diogene

rebonjour, merci pour tous les conseils. je vais me lancer dans la prévention de mon ordi. cela ma me parait moins rébarbatif et surtout plus compréhensible

Bonjour, Merci bcp pour ton aide qui a été très claire. les 2 problèmes qui me restent sont: 1 mise en veille de l 'ordi quand je ne l'utilise pas càd il s'éteint au bout d'un temps variable ( 5 min ou 15 min)et redémarre avec la touche marche arrêt. C'est apparu il y a 10 jours. 2 j'ai la fenêtre pub "centre de sécurité qui s'ouvre systématiquement. Mais d'après les forums je ne suis pas la seule dans ce cas. De toute façon, il faut que j'installe un pare feu. Merci encore.

bonsoir, voici le rapport kaspersky. bonne soirée ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Friday, November 09, 2007 8:07:20 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 9/11/2007 Kaspersky Anti-Virus database records: 455455 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 80391 Number of viruses found: 0 Number of infected objects: 0 Number of suspicious objects: 0 Duration of the scan process: 00:51:55 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\MICHEL\Cookies\index.dat Object is locked skipped C:\Documents and Settings\MICHEL\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\MICHEL\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\MICHEL\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\MICHEL\Local Settings\Application Data\Microsoft\Windows Live Contacts\delphineco34@hotmail.fr\real\members.stg Object is locked skipped C:\Documents and Settings\MICHEL\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\MICHEL\Local Settings\Historique\History.IE5\MSHist012007110920071110\index.dat Object is locked skipped C:\Documents and Settings\MICHEL\Local Settings\Temp\~DFE6CF.tmp Object is locked skipped C:\Documents and Settings\MICHEL\Local Settings\Temp\~DFE6E1.tmp Object is locked skipped C:\Documents and Settings\MICHEL\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\MICHEL\NTUSER.DAT Object is locked skipped C:\Documents and Settings\MICHEL\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{F8F560D9-6FB7-44C6-856C-8CFF7FFB9331}\RP896\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.

rebonjour, Je viens de terminer le scan avec kapersky dont voici le rapport: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Friday, November 09, 2007 4:49:35 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 9/11/2007 Kaspersky Anti-Virus database records: 455226 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 83413 Number of viruses found: 1 Number of infected objects: 4 Number of suspicious objects: 0 Duration of the scan process: 00:58:59 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\MICHEL\Cookies\index.dat Object is locked skipped C:\Documents and Settings\MICHEL\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\MICHEL\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\MICHEL\Local Settings\Application Data\Microsoft\Windows Live Contacts\delphineco34@hotmail.fr\real\members.stg Object is locked skipped C:\Documents and Settings\MICHEL\Local Settings\Application Data\Microsoft\Windows Live Contacts\delphineco34@hotmail.fr\shadow\members.stg Object is locked skipped C:\Documents and Settings\MICHEL\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\MICHEL\Local Settings\Temp\~DF2118.tmp Object is locked skipped C:\Documents and Settings\MICHEL\Local Settings\Temp\~DF212B.tmp Object is locked skipped C:\Documents and Settings\MICHEL\Local Settings\Temp\~DF3214.tmp Object is locked skipped C:\Documents and Settings\MICHEL\Local Settings\Temp\~DF3625.tmp Object is locked skipped C:\Documents and Settings\MICHEL\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\MICHEL\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\MICHEL\NTUSER.DAT Object is locked skipped C:\Documents and Settings\MICHEL\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{F8F560D9-6FB7-44C6-856C-8CFF7FFB9331}\RP892\A0094098.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Comet.az skipped C:\System Volume Information\_restore{F8F560D9-6FB7-44C6-856C-8CFF7FFB9331}\RP892\A0094098.exe/stream Infected: not-a-virus:AdWare.Win32.Comet.az skipped C:\System Volume Information\_restore{F8F560D9-6FB7-44C6-856C-8CFF7FFB9331}\RP892\A0094098.exe NSIS: infected - 2 skipped C:\System Volume Information\_restore{F8F560D9-6FB7-44C6-856C-8CFF7FFB9331}\RP892\A0094098.exe CryptFF: infected - 2 skipped C:\System Volume Information\_restore{F8F560D9-6FB7-44C6-856C-8CFF7FFB9331}\RP894\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. voici le log hijackthis refait après le scan kapersky car l'ordi s'est éteint et j'ai perdu celui ait avant: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:50:42, on 09/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\DOCUME~1\MICHEL\LOCALS~1\Temp\Répertoire temporaire 5 pour HiJackThis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.tele2.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...oz2yelTLfknnpfW R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ins3DT] E:\INSTALL4\INS3DT.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: E-Compagnon.lnk = C:\Program Files\ColiPoste\e-COMO\e-COMO.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Pinnacle Scheduler.lnk = ? O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1109865715515 O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://82.230.29.119:8080//activex/AMC.cab O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://msnfr.oberon-media.com/online2/MSN_...sh.1.0.0.80.cab O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_...gamesloader.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{DE5967E3-472F-4336-8970-D07E91997EFD}: NameServer = 212.151.136.254,130.244.127.162 O18 - Protocol: msell - {E90F00EC-3694-11D2-99FE-00104B2D62CC} - C:\PROGRA~1\FICHIE~1\MICROS~1\REFERE~1\MSELL.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing) O23 - Service: Pack Sécurité TELE2 Internet (BackWeb Plug-in - 2338637) - Unknown owner - C:\PROGRA~1\Tele2\backweb\2338637\Program\SERVIC~1.EXE (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) -- End of file - 9131 bytes par ailleurs j'ai voulu installé le pare feu kerio que tu conseilles mais il n'existe plus sur inoculer et la procédure me parait asez délicate pour moi car il y a bcp de choix à effectuer et je n'y connais pas grand chose. merci encore de ton aide

Rebonjour, Voilà j'ai suivi ta procédure très claire et bien expliquée. Je te mets les 2 rapports etle log hijackthis rapport SDfix: SDFix: Version 1.114 Run by MICHEL on 09/11/2007 at 10:52 Microsoft Windows XP [version 5.1.2600] Running From: C:\DOCUME~1\MICHEL\Bureau\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\Documents and Settings\MICHEL\Local Settings\Temp\7f52c065-49f1-c633-2438-8a1a528cf917.tmp.exe - Deleted C:\WINDOWS\system32\winsys.exe - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-09 10:59:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:Partage de l'application RTC" "C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows© NetMeeting©" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Disabled:Nero Home" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Tele2\\backweb\\2338637\\Program\\fspex.exe"="C:\\Program Files\\Tele2\\backweb\\2338637\\Program\\fspex.exe:*:Enabled:Pack S‚curit‚ TELE2 Internet" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Pinnacle\\Pinnacle PCTV\\TeleText\\WebServer.exe"="C:\\Program Files\\Pinnacle\\Pinnacle PCTV\\TeleText\\WebServer.exe:*:Disabled:WebServer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Tele2\\backweb\\2338637\\Program\\fspex.exe"="C:\\Program Files\\Tele2\\backweb\\2338637\\Program\\fspex.exe:*:Enabled:Pack S‚curit‚ TELE2 Internet" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files: --------------- File Backups: - C:\DOCUME~1\MICHEL\Bureau\SDFix\backups\backups.zip Files with Hidden Attributes: Mon 26 Dec 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sat 13 Nov 2004 37,376 ...H. --- "C:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe" Mon 26 Dec 2005 4,348 ...H. --- "C:\Documents and Settings\MICHEL\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak" Tue 19 Sep 2006 20 A..H. --- "C:\Documents and Settings\MICHEL\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak" Sat 16 Apr 2005 312 A.SH. --- "C:\Documents and Settings\MICHEL\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak" Finished! rapport AVG: --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 10:47:07 09/11/2007 + Résultat de l'analyse: HKLM\SOFTWARE\IntexusDial -> Dialer.Generic : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\MICHEL\Cookies\michel@247realmedia[3].txt -> TrackingCookie.247realmedia : Nettoyé. C:\Documents and Settings\MICHEL\Local Settings\Temp\Cookies\michel@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@anxaeurope.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@bwincom.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@cnn.122.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@divx.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@fnac.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@gettyimages.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@karavel.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@macromedia.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@microsoftconsumermarketing.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@mistergooddeal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@msninvite.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@msnuk.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@sfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@solmeliahotels.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\MICHEL\Local Settings\Temp\Cookies\michel@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@4.adbrite[3].txt -> TrackingCookie.Adbrite : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ad.admarketplace[2].txt -> TrackingCookie.Admarketplace : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@admarketplace[1].txt -> TrackingCookie.Admarketplace : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@www.adobe[1].txt -> TrackingCookie.Adobe : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@adrenaline[1].txt -> TrackingCookie.Adrenaline : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@adrevolver[1].txt -> TrackingCookie.Adrevolver : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@media.adrevolver[3].txt -> TrackingCookie.Adrevolver : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@z1.adserver[1].txt -> TrackingCookie.Adserver : Nettoyé. C:\Documents and Settings\MICHEL\Local Settings\Temp\Cookies\michel@z1.adserver[1].txt -> TrackingCookie.Adserver : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé. C:\Documents and Settings\MICHEL\Local Settings\Temp\Cookies\michel@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé. C:\Documents and Settings\MICHEL\Local Settings\Temp\Cookies\michel@servedby.advertising[2].txt -> TrackingCookie.Advertising : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@adviva[1].txt -> TrackingCookie.Adviva : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé. C:\Documents and Settings\MICHEL\Local Settings\Temp\Cookies\michel@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@bfast[2].txt -> TrackingCookie.Bfast : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@iv2.bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\MICHEL\Local Settings\Temp\Cookies\michel@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@burstnet[1].txt -> TrackingCookie.Burstnet : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@casalemedia[1].txt -> TrackingCookie.Casalemedia : Nettoyé. C:\Documents and Settings\MICHEL\Local Settings\Temp\Cookies\michel@casalemedia[1].txt -> TrackingCookie.Casalemedia : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@casinotropez[1].txt -> TrackingCookie.Casinotropez : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@promo.casinotropez[1].txt -> TrackingCookie.Casinotropez : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@www.casinotropez[2].txt -> TrackingCookie.Casinotropez : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@centrport[2].txt -> TrackingCookie.Centrport : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@clickbank[2].txt -> TrackingCookie.Clickbank : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ads.guardian.co[1].txt -> TrackingCookie.Co : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Nettoyé. C:\Documents and Settings\MICHEL\Local Settings\Temp\Cookies\michel@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@connextra[2].txt -> TrackingCookie.Connextra : Nettoyé. C:\Documents and Settings\MICHEL\Local Settings\Temp\Cookies\michel@connextra[2].txt -> TrackingCookie.Connextra : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@test.coremetrics[1].txt -> TrackingCookie.Coremetrics : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@dealtime[1].txt -> TrackingCookie.Dealtime : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé. C:\Documents and Settings\MICHEL\Local Settings\Temp\Cookies\michel@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@c.enhance[1].txt -> TrackingCookie.Enhance : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@e-2dj6wgkysmcpsko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@e-2dj6wjliclajgdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@e-2dj6wjnyend5wdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@estat[2].txt -> TrackingCookie.Estat : Nettoyé. C:\Documents and Settings\MICHEL\Local Settings\Temp\Cookies\michel@estat[1].txt -> TrackingCookie.Estat : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@www.etracker[2].txt -> TrackingCookie.Etracker : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Nettoyé. C:\Documents and Settings\MICHEL\Local Settings\Temp\Cookies\michel@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@as-us.falkag[1].txt -> TrackingCookie.Falkag : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@sel.as-us.falkag[2].txt -> TrackingCookie.Falkag : Nettoyé. C:\Documents and Settings\MICHEL\Local Settings\Temp\Cookies\michel@as1.falkag[2].txt -> TrackingCookie.Falkag : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@media.fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé. C:\Documents and Settings\MICHEL\Local Settings\Temp\Cookies\michel@fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé. C:\Documents and Settings\MICHEL\Local Settings\Temp\Cookies\michel@media.fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@findwhat[1].txt -> TrackingCookie.Findwhat : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@fortunecity[1].txt -> TrackingCookie.Fortunecity : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@banner.goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ehg-adversitement.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ehg-bestwestern.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ehg-bskyb.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ehg-christiandior.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ehg-citenumerique.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ehg-cogemag.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ehg-danieljouvance.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ehg-france24.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ehg-francetel.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ehg-francetelecom.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ehg-gmi.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ehg-guess.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ehg-knightridder.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ehg-kodak.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ehg-learningco.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ehg-mybc.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ehg-neuftelecom.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ehg-quiksilver.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ehg-randomhouse.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ehg-ricaud.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ehg-techtarget.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ehg-telecomitalia.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ehg-twi.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ehg-warnerbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ehg-xxolympicwintergames.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ehg-youtube.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ehg-yvesrocher.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ehg.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@phg.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@counter2.hitslink[2].txt -> TrackingCookie.Hitslink : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@hotlog[1].txt -> TrackingCookie.Hotlog : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@searchportal.information[1].txt -> TrackingCookie.Information : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ivwbox[2].txt -> TrackingCookie.Ivwbox : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@image.masterstats[1].txt -> TrackingCookie.Masterstats : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@mediaplex[2].txt -> TrackingCookie.Mediaplex : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@search.msn[1].txt -> TrackingCookie.Msn : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@navrcholu[2].txt -> TrackingCookie.Navrcholu : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@stat.onestat[1].txt -> TrackingCookie.Onestat : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@data3.perf.overture[2].txt -> TrackingCookie.Overture : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@overture[2].txt -> TrackingCookie.Overture : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@perf.overture[1].txt -> TrackingCookie.Overture : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ads.planetactive[1].txt -> TrackingCookie.Planetactive : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@qksrv[1].txt -> TrackingCookie.Qksrv : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@questionmarket[2].txt -> TrackingCookie.Questionmarket : Nettoyé. C:\Documents and Settings\MICHEL\Local Settings\Temp\Cookies\michel@questionmarket[2].txt -> TrackingCookie.Questionmarket : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@fr.real[2].txt -> TrackingCookie.Real : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@france.real[1].txt -> TrackingCookie.Real : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@real[1].txt -> TrackingCookie.Real : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@realguide.real[2].txt -> TrackingCookie.Real : Nettoyé. C:\Documents and Settings\MICHEL\Local Settings\Temp\Cookies\michel@real[1].txt -> TrackingCookie.Real : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Nettoyé. C:\Documents and Settings\MICHEL\Local Settings\Temp\Cookies\michel@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@realmedia[2].txt -> TrackingCookie.Realmedia : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@revenue[1].txt -> TrackingCookie.Revenue : Nettoyé. C:\Documents and Settings\MICHEL\Local Settings\Temp\Cookies\michel@revenue[1].txt -> TrackingCookie.Revenue : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@revsci[1].txt -> TrackingCookie.Revsci : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@edge.ru4[1].txt -> TrackingCookie.Ru4 : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@serving-sys[3].txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Documents and Settings\MICHEL\Local Settings\Temp\Cookies\michel@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Documents and Settings\MICHEL\Local Settings\Temp\Cookies\michel@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\MICHEL\Local Settings\Temp\Cookies\michel@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@spylog[1].txt -> TrackingCookie.Spylog : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@h.starware[1].txt -> TrackingCookie.Starware : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@try.starware[2].txt -> TrackingCookie.Starware : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@statcounter[2].txt -> TrackingCookie.Statcounter : Nettoyé. C:\Documents and Settings\MICHEL\Local Settings\Temp\Cookies\michel@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@tacoda[2].txt -> TrackingCookie.Tacoda : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@targetnet[2].txt -> TrackingCookie.Targetnet : Nettoyé. C:\Documents and Settings\MICHEL\Local Settings\Temp\Cookies\michel@targetnet[1].txt -> TrackingCookie.Targetnet : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@php.sales.tfag[1].txt -> TrackingCookie.Tfag : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé. C:\Documents and Settings\MICHEL\Local Settings\Temp\Cookies\michel@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@trafficmp[2].txt -> TrackingCookie.Trafficmp : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@trafic[1].txt -> TrackingCookie.Trafic : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@hlwd.valueclick[2].txt -> TrackingCookie.Valueclick : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@pr.valueclick[1].txt -> TrackingCookie.Valueclick : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@valueclick[2].txt -> TrackingCookie.Valueclick : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@valueclick[3].txt -> TrackingCookie.Valueclick : Nettoyé. C:\Documents and Settings\MICHEL\Local Settings\Temp\Cookies\michel@valueclick[2].txt -> TrackingCookie.Valueclick : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@www.vegasred[1].txt -> TrackingCookie.Vegasred : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@server1.web-stat[1].txt -> TrackingCookie.Web-stat : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@web-stat[2].txt -> TrackingCookie.Web-stat : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@webstat[3].txt -> TrackingCookie.Web-stat : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@www.web-stat[2].txt -> TrackingCookie.Web-stat : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@blackbox.weborama[2].txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\MICHEL\Local Settings\Temp\Cookies\michel@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@m.webtrends[1].txt -> TrackingCookie.Webtrends : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@statse.webtrendslive[3].txt -> TrackingCookie.Webtrendslive : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@yadro[1].txt -> TrackingCookie.Yadro : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé. C:\Documents and Settings\MICHEL\Local Settings\Temp\Cookies\michel@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé. C:\Documents and Settings\MICHEL\Cookies\michel@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé. C:\Documents and Settings\MICHEL\Local Settings\Temp\Cookies\michel@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé. Fin du rapport log hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:09:09, on 09/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe C:\DOCUME~1\MICHEL\LOCALS~1\Temp\Répertoire temporaire 3 pour HiJackThis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.tele2.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...oz2yelTLfknnpfW R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ins3DT] E:\INSTALL4\INS3DT.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [NvCplScan] nvsc32.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [NvCplScan] nvsc32.exe (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: E-Compagnon.lnk = C:\Program Files\ColiPoste\e-COMO\e-COMO.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Pinnacle Scheduler.lnk = ? O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1109865715515 O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://82.230.29.119:8080//activex/AMC.cab O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://msnfr.oberon-media.com/online2/MSN_...sh.1.0.0.80.cab O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_...gamesloader.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{DE5967E3-472F-4336-8970-D07E91997EFD}: NameServer = 212.151.136.254,130.244.127.162 O18 - Protocol: msell - {E90F00EC-3694-11D2-99FE-00104B2D62CC} - C:\PROGRA~1\FICHIE~1\MICROS~1\REFERE~1\MSELL.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing) O23 - Service: Pack Sécurité TELE2 Internet (BackWeb Plug-in - 2338637) - Unknown owner - C:\PROGRA~1\Tele2\backweb\2338637\Program\SERVIC~1.EXE (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) -- End of file - 9165 bytes Merci de prendre de ton temps pour me faire part de tes conclusions

Merci beaucoup pour ton aide . je viens d'imprimer la procédure et je vais m'y lancer.

Bonjour à tous. Puvez-vous m'aider à analyser mon rapport hijackthis. merci beaucoup de l'aide. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:37:31, on 08/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\MICHEL\LOCALS~1\Temp\Répertoire temporaire 2 pour HiJackThis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.tele2.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...oz2yelTLfknnpfW R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ins3DT] E:\INSTALL4\INS3DT.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [NvCplScan] nvsc32.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\RunServices: [NvCplScan] nvsc32.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [NvCplScan] nvsc32.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [NvCplScan] nvsc32.exe (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: E-Compagnon.lnk = C:\Program Files\ColiPoste\e-COMO\e-COMO.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Pinnacle Scheduler.lnk = ? O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1109865715515 O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://82.230.29.119:8080//activex/AMC.cab O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://msnfr.oberon-media.com/online2/MSN_...sh.1.0.0.80.cab O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_...gamesloader.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{DE5967E3-472F-4336-8970-D07E91997EFD}: NameServer = 212.151.136.254,130.244.127.162 O18 - Protocol: msell - {E90F00EC-3694-11D2-99FE-00104B2D62CC} - C:\PROGRA~1\FICHIE~1\MICROS~1\REFERE~1\MSELL.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Pack Sécurité TELE2 Internet (BackWeb Plug-in - 2338637) - Unknown owner - C:\PROGRA~1\Tele2\backweb\2338637\Program\SERVIC~1.EXE (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) -- End of file - 8954 bytes

Merci pour l'info. Je suisen train de faire un scan avec la nouvelle version de antivir

Bonjour, Voici mon nouveau log hijackthis. par ailleurs j'ai mis en place antivir avec le lien indiqué mais je n'ai pas de mises à jour. C'est normal ou faut-il prendre une autre version ? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:51:51, on 06/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\MICHEL\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.tele2.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...oz2yelTLfknnpfW R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ins3DT] E:\INSTALL4\INS3DT.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [NvCplScan] nvsc32.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\RunServices: [NvCplScan] nvsc32.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [NvCplScan] nvsc32.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [NvCplScan] nvsc32.exe (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: E-Compagnon.lnk = C:\Program Files\ColiPoste\e-COMO\e-COMO.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Pinnacle Scheduler.lnk = ? O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1109865715515 O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://82.230.29.119:8080//activex/AMC.cab O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://msnfr.oberon-media.com/online2/MSN_...sh.1.0.0.80.cab O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_...gamesloader.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{DE5967E3-472F-4336-8970-D07E91997EFD}: NameServer = 212.151.136.254,130.244.127.162 O18 - Protocol: msell - {E90F00EC-3694-11D2-99FE-00104B2D62CC} - C:\PROGRA~1\FICHIE~1\MICROS~1\REFERE~1\MSELL.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Pack Sécurité TELE2 Internet (BackWeb Plug-in - 2338637) - Unknown owner - C:\PROGRA~1\Tele2\backweb\2338637\Program\SERVIC~1.EXE (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) -- End of file - 9060 bytes

je n'ai pas trouvé dans les progrmmes mais en recherche de fichier et je l'ai supprimé. J'espère que cela suffit.

Merci pour l'info. Mais j'ai cherché à l désinstaller mais je ne le trouve pas dans la liste de mes programmes. Il est sous un autre nom??

PS je ne sais pas ce qu'est bit comet

merci beaucoup pour ta réponse rapide. J'ai désinstallé norton, f-secure et avaast par tes liens. J'ai retiré les toolbars de google et yahoo. je suis en train d'installer antivir. Mais j'ai fait peut-être du zèle en désinstallant aussi windows defender.

Bonjour, Je suis nouvelle sur le forum et et novice en informatique. Mon ord est infecté par trojan détecté par avast. J'ai continuellement un avis de sécurité pour télécharger un logiciel. J'ai l'impression que tout se déplace sur mon bureau. De plus mon ordi s'arrête fréqemment. En lisant le forum j'ai l'impression de ne pas être la seule à être dans ce cas. J'ai donc installé hijack comme conseillé. Pouvez-vous m'aider? Si c'est possible merci beaucoup de votre aide. Voici le rapport: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:24:09, on 05/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\PROGRA~1\Tele2\backweb\2338637\Program\SERVIC~1.EXE C:\Program Files\Tele2\backweb\2338637\program\fsbwsys.exe C:\Program Files\Tele2\Common\FSMA32.EXE C:\Program Files\Tele2\Common\FSMB32.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Tele2\backweb\2338637\Program\fspex.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Tele2\Common\FCH32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Tele2\Common\FAMEH32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Tele2\FSPC\fspc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Tele2\Common\FSM32.EXE C:\Program Files\Tele2\FSGUI\fsguidll.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\MICHEL\LOCALS~1\Temp\Répertoire temporaire 2 pour HiJackThis[1].zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.tele2.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...oz2yelTLfknnpfW R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ins3DT] E:\INSTALL4\INS3DT.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [NvCplScan] nvsc32.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Tele2\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Tele2\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Tele2\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\RunServices: [NvCplScan] nvsc32.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [NvCplScan] nvsc32.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [NvCplScan] nvsc32.exe (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: E-Compagnon.lnk = C:\Program Files\ColiPoste\e-COMO\e-COMO.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Pack Sécurité TELE2 Internet.lnk = C:\Program Files\Tele2\backweb\2338637\Program\fspex.exe O4 - Global Startup: Pinnacle Scheduler.lnk = ? O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Tele2\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Tele2\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Tele2\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1109865715515 O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://82.230.29.119:8080//activex/AMC.cab O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://msnfr.oberon-media.com/online2/MSN_...sh.1.0.0.80.cab O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_...gamesloader.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{DE5967E3-472F-4336-8970-D07E91997EFD}: NameServer = 212.151.136.254,130.244.127.162 O18 - Protocol: msell - {E90F00EC-3694-11D2-99FE-00104B2D62CC} - C:\PROGRA~1\FICHIE~1\MICROS~1\REFERE~1\MSELL.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Pack Sécurité TELE2 Internet (BackWeb Plug-in - 2338637) - F-Secure Corp. - C:\PROGRA~1\Tele2\backweb\2338637\Program\SERVIC~1.EXE O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Tele2\backweb\2338637\program\fsbwsys.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Tele2\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- End of file - 11925 bytes