charisma

Pour le firewall je vais prendre kerio : je ne m'en suis pas occupé depuis que j'ai mon nouveau disque dur, mais auparavant je l'utilisais tout le temps (il fut un temps lointain ou je m'occupais de la sécurité de mon ordinateur...) En plus d'Antivir et de Kerio que faut-il en plus ? Un anti-spyware ? MBAM convient ? Autre chose ? Et je n'utilise pas spybot, je l'ai juste téléchargé suite aux problèmes que je venait d'avoir. Voici le log :

J'ai fait le 1) mais pas le 2). Ce n'est pas que je veut pas, mais là pour le moment j'ai un peu la flemme... Mais bon vu que je ne voudrais pas venir embêter les gens pour mes problêmes ici alors qu'un bon antivirus aurait suffit, je le ferais peut-être dans la semaine, auquel cas, je viendrais mettre le rapport ici. Merci beaucoup !

Ca me donne que le log (j'ai essayé deux fois). Encore une fois, merci beaucoup de m'avoir aidé !

Alors j'ai prit la liberté de selectionner tout les disques et les péréphiques pour faire l'analyse (je suppose que c'était dans ce but là que tu m'avais dit de les brancher). A priori ça a marché : plus de site bizarre du tout ! Le seul truc qui me faisait encore peur c'était mon Igoogle qui était tout bizarre, mais je vient de voir que c'était normal ! Par contre c'est tout nase, on peut revenir à lancienne version de Igoogle ? En tout cas merci beaucoup ! Voilà le rapport :

Voici le log : Et voici le info :

Merci pour la remise en forme ! A noter qu'avec Opera je n'ai pas de problème du tout (contrairement a firefox et chrome). Bon c'est sympa d'être sur Opera (je découvre plein de fonctionalité, haha) mais vivement le retour sur Firefox ! Vous avez besoin d'autres information ou me contenter d'attendre suffit ? Merci d'avance !

Comme dit dans le titre, de temps en temps j'ai une redirection qui sort de nul part quand je surf sur internet. J'ai aussi mon Igoogle qui se met comme si il était en anglais, alors que je le règle bien pour qu'il soit en français. Et ça me fait ça aussi bien sous Firefox que sous Google Chrome (je n'ai pas testé les autres navigateurs). J'ai aussi de temps en temps des fenêtres d'Internet Explorer qui se lancent toutes seules. Voici le fichier et merci d'avance ! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:14:52, on 15/07/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18372) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\Logitech\Video\CameraAssistant.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\ALCXMNTR.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\sySTEM32\SvchoSt.ExE C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe c:\windows\pp10.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Opera\opera.exe C:\Documents and Settings\Propriétaire\Mes documents\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.fr/ig?hl=fr"]http://www.google.fr/ig?hl=fr[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: IEDownloadCatcher.DownloadManager - {AECB3C96-189C-35F9-9C0B-A3832B3C1839} - mscoree.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\RunOnce: [spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKLM\..\RunOnce: [spybotDeletingA1917] command /c del "C:\Program Files\Everest Poker\casino.exe" O4 - HKLM\..\RunOnce: [spybotDeletingC4767] cmd /c del "C:\Program Files\Everest Poker\casino.exe" O4 - HKLM\..\RunOnce: [spybotDeletingA2093] command /c del "C:\Program Files\Everest Poker\gvcrt.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC4312] cmd /c del "C:\Program Files\Everest Poker\gvcrt.dll" O4 - HKLM\..\RunOnce: [spybotDeletingA5432] command /c del "C:\Program Files\Everest Poker\gvmain.exe" O4 - HKLM\..\RunOnce: [spybotDeletingC2255] cmd /c del "C:\Program Files\Everest Poker\gvmain.exe" O4 - HKLM\..\RunOnce: [spybotDeletingA5832] command /c del "C:\Program Files\Everest Poker\data\shared\en\country.txt" O4 - HKLM\..\RunOnce: [spybotDeletingC541] cmd /c del "C:\Program Files\Everest Poker\data\shared\en\country.txt" O4 - HKLM\..\RunOnce: [spybotDeletingA5586] command /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt" O4 - HKLM\..\RunOnce: [spybotDeletingC2468] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt" O4 - HKLM\..\RunOnce: [spybotDeletingA7281] command /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art" O4 - HKLM\..\RunOnce: [spybotDeletingC6047] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art" O4 - HKLM\..\RunOnce: [spybotDeletingA1186] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg" O4 - HKLM\..\RunOnce: [spybotDeletingC320] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg" O4 - HKLM\..\RunOnce: [spybotDeletingA5402] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg" O4 - HKLM\..\RunOnce: [spybotDeletingC6581] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg" O4 - HKLM\..\RunOnce: [spybotDeletingA3608] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg" O4 - HKLM\..\RunOnce: [spybotDeletingC8438] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg" O4 - HKLM\..\RunOnce: [spybotDeletingA3662] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg" O4 - HKLM\..\RunOnce: [spybotDeletingC2318] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg" O4 - HKLM\..\RunOnce: [spybotDeletingA660] command /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico" O4 - HKLM\..\RunOnce: [spybotDeletingC2364] cmd /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico" O4 - HKLM\..\RunOnce: [spybotDeletingA5031] command /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg" O4 - HKLM\..\RunOnce: [spybotDeletingC5699] cmd /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg" O4 - HKLM\..\RunOnce: [spybotDeletingA4410] command /c del "C:\WINDOWS\system32\zipfldr.dll_old" O4 - HKLM\..\RunOnce: [spybotDeletingC8972] cmd /c del "C:\WINDOWS\system32\zipfldr.dll_old" O4 - HKLM\..\RunOnce: [spybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [spybotDeletingB9678] command /c del "C:\Program Files\Everest Poker\casino.exe" O4 - HKCU\..\RunOnce: [spybotDeletingD4177] cmd /c del "C:\Program Files\Everest Poker\casino.exe" O4 - HKCU\..\RunOnce: [spybotDeletingB4827] command /c del "C:\Program Files\Everest Poker\gvcrt.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD8185] cmd /c del "C:\Program Files\Everest Poker\gvcrt.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB3852] command /c del "C:\Program Files\Everest Poker\gvmain.exe" O4 - HKCU\..\RunOnce: [spybotDeletingD365] cmd /c del "C:\Program Files\Everest Poker\gvmain.exe" O4 - HKCU\..\RunOnce: [spybotDeletingB6543] command /c del "C:\Program Files\Everest Poker\data\shared\en\country.txt" O4 - HKCU\..\RunOnce: [spybotDeletingD373] cmd /c del "C:\Program Files\Everest Poker\data\shared\en\country.txt" O4 - HKCU\..\RunOnce: [spybotDeletingB9242] command /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt" O4 - HKCU\..\RunOnce: [spybotDeletingD8566] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt" O4 - HKCU\..\RunOnce: [spybotDeletingB9760] command /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art" O4 - HKCU\..\RunOnce: [spybotDeletingD7781] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art" O4 - HKCU\..\RunOnce: [spybotDeletingB50] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg" O4 - HKCU\..\RunOnce: [spybotDeletingD805] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg" O4 - HKCU\..\RunOnce: [spybotDeletingB2191] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg" O4 - HKCU\..\RunOnce: [spybotDeletingD1096] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg" O4 - HKCU\..\RunOnce: [spybotDeletingB3152] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg" O4 - HKCU\..\RunOnce: [spybotDeletingD5084] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg" O4 - HKCU\..\RunOnce: [spybotDeletingB8484] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg" O4 - HKCU\..\RunOnce: [spybotDeletingD7586] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg" O4 - HKCU\..\RunOnce: [spybotDeletingB6786] command /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico" O4 - HKCU\..\RunOnce: [spybotDeletingD454] cmd /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico" O4 - HKCU\..\RunOnce: [spybotDeletingB5334] command /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg" O4 - HKCU\..\RunOnce: [spybotDeletingD8215] cmd /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg" O4 - HKCU\..\RunOnce: [spybotDeletingB1152] command /c del "C:\WINDOWS\system32\zipfldr.dll_old" O4 - HKCU\..\RunOnce: [spybotDeletingD8371] cmd /c del "C:\WINDOWS\system32\zipfldr.dll_old" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Startup: rncsys32.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: Download with Faster Downloader - C:\Program Files\PsykonikCorp\Faster Downloader\dl.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - [url="http://www.wanadoo.fr"]http://www.wanadoo.fr[/url] (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=www.google.fr O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url="http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl"]http://www.update.microsoft.com/windowsupd...trols/en/x86/cl[/url] ient/wuweb_site.cab?1186048786656 O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - [url="http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab"]http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab[/url] O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - [url="https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx"]https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx[/url] O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe -- End of file - 15866 bytes ============== Log remis en forme (par Mark) : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:14:52, on 15/07/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18372) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\Logitech\Video\CameraAssistant.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\ALCXMNTR.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\sySTEM32\SvchoSt.ExE C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe c:\windows\pp10.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Opera\opera.exe C:\Documents and Settings\Propriétaire\Mes documents\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo SEARCH~1.DLL R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: IEDownloadCatcher.DownloadManager - {AECB3C96-189C-35F9-9C0B-A3832B3C1839} - mscoree.dll (file missing) O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\RunOnce: [spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKLM\..\RunOnce: [spybotDeletingA1917] command /c del "C:\Program Files\Everest Poker\casino.exe" O4 - HKLM\..\RunOnce: [spybotDeletingC4767] cmd /c del "C:\Program Files\Everest Poker\casino.exe" O4 - HKLM\..\RunOnce: [spybotDeletingA2093] command /c del "C:\Program Files\Everest Poker\gvcrt.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC4312] cmd /c del "C:\Program Files\Everest Poker\gvcrt.dll" O4 - HKLM\..\RunOnce: [spybotDeletingA5432] command /c del "C:\Program Files\Everest Poker\gvmain.exe" O4 - HKLM\..\RunOnce: [spybotDeletingC2255] cmd /c del "C:\Program Files\Everest Poker\gvmain.exe" O4 - HKLM\..\RunOnce: [spybotDeletingA5832] command /c del "C:\Program Files\Everest Poker\data\shared\en\country.txt" O4 - HKLM\..\RunOnce: [spybotDeletingC541] cmd /c del "C:\Program Files\Everest Poker\data\shared\en\country.txt" O4 - HKLM\..\RunOnce: [spybotDeletingA5586] command /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt" O4 - HKLM\..\RunOnce: [spybotDeletingC2468] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt" O4 - HKLM\..\RunOnce: [spybotDeletingA7281] command /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art" O4 - HKLM\..\RunOnce: [spybotDeletingC6047] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art" O4 - HKLM\..\RunOnce: [spybotDeletingA1186] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg" O4 - HKLM\..\RunOnce: [spybotDeletingC320] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg" O4 - HKLM\..\RunOnce: [spybotDeletingA5402] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg" O4 - HKLM\..\RunOnce: [spybotDeletingC6581] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg" O4 - HKLM\..\RunOnce: [spybotDeletingA3608] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg" O4 - HKLM\..\RunOnce: [spybotDeletingC8438] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg" O4 - HKLM\..\RunOnce: [spybotDeletingA3662] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg" O4 - HKLM\..\RunOnce: [spybotDeletingC2318] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg" O4 - HKLM\..\RunOnce: [spybotDeletingA660] command /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico" O4 - HKLM\..\RunOnce: [spybotDeletingC2364] cmd /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico" O4 - HKLM\..\RunOnce: [spybotDeletingA5031] command /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg" O4 - HKLM\..\RunOnce: [spybotDeletingC5699] cmd /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg" O4 - HKLM\..\RunOnce: [spybotDeletingA4410] command /c del "C:\WINDOWS\system32\zipfldr.dll_old" O4 - HKLM\..\RunOnce: [spybotDeletingC8972] cmd /c del "C:\WINDOWS\system32\zipfldr.dll_old" O4 - HKLM\..\RunOnce: [spybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [spybotDeletingB9678] command /c del "C:\Program Files\Everest Poker\casino.exe" O4 - HKCU\..\RunOnce: [spybotDeletingD4177] cmd /c del "C:\Program Files\Everest Poker\casino.exe" O4 - HKCU\..\RunOnce: [spybotDeletingB4827] command /c del "C:\Program Files\Everest Poker\gvcrt.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD8185] cmd /c del "C:\Program Files\Everest Poker\gvcrt.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB3852] command /c del "C:\Program Files\Everest Poker\gvmain.exe" O4 - HKCU\..\RunOnce: [spybotDeletingD365] cmd /c del "C:\Program Files\Everest Poker\gvmain.exe" O4 - HKCU\..\RunOnce: [spybotDeletingB6543] command /c del "C:\Program Files\Everest Poker\data\shared\en\country.txt" O4 - HKCU\..\RunOnce: [spybotDeletingD373] cmd /c del "C:\Program Files\Everest Poker\data\shared\en\country.txt" O4 - HKCU\..\RunOnce: [spybotDeletingB9242] command /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt" O4 - HKCU\..\RunOnce: [spybotDeletingD8566] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt" O4 - HKCU\..\RunOnce: [spybotDeletingB9760] command /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art" O4 - HKCU\..\RunOnce: [spybotDeletingD7781] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art" O4 - HKCU\..\RunOnce: [spybotDeletingB50] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg" O4 - HKCU\..\RunOnce: [spybotDeletingD805] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg" O4 - HKCU\..\RunOnce: [spybotDeletingB2191] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg" O4 - HKCU\..\RunOnce: [spybotDeletingD1096] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg" O4 - HKCU\..\RunOnce: [spybotDeletingB3152] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg" O4 - HKCU\..\RunOnce: [spybotDeletingD5084] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg" O4 - HKCU\..\RunOnce: [spybotDeletingB8484] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg" O4 - HKCU\..\RunOnce: [spybotDeletingD7586] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg" O4 - HKCU\..\RunOnce: [spybotDeletingB6786] command /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico" O4 - HKCU\..\RunOnce: [spybotDeletingD454] cmd /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico" O4 - HKCU\..\RunOnce: [spybotDeletingB5334] command /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg" O4 - HKCU\..\RunOnce: [spybotDeletingD8215] cmd /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg" O4 - HKCU\..\RunOnce: [spybotDeletingB1152] command /c del "C:\WINDOWS\system32\zipfldr.dll_old" O4 - HKCU\..\RunOnce: [spybotDeletingD8371] cmd /c del "C:\WINDOWS\system32\zipfldr.dll_old" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Startup: rncsys32.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: Download with Faster Downloader - C:\Program Files\PsykonikCorp\Faster Downloader\dl.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=www.google.fr O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1186048786656 O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe -- End of file - 15866 bytes