]/UNNAMED/[From ][Date Fri, 10 Feb 2006 22:13:14 +0100]/UNNA ... /[Fr ... /[From [email protected]][Date Tue, 18 Apr 2006 13:28:48 + .. ... /html Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED/[From "Le memo" ][Date Thu, 09 Feb 2006 22:14:13 +0100]/UNNAMED/[From ][Date Fri, 10 Feb 2006 22:13:14 +0100]/UNNA ... /[Fr ... /[From [email protected]][Date Tue, 18 Apr 2006 13:28:48 + ... /UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED/[From "Le memo" ][Date Thu, 09 Feb 2006 22:14:13 +0100]/UNNAMED/[From ][Date Fri, 10 Feb 2006 22:13:14 +0100]/UNNA ... /[Fr ... /[From [email protected]][Date Tue, 18 Apr 2006 13:28:48 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED/[From "Le memo" ][Date Thu, 09 Feb 2006 22:14:13 +0100]/UNNAMED/[From ][Date Fri, 10 Feb 2006 22:13:14 +0100]/UNNA ... /[From ... /[From [email protected]][Date Tue, 18 Apr 2006 11:08:21 + .. ... /html Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED/[From "Le memo" ][Date Thu, 09 Feb 2006 22:14:13 +0100]/UNNAMED/[From ][Date Fri, 10 Feb 2006 22:13:14 +0100]/UNNA ... /[From ... /[From [email protected]][Date Tue, 18 Apr 2006 11:08:21 + ... /UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED/[From "Le memo" ][Date Thu, 09 Feb 2006 22:14:13 +0100]/UNNAMED/[From ][Date Fri, 10 Feb 2006 22:13:14 +0100]/UNNA ... /[From ... /[From [email protected]][Date Tue, 18 Apr 2006 11:08:21 +0200]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED/[From "Le memo" ][Date Thu, 09 Feb 2006 22:14:13 +0100]/UNNAMED/[From ][Date Fri, 10 Feb 2006 22:13:14 +0100]/UNNA ... /[From "Nicholas" ][Date Mon, 17 Apr 2006 18:31:13 +0100]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED/[From "Le memo" ][Date Thu, 09 Feb 2006 22:14:13 +0100]/UNNAMED/[From ][Date Fri, 10 Feb 2006 22:13:14 +0100]/UNNAMED/[From "Silke" ][Date Tue, 18 Apr 2006 06:37:33 +0400]/text Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED/[From "Le memo" ][Date Thu, 09 Feb 2006 22:14:13 +0100]/UNNAMED/[From ][Date Fri, 10 Feb 2006 22:13:14 +0100]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED/[From "Le memo" ][Date Thu, 09 Feb 2006 22:14:13 +0100]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED/[From "Lememo.com" ][Date Tue, 07 Feb 2006 01:23:02 +0100]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text/[From ][Date Tue, 7 Feb 2006 11:45:55 +0100]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm/[From "Willard Presley" ][Date Two, 7 Feb 2006 2:38:15 +0180]/text Suspect : Exploit.HTML.Iframe.FileDownload ignoré C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\IM\Identities\{751119FB-D1E9-47F6-8046-6373E97CB3C9}\Message Store\Deleted Items.imm Mail: suspect - 13 ignoré C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré C:\Documents and Settings\PATRICK HUBERT\Local Settings\Application Data\Mozilla\Firefox\Profiles\le9zzkh2.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré C:\Documents and Settings\PATRICK HUBERT\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\PATRICK HUBERT\Local Settings\Temp\Perflib_Perfdata_514.dat L'objet est verrouillé ignoré C:\Documents and Settings\PATRICK HUBERT\Local Settings\Temp\~DF948B.tmp L'objet est verrouillé ignoré C:\Documents and Settings\PATRICK HUBERT\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\PATRICK HUBERT\ntuser.dat L'objet est verrouillé ignoré C:\Documents and Settings\PATRICK HUBERT\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\debug.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\debug.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\error.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\error.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\hips.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\hips.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\ids.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\ids.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\network.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\network.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\system.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\system.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\warning.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\warning.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\web.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\web.log.idx L'objet est verrouillé ignoré C:\System Volume Information\_restore{0E146069-ED9D-439E-9989-CCF268F6A6C3}\RP202\change.log L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\Temp\Perflib_Perfdata_5c4.dat L'objet est verrouillé ignoré C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré Analyse terminée. Donc si jecomprends bien,ily a une "saloperie" dans l'ordi de mon mari. Je refais le rapport Hitjachiks et je le poste ? Merci Manly pour son mIster

zut, me suis trompée de logg Manly

Voici le premier rapport,celui de WinPFind: WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Logfile created on: 21/11/2006 15:28:15 WinPFind v1.5.0 Folder = C:\Documents and Settings\PATRICK HUBERT\Mes documents\Mes fichiers reçus\DIVERS\WinPFind\WinPFind\ Microsoft Windows XP (Version = 5.1.2600) Internet Explorer (Version = 6.0.2600.0000) »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... Checking %WinDir% folder... Checking %System% folder... UPX! 25/09/2006 16:45:08 666240 C:\WINDOWS\SYSTEM32\aswBoot.exe () UPX! 9/07/2004 9:47:04 167936 C:\WINDOWS\SYSTEM32\CoreAAC.ax () aspack 22/07/2005 18:59:04 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation) PEC2 28/08/2001 5:00:00 41131 C:\WINDOWS\SYSTEM32\dfrg.msc () PEC2 11/08/2006 18:31:48 620180 C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.) PECompact2 11/08/2006 18:31:48 620180 C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.) PECompact2 8/12/2005 16:25:44 2721632 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation) aspack 8/12/2005 16:25:44 2721632 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation) WSUD 23/08/2001 16:47:42 1166336 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation) WSUD 28/08/2001 5:00:00 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation) Umonitor 12/02/2002 22:23:04 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation) UPX! 8/11/2003 11:34:00 36864 C:\WINDOWS\SYSTEM32\RLMPCDec.ax (RadLight) winsync 28/08/2001 5:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu () Checking %System%\Drivers folder and sub-folders... Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 21/11/2006 15:14:10 S 2048 C:\WINDOWS\bootstat.dat () 21/11/2006 15:17:54 H 1024 C:\WINDOWS\system32\config\default.LOG () 21/11/2006 15:15:20 H 1024 C:\WINDOWS\system32\config\SAM.LOG () 21/11/2006 15:16:30 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG () 21/11/2006 15:31:54 H 1024 C:\WINDOWS\system32\config\software.LOG () 21/11/2006 15:17:56 H 1024 C:\WINDOWS\system32\config\system.LOG () 11/11/2006 17:31:08 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\eac877f6-6350-46cb-bb7c-58b2666df3c2 () 11/11/2006 17:31:08 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred () 5/11/2006 22:07:12 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\1f053281-c4aa-4d77-8166-ce2da8240e2e () 5/11/2006 22:07:12 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred () 10/11/2006 20:35:56 H 6 C:\WINDOWS\Tasks\SA.DAT () Checking for CPL files... 28/08/2001 5:00:00 69120 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation) 28/08/2001 5:00:00 563712 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation) 14/06/2003 16:11:04 237633 C:\WINDOWS\SYSTEM32\btcpl.cpl () 28/08/2001 5:00:00 133120 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation) 28/08/2001 5:00:00 152064 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation) 28/08/2001 5:00:00 296448 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation) 28/08/2001 5:00:00 124416 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation) 23/08/2001 17:47:50 48640 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation) 29/08/2002 2:41:00 208896 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation) 12/10/2006 3:10:54 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.) 28/08/2001 5:00:00 189952 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation) 28/08/2001 5:00:00 567296 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation) 28/08/2001 5:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation) 10/09/2002 9:08:16 110592 C:\WINDOWS\SYSTEM32\nmo.cpl (Nokia Corporation) 28/08/2001 5:00:00 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation) 28/08/2001 5:00:00 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation) 28/08/2001 5:00:00 112640 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation) 26/07/2004 2:42:14 24576 C:\WINDOWS\SYSTEM32\prefscpl.cpl (RealNetworks, Inc.) 28/08/2001 5:00:00 277504 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation) 28/08/2001 5:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation) 28/08/2001 5:00:00 90112 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation) 26/05/2005 4:16:32 175896 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation) 29/08/2002 2:41:00 208896 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation) Checking for Downloaded Program Files... {33564D57-0000-0010-8000-00AA00389B71} - - CodeBase = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - HardwareDetection Control - CodeBase = http://drivers1.free.fr/telecharger.php?id=2&version= {8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - a-squared Scanner - CodeBase = http://ax.emsisoft.com/asquared.cab {BD8667B7-38D8-4C77-B580-18C3E146372C} - Creative Toolbox Plug-in - CodeBase = http://bmm.imgag.com/imgag/cp/install/crusher-bef.cab {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash Object - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 20/09/2006 21:30:38 1757 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk () 11/11/2006 16:59:30 681 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk () 20/09/2001 11:51:38 HS 84 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini () 30/06/2004 16:10:00 1740 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk () Checking files in %ALLUSERSPROFILE%\Application Data folder... 20/09/2001 11:38:22 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini () Checking files in %USERPROFILE%\Startup folder... 20/09/2001 11:51:38 HS 84 C:\Documents and Settings\PATRICK HUBERT\Menu Démarrer\Programmes\Démarrage\desktop.ini () Checking files in %USERPROFILE%\Application Data folder... 20/09/2001 11:38:22 HS 62 C:\Documents and Settings\PATRICK HUBERT\Application Data\desktop.ini () 29/10/2006 0:26:16 41288 C:\Documents and Settings\PATRICK HUBERT\Application Data\GDIPFONTCACHEV1.DAT () »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» >>> Internet Explorer Settings <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] \\Start Page - http://desktop.presario.net/scripts/redire...;lc=080c&ac \\Search Bar - http://search.presario.net/scripts/redirec...rch&ap=b204 \\Search Page - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch \\Default_Page_URL - http://www.proximus-interactive.be.htm \\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch \\Local Page - %SystemRoot%\system32\blank.htm [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main] \\Start Page - http://www.google.be/ \\Search Bar - http://home.microsoft.com/search/lobby/search.asp \\Search Page - http://home.microsoft.com/access/allinone.asp \\Local Page - C:\WINDOWS\system32\blank.htm [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search] \\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm \\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] \\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation) >>> BHO's <<< [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] \{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) \{0748BCEA-3708-4842-A65F-7AA6E56EBCD9} - CitiEUBrowserHelper Class = C:\WINDOWS\System32\BhoCitEU.dll (Orbiscom Ltd. All rights reserved.) \{53707962-6F74-2D53-2644-206D7942484F} - = C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited) \{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.) \{F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - IEHlprObj Class = LineAudio.dll () >>> Internet Explorer Bars, Toolbars and Extensions <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] \{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Astuce du jour = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation) \{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] \{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = %SystemRoot%\System32\browseui.dll (Microsoft Corporation) \{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] \\{8E718888-423F-11D2-876E-00A0C9082467} - &Radio = C:\WINDOWS\System32\msdxm.ocx (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] \ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = () \WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\System32\browseui.dll (Microsoft Corporation) \WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Liens = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation) \WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = () \WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = () [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping] \\NEXTID - 8198 \\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8193 = Messenger \\{F2011928-474C-466d-8C33-99B0ED86EEB9} - 8194 = \\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8195 = \\{c95fe080-8f5d-11d2-a20b-00aa003c157a} - 8196 = @shdoclc.dll,-864 \\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8197 = Console Java (Sun) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] \{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Console Java (Sun) = C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll (Sun Microsystems, Inc.) \{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Console Java (Sun) = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID) \{c95fe080-8f5d-11d2-a20b-00aa003c157a} - ButtonText: @shdoclc.dll,-866 = %SystemRoot%\web\related.htm \{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - ButtonText: Real.com = \{F2011928-474C-466d-8C33-99B0ED86EEB9} - ButtonText: Citi Internet Number = C:\Program Files\Citi Internet Number\CitiINum.exe (Orbiscom Ltd. All rights reserved.) \{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation) >>> Approved Shell Extensions (Non-Microsoft Only) <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] \\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Extension Affichage Panorama du Panneau de configuration = deskpan.dll () \\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Extensions de l'environnement de compression de fichiers = () \\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Menu contextuel de cryptage = () \\{88895560-9AA2-1069-930E-00AA0030EBC8} - Extension icône HyperTerminal = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.) \\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Barre des tâches et menu Démarrer = () \\{7A9D77BD-5403-11d2-8785-2E0420524153} - Comptes d'utilisateurs = () \\{D653647D-D607-4DF6-A5B8-48D2BA195F7B} - BitDefender Antivirus v8 = () \\{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} - Set Program Access and Defaults = () \\{596AB062-B4D2-4215-9F74-E9109B0A8153} - Previous Versions Property Page = () \\{9DB7A13C-F208-4981-8353-73CC61AE2783} - Previous Versions = () \\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll () \\{472083B0-C522-11CF-8763-00608CC02F24} - avast = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) \\{D3796116-94D3-4009-96D7-51578411CC7D} - Outpost Shell Extension = () \\{950FF917-7A57-46BC-8017-59D9BF474000} - Shell Extension for CDRW = C:\Program Files\Ahead\InCD\incdshx.dll (Nero AG) \\{40950107-FEA6-4d53-A65F-B2DCBA57DD58} - Nokia Phone Browser = C:\Program Files\Nokia\Nokia PC Suite 6\Components\PhoneBrowserComponents\NokiaPhoneBrowser.dll (Nokia) \\{FBFE7864-D495-41f0-B7DC-4BB601CC295E} - Contact View = C:\Program Files\Nokia\Nokia PC Suite 6\Components\PhoneBrowserComponents\ContactView.dll (Nokia) \\{45AC2688-0253-4ED8-97DE-B5370FA7D48A} - Shell Extension for Malware scanning = () \\ - = () \\{6af09ec9-b429-11d4-a1fb-0090960218cb} - My Bluetooth Places = C:\WINDOWS\System32\btneighborhood.dll () [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] >>> Context Menu Handlers (Non-Microsoft Only) <<< [HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers] \avast - {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll () [HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers] [HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers] \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll () [HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers] \InCDMenu - {950FF917-7A57-46BC-8017-59D9BF474000} = C:\Program Files\Ahead\InCD\incdshx.dll (Nero AG) [HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers] \avast - {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) \BitDefender Antivirus v7 - {D653647D-D607-4DF6-A5B8-48D2BA195F7B} = () \BitDefender Antivirus v8 - {D653647D-D607-4DF6-A5B8-48D2BA195F7B} = () \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll () >>> Column Handlers (Non-Microsoft Only) <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] \{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.) >>> Registry Run Keys <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ATIModeChange - C:\WINDOWS\SYSTEM32\Ati2mdxx.exe (ATI Technologies, Inc.) SynTPLpr - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) SynTPEnh - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) ATIPTA - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.) eabconfg.cpl - C:\Program Files\Compaq\EAB\EabServr.exe (Compaq) srmclean - C:\Cpqs\Scom\srmclean.exe () Cpqset - C:\Program Files\compaq\cpqsetup\cpqset.exe () CitiINum_French - C:\Program Files\Citi Internet Number\CitiINum.exe (Orbiscom Ltd. All rights reserved.) ElbyCheckAnyDVD - C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe (Elaborate Bytes AG) RealTray - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.) IntelliPoint - C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation) avast! - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe () D-Link AirPlus XtremeG - C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe (D-Link) ANIWZCS2Service - C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.) NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) InCD - C:\Program Files\Ahead\InCD\InCD.exe (Nero AG) DataLayer - C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE (Nokia Mobile Phones Ltd.) PCSuiteTrayApplication - C:\PROGRA~1\Nokia\NOKIAP~2\TRAYAP~1.EXE () snpstd - C:\WINDOWS\vsnpstd.exe () RAM Idle - C:\Program Files\Customizer XP\RAM_2K.exe () QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.) MessengerPlus3 - C:\Program Files\MessengerPlus! 3\MsgPlus.exe (Patchou) SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe (Sun Microsystems, Inc.) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] CTFMON.EXE - C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] >>> Startup Links <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk - C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe () C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini () C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup] C:\Documents and Settings\PATRICK HUBERT\Menu Démarrer\Programmes\Démarrage\desktop.ini () >>> MSConfig Disabled Items <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state system.ini 0 win.ini 0 bootini 2 services 0 startup 0 [All Users Startup Folder Disabled Items] [Current User Startup Folder Disabled Items] >>> User Agent Post Platform <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] >>> AppInit Dll's <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs] >>> Image File Execution Options <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] \Your Image File Name Here without a path - Debugger = ntsd -d >>> Shell Service Object Delay Load <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] \\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation) \\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation) \\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation) \\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation) >>> Shell Execute Hooks <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] \\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation) >>> Shared Task Scheduler <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] \\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Pré-chargeur Browseui = %SystemRoot%\System32\browseui.dll (Microsoft Corporation) \\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Démon de cache des catégories de composant = %SystemRoot%\System32\browseui.dll (Microsoft Corporation) >>> Winlogon <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] \\UserInit = C:\WINDOWS\system32\userinit.exe, \\Shell = Explorer.exe \\System = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] \crypt32chain - crypt32.dll = (Microsoft Corporation) \cryptnet - cryptnet.dll = (Microsoft Corporation) \cscdll - cscdll.dll = (Microsoft Corporation) \ScCertProp - wlnotify.dll = (Microsoft Corporation) \Schedule - wlnotify.dll = (Microsoft Corporation) \sclgntfy - sclgntfy.dll = (Microsoft Corporation) \SensLogn - WlNotify.dll = (Microsoft Corporation) \termsrv - wlnotify.dll = (Microsoft Corporation) \wlballoon - wlnotify.dll = (Microsoft Corporation) >>> DNS Name Servers <<< {1358F57A-895A-4B80-94A3-1AE9FA4D5DB1} - () {344D726A-AB66-48BA-99F2-2E6AD6524577} - () {952445BE-EE08-4E95-858F-C13AA16F5DC2} - (Carte réseau 1394) {9FC5123C-30F9-4F71-9C25-A312366D84FB} - (D-Link AirPlus DWL-G650 Wireless Cardbus Adapter(rev.C)) {A95B784E-459B-426B-A9C6-627CEE0EB26B} - () {B78DEED4-FC12-43AA-88E4-AB520F0D9EDF} - (Carte réseau Fast Ethernet PCI Realtek RTL8139 Family) >>> All Winsock2 Catalogs <<< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries] \000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation) \000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation) \000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries] \000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000004\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation) \000000000006\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation) \000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000019\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000020\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000021\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) >>> Protocol Handlers (Non-Microsoft Only) <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler] \ipp - () \msdaipp - () >>> Protocol Filters (Non-Microsoft Only) <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter] >>> Selected AddOn's <<< »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» le rapport de Kaspersky sera posté dès qu'il sera fait cordialement, Manly pour son Mister qui travaille

Up Cela m'inquiète vraiment, cette lenteur de mon pc est-il du aux différentes attaques reçues par Netsky? Merci de me répondre

Bonjour, Suite à la lenteur de mon pc, j'ai déjà suivi les instructions de Papo pour configurer mes services. J'ai aussi fait un scan antivir en mode sans échec, qui a trouvé dans le fichier de quarantaine d'Avast Netsky. J'ai demandé la suppression de ces fichiers, mais cela m'a été refusé. Je joins mon rapport HijackThis. si vous pouviez me dire si je suis encore infecté. Merci. Logfile of HijackThis v1.99.1 Scan saved at 18:51:15, on 16/11/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Compaq\EAB\EabServr.exe C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE C:\PROGRA~1\Nokia\NOKIAP~2\TRAYAP~1.EXE C:\WINDOWS\vsnpstd.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe C:\WINDOWS\explorer.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.proximus-interactive.be.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...rch&ap=b204 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redire...;lc=080c&ac R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet access provided by Proximus R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: CitiEUBrowserHelper Class - {0748BCEA-3708-4842-A65F-7AA6E56EBCD9} - C:\WINDOWS\System32\BhoCitEU.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\compaq\cpqsetup\cpqset.exe O4 - HKLM\..\Run: [CitiINum_French] C:\Program Files\Citi Internet Number\CitiINum.exe /dontopenmycards O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~2\TRAYAP~1.EXE O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\Customizer XP\RAM_2K.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing) O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Citi Internet Number - {F2011928-474C-466d-8C33-99B0ED86EEB9} - C:\Program Files\Citi Internet Number\CitiINum.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://www.proximus-interactive.be.htm O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version= O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-bef.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe Merci