bonjour.je ne parviens pas à me débarasser de "zheltaya_hernya" qui est une barre de menu jaune apparaissant dans ie...j'ai consulté sur ce forum mais le sujet n'est visiblement pas résolu...merci d'avance pour votre aide
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:44:17, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\WINDOWS\ASUSKBService.exe
H:\WINDOWS\ATKKBService.exe
H:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
H:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
H:\PROGRA~1\Grisoft\AVG7\avgemc.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\WINDOWS\system32\drivers\CDAC11BA.EXE
H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
H:\Program Files\Executive Software\Diskeeper\DkService.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\oodag.exe
H:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
H:\PROGRA~1\Grisoft\AVG7\avgcc.exe
H:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
H:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE
H:\WINDOWS\system32\WTablet\TabUserW.exe
H:\Program Files\Windows Desktop Search\WindowsSearch.exe
H:\Program Files\UTILS\YzToolbar\YzToolBar.exe
H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
H:\WINDOWS\system32\Tablet.exe
H:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
H:\PROGRA~1\Grisoft\AVG7\avgwa.dat
H:\WINDOWS\system32\SearchIndexer.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\BitComet\BitComet.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\HiJackThis\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bl111w.blu111.mail.live.com/mail ... 10&gs=true
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - H:\Program Files\P2P_Torrent\tbP2P_.dll
O2 - BHO: XTN Monitor - {0BB25A64-41B8-4051-A627-A8B9F2DA6FD2} - H:\WINDOWS\ddwlxtqowd.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - H:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - H:\Program Files\P2P_Torrent\tbP2P_.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - H:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar3.dll
O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - H:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - H:\Program Files\P2P_Torrent\tbP2P_.dll
O4 - HKLM\..\Run: [AVG7_CC] H:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [E06FXLRD_20758859] "H:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk.disabled
O4 - Global Startup: ATI CATALYST System Tray.lnk = H:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk.disabled
O4 - Global Startup: TabUserW.exe.lnk = H:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: VIA RAID TOOL.lnk.disabled
O4 - Global Startup: Windows Desktop Search.lnk = H:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: YzToolBar.lnk = H:\Program Files\UTILS\YzToolbar\YzToolBar.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &MSN Search - res://H:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Windows Live Search - res://H:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://H:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?dddd066220de4b3592eb2f3af44ab12a
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://H:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?dddd066220de4b3592eb2f3af44ab12a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - H:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Diminuer la page - {A0E6D3BD-A661-447D-8634-0751467857F3} - H:\Program Files\UTILS\EasyRead\ZoomOut.js (file missing)
O9 - Extra button: Agrandir la page - {AEBB571B-4C48-438D-808D-999F168CDECE} - H:\Program Files\UTILS\EasyRead\ZoomIn.js (file missing)
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - H:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - H:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - H:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O10 - Unknown file in Winsock LSP: h:\windows\system32\nwprovau.dll
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108w.bay108.mail.live.com/mail ... nPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.wistiti.fr/ImageUploader4.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://config.zebulon.fr/plugins/hardwaredetection.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://wisup.net/_plateforme/Upload/Aur ... ader35.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.wistiti.fr/ImageUploader4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager ... Plugin.CAB
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload-v5.streamload.com/Upload/XUpload.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: "H:\PROGRA~1\Google\Google Desktop Search\GOEC62~1.DLL"
O20 - Winlogon Notify: avgwlntf - H:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - H:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - H:\WINDOWS\ASUSKBService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - H:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - H:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - H:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - H:\WINDOWS\system32\oodag.exe
O23 - Service: Streamload Service (StreamloadService) - Streamload - H:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - H:\WINDOWS\system32\Tablet.exe
O23 - Service: wacomkey - Unknown owner - H:\WINDOWS\SYSTEM32\wacomkey.exe
O23 - Service: wintab32 - Unknown owner - H:\WINDOWS\SYSTEM32\wintab32.exe

--
End of file - 13048 bytes

Bonjour, je crois que les précédents sont partis sans répondre (ou ont reformaté).

Les toolbars sont souvent nuisibles, au mieux peu utiles. On va essayer de l'enlever avec cet outil automatique, sinon on s'en occupera à la main. Voici une première marche à suivre.

• Télécharge BTFix de Bibi26.
• Dézippe l'archive sur ton Bureau.
• Ouvre le dossier BTFix.
• Double clique sur BTFix.exe.
• Clique sur Rechercher.
• Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.

@ toute

BTFix 1.070 (par bibi26) - 17/01/2008 10:18:00 - Analyse
Lancé depuis H:\Documents and Settings\a---DAVID---\Bureau\BTFix\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés


---> Analyse terminée

Rien, on va faire autrement, tu as une infection par plusieurs saletés.

Tu as posté en double sur CommentCaMarche ? Attention à ne pas mélanger les instructions des uns et des autres, cela rend le travail très difficile !

Coche ces lignes dans HijackThis :
R3 - URLSearchHook: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - H:\Program Files\P2P_Torrent\tbP2P_.dll
O2 - BHO: XTN Monitor - {0BB25A64-41B8-4051-A627-A8B9F2DA6FD2} - H:\WINDOWS\ddwlxtqowd.dll
O2 - BHO: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - H:\Program Files\P2P_Torrent\tbP2P_.dll
O3 - Toolbar: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - H:\Program Files\P2P_Torrent\tbP2P_.dll
O4 - Global Startup: YzToolBar.lnk = H:\Program Files\UTILS\YzToolbar\YzToolBar.exe
O8 - Extra context menu item: &MSN Search - res://H:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://H:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?dddd066220de4b3592eb2f3af44ab12a
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://H:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?dddd066220de4b3592eb2f3af44ab12a

Puis, redémarre et poste un nouveau log HJT.

coche=fix?

coche, puis fais (en bas à gauche) "fix checked" pardon, j'ai sauté ma ligne.

et voici: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:19, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\WINDOWS\ASUSKBService.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\ATKKBService.exe
H:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
H:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
H:\PROGRA~1\Grisoft\AVG7\avgemc.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\WINDOWS\system32\drivers\CDAC11BA.EXE
H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
H:\Program Files\Executive Software\Diskeeper\DkService.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\oodag.exe
H:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
H:\PROGRA~1\Grisoft\AVG7\avgcc.exe
H:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
H:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE
H:\WINDOWS\system32\Tablet.exe
H:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
H:\WINDOWS\system32\WTablet\TabUserW.exe
H:\Program Files\Windows Desktop Search\WindowsSearch.exe
H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
H:\WINDOWS\system32\SearchIndexer.exe
H:\WINDOWS\system32\SearchProtocolHost.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\HiJackThis\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bl111w.blu111.mail.live.com/mail ... 10&gs=true
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - H:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - H:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar3.dll
O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - H:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AVG7_CC] H:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [E06FXLRD_20758859] "H:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk.disabled
O4 - Global Startup: ATI CATALYST System Tray.lnk = H:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk.disabled
O4 - Global Startup: TabUserW.exe.lnk = H:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: VIA RAID TOOL.lnk.disabled
O4 - Global Startup: Windows Desktop Search.lnk = H:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://H:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://H:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?dddd066220de4b3592eb2f3af44ab12a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - H:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Diminuer la page - {A0E6D3BD-A661-447D-8634-0751467857F3} - H:\Program Files\UTILS\EasyRead\ZoomOut.js (file missing)
O9 - Extra button: Agrandir la page - {AEBB571B-4C48-438D-808D-999F168CDECE} - H:\Program Files\UTILS\EasyRead\ZoomIn.js (file missing)
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - H:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - H:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - H:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O10 - Unknown file in Winsock LSP: h:\windows\system32\nwprovau.dll
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108w.bay108.mail.live.com/mail ... nPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.wistiti.fr/ImageUploader4.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://config.zebulon.fr/plugins/hardwaredetection.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://wisup.net/_plateforme/Upload/Aur ... ader35.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.wistiti.fr/ImageUploader4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager ... Plugin.CAB
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload-v5.streamload.com/Upload/XUpload.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: "H:\PROGRA~1\Google\Google Desktop Search\GOEC62~1.DLL"
O20 - Winlogon Notify: avgwlntf - H:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - H:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - H:\WINDOWS\ASUSKBService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - H:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - H:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - H:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - H:\WINDOWS\system32\oodag.exe
O23 - Service: Streamload Service (StreamloadService) - Streamload - H:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - H:\WINDOWS\system32\Tablet.exe
O23 - Service: wacomkey - Unknown owner - H:\WINDOWS\SYSTEM32\wacomkey.exe
O23 - Service: wintab32 - Unknown owner - H:\WINDOWS\SYSTEM32\wintab32.exe

--
End of file - 12107 bytes

Merci.
Toujours ce problème sous IE ?

merci pour votre aide...plus de prob.mais je vous laisse tout de m^m ceci pour une dernière vérif:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10:27, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\WINDOWS\ASUSKBService.exe
H:\WINDOWS\ATKKBService.exe
H:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
H:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
H:\PROGRA~1\Grisoft\AVG7\avgemc.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\WINDOWS\system32\drivers\CDAC11BA.EXE
H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
H:\Program Files\Executive Software\Diskeeper\DkService.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\oodag.exe
H:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
H:\PROGRA~1\Grisoft\AVG7\avgcc.exe
H:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
H:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE
H:\WINDOWS\system32\Tablet.exe
H:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
H:\WINDOWS\system32\SearchIndexer.exe
H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\WTablet\TabUserW.exe
H:\Program Files\Windows Desktop Search\WindowsSearch.exe
H:\WINDOWS\system32\SearchProtocolHost.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\HiJackThis\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bl111w.blu111.mail.live.com/mail ... 10&gs=true
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - H:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - H:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar3.dll
O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - H:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AVG7_CC] H:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [E06FXLRD_20758859] "H:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk.disabled
O4 - Global Startup: ATI CATALYST System Tray.lnk = H:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk.disabled
O4 - Global Startup: TabUserW.exe.lnk = H:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: VIA RAID TOOL.lnk.disabled
O4 - Global Startup: Windows Desktop Search.lnk = H:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://H:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://H:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?dddd066220de4b3592eb2f3af44ab12a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - H:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Diminuer la page - {A0E6D3BD-A661-447D-8634-0751467857F3} - H:\Program Files\UTILS\EasyRead\ZoomOut.js (file missing)
O9 - Extra button: Agrandir la page - {AEBB571B-4C48-438D-808D-999F168CDECE} - H:\Program Files\UTILS\EasyRead\ZoomIn.js (file missing)
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - H:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - H:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - H:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O10 - Unknown file in Winsock LSP: h:\windows\system32\nwprovau.dll
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108w.bay108.mail.live.com/mail ... nPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.wistiti.fr/ImageUploader4.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://config.zebulon.fr/plugins/hardwaredetection.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://wisup.net/_plateforme/Upload/Aur ... ader35.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.wistiti.fr/ImageUploader4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager ... Plugin.CAB
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload-v5.streamload.com/Upload/XUpload.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: "H:\PROGRA~1\Google\Google Desktop Search\GOEC62~1.DLL"
O20 - Winlogon Notify: avgwlntf - H:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - H:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - H:\WINDOWS\ASUSKBService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - H:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - H:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - H:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - H:\WINDOWS\system32\oodag.exe
O23 - Service: Streamload Service (StreamloadService) - Streamload - H:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - H:\WINDOWS\system32\Tablet.exe
O23 - Service: wacomkey - Unknown owner - H:\WINDOWS\SYSTEM32\wacomkey.exe
O23 - Service: wintab32 - Unknown owner - H:\WINDOWS\SYSTEM32\wintab32.exe

--
End of file - 12107 bytes

Impeccable, en effet c'est plus propre.
Reste que les fichiers sont encore là.


Fais un ZIP avec ces fichiers/dossiers stp :
H:\Program Files\P2P_Torrent\
H:\WINDOWS\ddwlxtqowd.dll
H:\Program Files\UTILS\YzToolbar\
Je te donne une adresse après pour l'envoyer.

Une fois zippés, efface à la main ces dossiers et/ou fichiers pour que le nettoyage soit complet.

Méfie toi des toolbars, surtout si elles accompagnent un programme et qu'il faut décocher pour ne pas les installer, la plupart sont publicitaires, et souvent elles sont infectieuses. Avec le P2P comme thème, il est très facile de se faire infecter.

Puisque tout semble aller bien, je t'invite donc à lire ceci, pour ne pas te faire réinfecter :
http://www.libellules.ch/phpBB2/prevention-comment-eviter-bien-des-infections-t24540.html
Et à jeter un oeil spécialement sur DropMyrights et StripMyrights, qui sont cités, et se trouvent sur le blog de ce site.
Voici également un tuto pour stripmyrights http://www.libellules.ch/phpBB2/strip-my-rights-t26176.html permettant de surfer sans les privilèges administrateur, ce qui réduit énormément le risque d'infections par le navigateur, sans embêter l'utilisateur plus que ça.

N'hésite pas à poser des questions, cette partie est aussi importante que le nettoyage.
Si tout se passe bien après, tu peux marquer résolu dans le titre (en éditant le premier post).

en ce qui concerne p2p_torrent il y avait un uninstal ce que j'ai donc fait

en ce qui concerne H:\WINDOWS\ddwlxtqowd.dll j'ai fais une fausse manip et win.m'a confirmé l'install...donc suite à un nouv scan ou je l'ai retroué en 02. je l'ai fixer!!!...ptre ne falait il pas?

en ce qui concerne H:\Program Files\UTILS\YzToolbar\ LE ZIP EST OK.

VOICI UN DERNIER LOG POUR VOIR.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:07, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\WINDOWS\ASUSKBService.exe
H:\WINDOWS\ATKKBService.exe
H:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
H:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
H:\PROGRA~1\Grisoft\AVG7\avgemc.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\WINDOWS\system32\drivers\CDAC11BA.EXE
H:\Program Files\Executive Software\Diskeeper\DkService.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\oodag.exe
H:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
H:\PROGRA~1\Grisoft\AVG7\avgcc.exe
H:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
H:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE
H:\WINDOWS\system32\Tablet.exe
H:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
H:\WINDOWS\system32\SearchIndexer.exe
H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
H:\WINDOWS\system32\WTablet\TabUserW.exe
H:\Program Files\Windows Desktop Search\WindowsSearch.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
H:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
H:\Program Files\HiJackThis\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bl111w.blu111.mail.live.com/mail ... 10&gs=true
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - H:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - H:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar3.dll
O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - H:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AVG7_CC] H:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [E06FXLRD_20758859] "H:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk.disabled
O4 - Global Startup: ATI CATALYST System Tray.lnk = H:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk.disabled
O4 - Global Startup: TabUserW.exe.lnk = H:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: VIA RAID TOOL.lnk.disabled
O4 - Global Startup: Windows Desktop Search.lnk = H:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://H:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://H:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://H:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?dddd066220de4b3592eb2f3af44ab12a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - H:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Diminuer la page - {A0E6D3BD-A661-447D-8634-0751467857F3} - H:\Program Files\UTILS\EasyRead\ZoomOut.js (file missing)
O9 - Extra button: Agrandir la page - {AEBB571B-4C48-438D-808D-999F168CDECE} - H:\Program Files\UTILS\EasyRead\ZoomIn.js (file missing)
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - H:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - H:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - H:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O10 - Unknown file in Winsock LSP: h:\windows\system32\nwprovau.dll
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108w.bay108.mail.live.com/mail ... nPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.wistiti.fr/ImageUploader4.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://config.zebulon.fr/plugins/hardwaredetection.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://wisup.net/_plateforme/Upload/Aur ... ader35.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.wistiti.fr/ImageUploader4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager ... Plugin.CAB
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload-v5.streamload.com/Upload/XUpload.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: "H:\PROGRA~1\Google\Google Desktop Search\GOEC62~1.DLL"
O20 - Winlogon Notify: avgwlntf - H:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - H:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - H:\WINDOWS\ASUSKBService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - H:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - H:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - H:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - H:\WINDOWS\system32\oodag.exe
O23 - Service: Streamload Service (StreamloadService) - Streamload - H:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - H:\WINDOWS\system32\Tablet.exe
O23 - Service: wacomkey - Unknown owner - H:\WINDOWS\SYSTEM32\wacomkey.exe
O23 - Service: wintab32 - Unknown owner - H:\WINDOWS\SYSTEM32\wintab32.exe

--
End of file - 12124 bytes

ca va.
As-tu zippé (avant désinstallation) le dossier p2p toolbar ?

Je veux vérifier quelque chose :

* Télécharge SmitFraudFix de S!Ri sur le bureau.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
* Décompresse totalité de l'archive smitfraudfix.zip dans un dossier dédié sur ton bureau.
* Double-clique sur smitfraudfix.cmd (il se peut que le .cmd ne soit pas visible)
* Choisis l'option 1 pour créer un rapport des fichiers responsables de l'infection.
* Poste le rapport sur le forum dans ta prochaine réponse.

Si process.exe est détecté par ton antivirus ou un autre logiciel, n'en tiens pas compte (choisis d'ignorer) et ne bloque pas le fichier, il sert à terminer des processus, d'où l'alerte émise par ces antivirus qui y voient un danger potentiel. (doc).

voici:
SmitFraudFix v2.274

Rapport fait à 17:38:11,54, 17/01/2008
Executé à partir de H:\Documents and Settings\a---DAVID---\Bureau\---SECURITE---\---PRIVACY---\SmitfraudFix\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\WINDOWS\ASUSKBService.exe
H:\WINDOWS\ATKKBService.exe
H:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
H:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
H:\PROGRA~1\Grisoft\AVG7\avgemc.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\WINDOWS\system32\drivers\CDAC11BA.EXE
H:\Program Files\Executive Software\Diskeeper\DkService.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\oodag.exe
H:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
H:\PROGRA~1\Grisoft\AVG7\avgcc.exe
H:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
H:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE
H:\WINDOWS\system32\Tablet.exe
H:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
H:\WINDOWS\system32\SearchIndexer.exe
H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
H:\WINDOWS\system32\WTablet\TabUserW.exe
H:\Program Files\Windows Desktop Search\WindowsSearch.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\HiJackThis\HiJackThis\HijackThis.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\WINDOWS\system32\SearchProtocolHost.exe
H:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» H:\


»»»»»»»»»»»»»»»»»»»»»»»» H:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» H:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» H:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» H:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» H:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» H:\Documents and Settings\a---DAVID---


»»»»»»»»»»»»»»»»»»»»»»»» H:\Documents and Settings\a---DAVID---\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» H:\DOCUME~1\A---DA~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» H:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="\"H:\\PROGRA~1\\Google\\Google Desktop Search\\GOEC62~1.DLL\""
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Copper RJ-45 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 82.216.111.121
DNS Server Search Order: 82.216.111.124
DNS Server Search Order: 82.216.111.122

HKLM\SYSTEM\CCS\Services\Tcpip\..\{51CFFC10-41FF-4B49-8438-4D6A19333354}: DhcpNameServer=82.216.111.121 82.216.111.124 82.216.111.122
HKLM\SYSTEM\CS1\Services\Tcpip\..\{51CFFC10-41FF-4B49-8438-4D6A19333354}: DhcpNameServer=85.68.0.7 85.68.0.8
HKLM\SYSTEM\CS2\Services\Tcpip\..\{51CFFC10-41FF-4B49-8438-4D6A19333354}: DhcpNameServer=81.220.255.4 80.236.0.74 80.236.0.73 80.236.0.68
HKLM\SYSTEM\CS3\Services\Tcpip\..\{51CFFC10-41FF-4B49-8438-4D6A19333354}: DhcpNameServer=82.216.111.121 82.216.111.124 82.216.111.122
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.121 82.216.111.124 82.216.111.122
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=85.68.0.7 85.68.0.8
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=81.220.255.4 80.236.0.74 80.236.0.73 80.236.0.68
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.121 82.216.111.124 82.216.111.122


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Ok, c'est clean. As-tu fait le zip du dossier p2p de la toolbar avant désinstallation ?

non excuse je pensai que la désinstall suffirai...houp! ...ou dois je envoyer le zip H:\Program Files\UTILS\YzToolbar

Ha dommage, bon tant pis.
Je te donne l'adresse par MP pour l'autre.

tout est ok merci ou precise t on que le prob.est résolu ?

Impeccable.

Pour marquer résolu, il faut éditer le tout premier post. Le titre devient modifiable.

Salut Falkra, moi j'ai aussi zheltaya_hernya et j'ai çà avec BTFix :

BTFix 1.071 (par bibi26) - 20/01/2008 11:17:58 - Analyse
Lancé depuis C:\Btfix\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés

- C:\DBBackup\
- C:\WINDOWS\Fonts\acrsecI.fon
- C:\WINDOWS\Fonts\acrsecB.fon
- C:\WINDOWS\Fonts\acrsec.fon
- C:\Program Files\Fichiers communs\WhenU\

---> Analyse terminée

Peux tu m'aider ? merci

Dans Explorer7 j'ai dans "outils" "barres d'outils" j'ai la barre d'outils : the enqvwkp est ce que c'est aussi zheltaya_hernya ?

Attends, là il y a un mélange, crée un sujet à part (un nouveau), et ajoute d'abord un log HijackThis, puis reposte le contenu. Ne demande pas à nettoyer, les .fon sont sans doute légitimes.

@ toute