fenetre pub intempestive.

Dernière réponse : 30 Novembre 2006 15:39 dans Sécurité

ppic

29 Novembre 2006 18:46:49

bonjour a tous,

voila depuis deux trois jours, j'ai des pubs intempesive qui arrive toute les 2 minutes,
j'ai passé un coup de ad aware, spybot, mais rien n'y fait.
j'ai aussi supprimé les entrée bizarre trouvées avec hijackthis, mais le problème est tjs là.

voila le rapport blacklight:

11/29/06 19:12:39 [Info]: BlackLight Engine 1.0.47 initialized
11/29/06 19:12:39 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/29/06 19:12:39 [Note]: 7019 4
11/29/06 19:12:39 [Note]: 7005 0
11/29/06 19:12:42 [Note]: 7006 0
11/29/06 19:12:42 [Note]: 7011 380
11/29/06 19:12:43 [Note]: 7026 0
11/29/06 19:12:43 [Note]: 7026 0
11/29/06 19:12:43 [Note]: 7024 3
11/29/06 19:12:43 [Info]: Hidden process: C:\windows\system32\ghpqqsadbd.exe
11/29/06 19:12:43 [Note]: FSRAW library version 1.7.1020
11/29/06 19:13:33 [Note]: 4013 19093
11/29/06 19:13:33 [Note]: 4020 30577 2005204992
11/29/06 19:13:33 [Note]: 4018 30577 2005204992
11/29/06 19:13:33 [Note]: 4013 19093
11/29/06 19:13:33 [Note]: 4020 30577 2005204992
11/29/06 19:13:33 [Note]: 4018 30577 2005204992
11/29/06 19:13:41 [Note]: 4013 8118
11/29/06 19:13:41 [Note]: 4020 18311 1200095232
11/29/06 19:13:41 [Note]: 4018 18311 1200095232
11/29/06 19:13:41 [Note]: 4013 8118
11/29/06 19:13:41 [Note]: 4020 18311 1200095232
11/29/06 19:13:41 [Note]: 4018 18311 1200095232
11/29/06 19:13:42 [Note]: 4013 6392
11/29/06 19:13:42 [Note]: 4020 18311 1200095232
11/29/06 19:13:42 [Note]: 4018 18311 1200095232
11/29/06 19:13:42 [Note]: 4013 6392
11/29/06 19:13:42 [Note]: 4020 18311 1200095232
11/29/06 19:13:42 [Note]: 4018 18311 1200095232
11/29/06 19:13:46 [Note]: 4013 19090
11/29/06 19:13:46 [Note]: 4020 2912 228327424
11/29/06 19:13:46 [Note]: 4020 2912 228327424
11/29/06 19:13:46 [Note]: 4018 2912 228327424
11/29/06 19:13:46 [Note]: 4013 19090
11/29/06 19:13:46 [Note]: 4020 2912 228327424
11/29/06 19:13:46 [Note]: 4018 2912 228327424
11/29/06 19:13:49 [Note]: 4013 19108
11/29/06 19:13:49 [Note]: 4020 18314 1200291840
11/29/06 19:13:49 [Note]: 4020 18314 1200291840
11/29/06 19:13:49 [Note]: 4018 18314 1200291840
11/29/06 19:13:49 [Note]: 4013 19108
11/29/06 19:13:49 [Note]: 4020 18314 1200291840
11/29/06 19:13:49 [Note]: 4018 18314 1200291840
11/29/06 19:13:56 [Note]: 4013 19072
11/29/06 19:13:56 [Note]: 4020 2461 174456832
11/29/06 19:13:56 [Note]: 4020 2461 174456832
11/29/06 19:13:56 [Note]: 4018 2461 174456832
11/29/06 19:13:56 [Note]: 4013 19072
11/29/06 19:13:56 [Note]: 4020 2461 174456832
11/29/06 19:13:56 [Note]: 4018 2461 174456832
11/29/06 19:14:06 [Note]: 4013 19113
11/29/06 19:14:06 [Note]: 4020 30570 2021523456
11/29/06 19:14:06 [Note]: 4020 30570 2021523456
11/29/06 19:14:06 [Note]: 4018 30570 2021523456
11/29/06 19:14:06 [Note]: 4013 19113
11/29/06 19:14:06 [Note]: 4020 30570 2021523456
11/29/06 19:14:06 [Note]: 4018 30570 2021523456
11/29/06 19:14:15 [Note]: 4013 19071
11/29/06 19:14:15 [Note]: 4020 30571 2009006080
11/29/06 19:14:15 [Note]: 4020 30571 2009006080
11/29/06 19:14:15 [Note]: 4018 30571 2009006080
11/29/06 19:14:15 [Note]: 4013 19071
11/29/06 19:14:15 [Note]: 4020 30571 2009006080
11/29/06 19:14:15 [Note]: 4018 30571 2009006080
11/29/06 19:14:31 [Note]: 4014 51159
11/29/06 19:14:31 [Note]: 4026 51159
11/29/06 19:14:31 [Note]: 4027 51159 65536
11/29/06 19:14:31 [Note]: 4020 51139 65536
11/29/06 19:14:31 [Note]: 4018 51139 65536
11/29/06 19:14:33 [Info]: Hidden file: c:\Program Files\QuickTime\QTSystem\CoreVideo.Resources\nl.lproj\CoreVideoLocalized.qt
11/29/06 19:14:33 [Note]: 10002 3
11/29/06 19:14:33 [Note]: 10002 2
11/29/06 19:18:01 [Info]: Hidden file: c:\WINDOWS\Prefetch\GHPQQSADBD.EXE-10E666DD.pf
11/29/06 19:18:01 [Note]: 10002 1
11/29/06 19:18:45 [Info]: Hidden file: c:\WINDOWS\system32\ghpqqsadbd.dat
11/29/06 19:18:45 [Note]: 10002 1
11/29/06 19:18:46 [Info]: Hidden file: C:\windows\system32\ghpqqsadbd.exe
11/29/06 19:18:46 [Note]: 10002 1
11/29/06 19:18:46 [Info]: Hidden file: c:\WINDOWS\system32\ghpqqsadbd_nav.dat
11/29/06 19:18:46 [Note]: 10002 1
11/29/06 19:18:47 [Info]: Hidden file: c:\WINDOWS\system32\ghpqqsadbd_navps.dat
11/29/06 19:18:47 [Note]: 10002 1
11/29/06 19:18:48 [Note]: 4020 131 65536
11/29/06 19:18:48 [Note]: 4022 131
11/29/06 19:18:49 [Note]: 4020 153 65536
11/29/06 19:18:49 [Note]: 4018 153 65536
11/29/06 19:18:50 [Note]: 4020 207 65536
11/29/06 19:18:50 [Note]: 4018 207 65536
11/29/06 19:18:50 [Note]: 4020 207 65536
11/29/06 19:18:50 [Note]: 4018 207 65536
11/29/06 19:19:08 [Note]: 4020 593 65536
11/29/06 19:19:08 [Note]: 4022 593
11/29/06 19:19:08 [Note]: 4020 595 65536
11/29/06 19:19:08 [Note]: 4022 595
11/29/06 19:19:08 [Note]: 4020 609 65536
11/29/06 19:19:08 [Note]: 4022 609
11/29/06 19:19:08 [Note]: 4020 613 65536
11/29/06 19:19:08 [Note]: 4022 613
11/29/06 19:19:08 [Note]: 4020 615 65536
11/29/06 19:19:08 [Note]: 4018 615 65536
11/29/06 19:19:08 [Note]: 4020 615 65536
11/29/06 19:19:08 [Note]: 4018 615 65536
11/29/06 19:19:08 [Note]: 4020 615 65536
11/29/06 19:19:08 [Note]: 4018 615 65536
11/29/06 19:19:08 [Note]: 4020 615 65536
11/29/06 19:19:08 [Note]: 4018 615 65536
11/29/06 19:19:08 [Note]: 4020 615 65536
11/29/06 19:19:08 [Note]: 4018 615 65536
11/29/06 19:19:08 [Note]: 4020 615 65536
11/29/06 19:19:08 [Note]: 4018 615 65536
11/29/06 19:19:08 [Note]: 4020 615 65536
11/29/06 19:19:08 [Note]: 4018 615 65536
11/29/06 19:19:08 [Note]: 4020 615 65536
11/29/06 19:19:08 [Note]: 4018 615 65536
11/29/06 19:19:08 [Note]: 4020 615 65536
11/29/06 19:19:08 [Note]: 4018 615 65536
11/29/06 19:19:08 [Note]: 4020 615 65536
11/29/06 19:19:08 [Note]: 4018 615 65536
11/29/06 19:19:08 [Note]: 4020 615 65536
11/29/06 19:19:08 [Note]: 4018 615 65536
11/29/06 19:19:08 [Note]: 4020 615 65536
11/29/06 19:19:08 [Note]: 4018 615 65536
11/29/06 19:19:08 [Note]: 4020 615 65536
11/29/06 19:19:08 [Note]: 4018 615 65536
11/29/06 19:19:08 [Note]: 4020 615 65536
11/29/06 19:19:08 [Note]: 4018 615 65536
11/29/06 19:19:08 [Note]: 4020 625 65536
11/29/06 19:19:08 [Note]: 4022 625
11/29/06 19:19:08 [Note]: 4020 631 65536
11/29/06 19:19:08 [Note]: 4022 631
11/29/06 19:19:08 [Note]: 4020 633 65536
11/29/06 19:19:08 [Note]: 4022 633
11/29/06 19:19:08 [Note]: 4020 635 65536
11/29/06 19:19:08 [Note]: 4022 635
11/29/06 19:19:08 [Note]: 4020 635 65536
11/29/06 19:19:08 [Note]: 4022 635
11/29/06 19:19:08 [Note]: 4020 639 65536
11/29/06 19:19:08 [Note]: 4022 639
11/29/06 19:19:08 [Note]: 4020 641 65536
11/29/06 19:19:08 [Note]: 4022 641
11/29/06 19:19:08 [Note]: 4020 644 65536
11/29/06 19:19:08 [Note]: 4022 644
11/29/06 19:19:08 [Note]: 4020 646 65536
11/29/06 19:19:08 [Note]: 4022 646
11/29/06 19:19:08 [Note]: 4020 648 65536
11/29/06 19:19:08 [Note]: 4022 648
11/29/06 19:19:08 [Note]: 4020 650 65536
11/29/06 19:19:08 [Note]: 4022 650
11/29/06 19:19:08 [Note]: 4020 652 65536
11/29/06 19:19:08 [Note]: 4022 652
11/29/06 19:19:08 [Note]: 4020 660 65536
11/29/06 19:19:08 [Note]: 4022 660
11/29/06 19:19:08 [Note]: 4020 662 65536
11/29/06 19:19:08 [Note]: 4022 662
11/29/06 19:19:08 [Note]: 4020 662 65536
11/29/06 19:19:08 [Note]: 4022 662
11/29/06 19:19:08 [Note]: 4020 664 65536
11/29/06 19:19:08 [Note]: 4022 664
11/29/06 19:19:08 [Note]: 4020 666 65536
11/29/06 19:19:08 [Note]: 4022 666
11/29/06 19:19:08 [Note]: 4020 670 65536
11/29/06 19:19:08 [Note]: 4022 670
11/29/06 19:19:08 [Note]: 4020 672 65536
11/29/06 19:19:08 [Note]: 4022 672
11/29/06 19:19:08 [Note]: 4020 674 65536
11/29/06 19:19:08 [Note]: 4022 674
11/29/06 19:19:08 [Note]: 4020 676 65536
11/29/06 19:19:08 [Note]: 4022 676
11/29/06 19:19:08 [Note]: 4020 678 65536
11/29/06 19:19:08 [Note]: 4022 678
11/29/06 19:19:08 [Note]: 4020 680 65536
11/29/06 19:19:08 [Note]: 4022 680
11/29/06 19:19:08 [Note]: 4020 682 65536
11/29/06 19:19:08 [Note]: 4022 682
11/29/06 19:19:08 [Note]: 4020 684 65536
11/29/06 19:19:08 [Note]: 4022 684
11/29/06 19:19:08 [Note]: 4020 690 65536
11/29/06 19:19:08 [Note]: 4022 690
11/29/06 19:19:08 [Note]: 4020 692 65536
11/29/06 19:19:08 [Note]: 4022 692
11/29/06 19:19:08 [Note]: 4020 694 65536
11/29/06 19:19:08 [Note]: 4022 694
11/29/06 19:19:08 [Note]: 4020 698 65536
11/29/06 19:19:08 [Note]: 4022 698
11/29/06 19:19:08 [Note]: 4020 700 65536
11/29/06 19:19:08 [Note]: 4022 700
11/29/06 19:19:08 [Note]: 4020 702 65536
11/29/06 19:19:08 [Note]: 4022 702
11/29/06 19:19:08 [Note]: 4020 704 65536
11/29/06 19:19:08 [Note]: 4022 704
11/29/06 19:19:08 [Note]: 4020 706 65536
11/29/06 19:19:08 [Note]: 4022 706
11/29/06 19:19:08 [Note]: 4020 714 65536
11/29/06 19:19:08 [Note]: 4022 714
11/29/06 19:19:08 [Note]: 4020 716 65536
11/29/06 19:19:08 [Note]: 4022 716
11/29/06 19:19:08 [Note]: 4020 722 65536
11/29/06 19:19:08 [Note]: 4022 722
11/29/06 19:19:08 [Note]: 4020 724 65536
11/29/06 19:19:08 [Note]: 4022 724
11/29/06 19:19:08 [Note]: 4020 728 65536
11/29/06 19:19:08 [Note]: 4022 728
11/29/06 19:19:08 [Note]: 4020 734 65536
11/29/06 19:19:08 [Note]: 4022 734
11/29/06 19:19:08 [Note]: 4020 736 65536
11/29/06 19:19:08 [Note]: 4022 736
11/29/06 19:19:08 [Note]: 4020 738 65536
11/29/06 19:19:08 [Note]: 4022 738
11/29/06 19:19:08 [Note]: 4020 740 65536
11/29/06 19:19:08 [Note]: 4022 740
11/29/06 19:19:08 [Note]: 4020 742 65536
11/29/06 19:19:08 [Note]: 4022 742
11/29/06 19:19:08 [Note]: 4020 744 65536
11/29/06 19:19:08 [Note]: 4022 744
11/29/06 19:19:08 [Note]: 4020 746 65536
11/29/06 19:19:08 [Note]: 4022 746
11/29/06 19:19:08 [Note]: 4020 748 65536
11/29/06 19:19:08 [Note]: 4022 748
11/29/06 19:19:08 [Note]: 4020 750 65536
11/29/06 19:19:08 [Note]: 4022 750
11/29/06 19:19:08 [Note]: 4020 726 65536
11/29/06 19:19:08 [Note]: 4022 726
11/29/06 19:19:08 [Note]: 4020 668 65536
11/29/06 19:19:08 [Note]: 4022 668
11/29/06 19:19:08 [Note]: 4020 696 65536
11/29/06 19:19:08 [Note]: 4022 696
11/29/06 19:19:08 [Note]: 4020 816 65536
11/29/06 19:19:08 [Note]: 4022 816
11/29/06 19:19:08 [Note]: 4020 812 65536
11/29/06 19:19:08 [Note]: 4022 812
11/29/06 19:19:08 [Note]: 4020 838 65536
11/29/06 19:19:08 [Note]: 4022 838
11/29/06 19:19:08 [Note]: 4020 802 65536
11/29/06 19:19:08 [Note]: 4022 802
11/29/06 19:19:08 [Note]: 4020 804 65536
11/29/06 19:19:08 [Note]: 4022 804
11/29/06 19:19:08 [Note]: 4020 806 65536
11/29/06 19:19:08 [Note]: 4022 806
11/29/06 19:19:08 [Note]: 4020 808 65536
11/29/06 19:19:08 [Note]: 4022 808
11/29/06 19:19:08 [Note]: 4020 810 65536
11/29/06 19:19:08 [Note]: 4022 810
11/29/06 19:19:08 [Note]: 4020 814 65536
11/29/06 19:19:08 [Note]: 4022 814
11/29/06 19:19:08 [Note]: 4020 818 65536
11/29/06 19:19:08 [Note]: 4022 818
11/29/06 19:19:08 [Note]: 4020 820 65536
11/29/06 19:19:08 [Note]: 4022 820
11/29/06 19:19:08 [Note]: 4020 822 65536
11/29/06 19:19:08 [Note]: 4022 822
11/29/06 19:19:08 [Note]: 4020 830 65536
11/29/06 19:19:08 [Note]: 4022 830
11/29/06 19:19:08 [Note]: 4020 832 65536
11/29/06 19:19:08 [Note]: 4022 832
11/29/06 19:19:08 [Note]: 4020 834 65536
11/29/06 19:19:08 [Note]: 4022 834
11/29/06 19:19:08 [Note]: 4020 840 65536
11/29/06 19:19:08 [Note]: 4022 840
11/29/06 19:19:09 [Note]: 4020 844 65536
11/29/06 19:19:09 [Note]: 4022 844
11/29/06 19:19:09 [Note]: 4020 846 65536
11/29/06 19:19:09 [Note]: 4022 846
11/29/06 19:19:09 [Note]: 4020 848 65536
11/29/06 19:19:09 [Note]: 4022 848
11/29/06 19:19:09 [Note]: 4020 852 65536
11/29/06 19:19:09 [Note]: 4022 852
11/29/06 19:19:09 [Note]: 4020 854 65536
11/29/06 19:19:09 [Note]: 4022 854
11/29/06 19:19:09 [Note]: 4020 856 65536
11/29/06 19:19:09 [Note]: 4022 856
11/29/06 19:19:09 [Note]: 4020 858 65536
11/29/06 19:19:09 [Note]: 4022 858
11/29/06 19:19:09 [Note]: 4020 866 65536
11/29/06 19:19:09 [Note]: 4022 866
11/29/06 19:19:09 [Note]: 4020 884 65536
11/29/06 19:19:09 [Note]: 4022 884
11/29/06 19:19:09 [Note]: 4020 1131 65536
11/29/06 19:19:09 [Note]: 4022 1131
11/29/06 19:19:09 [Note]: 4020 1132 65536
11/29/06 19:19:09 [Note]: 4022 1132
11/29/06 19:19:09 [Note]: 4020 1133 65536
11/29/06 19:19:09 [Note]: 4022 1133
11/29/06 19:19:09 [Note]: 4020 1134 65536
11/29/06 19:19:09 [Note]: 4022 1134
11/29/06 19:19:09 [Note]: 4020 1135 65536
11/29/06 19:19:09 [Note]: 4022 1135
11/29/06 19:19:09 [Note]: 4020 1136 65536
11/29/06 19:19:09 [Note]: 4022 1136
11/29/06 19:19:09 [Note]: 4020 1137 65536
11/29/06 19:19:09 [Note]: 4022 1137
11/29/06 19:19:09 [Note]: 4020 1138 65536
11/29/06 19:19:09 [Note]: 4022 1138
11/29/06 19:19:09 [Note]: 4020 1140 65536
11/29/06 19:19:09 [Note]: 4022 1140
11/29/06 19:19:09 [Note]: 4020 1141 65536
11/29/06 19:19:09 [Note]: 4022 1141
11/29/06 19:19:09 [Note]: 4020 1142 65536
11/29/06 19:19:09 [Note]: 4022 1142
11/29/06 19:19:09 [Note]: 4020 1143 65536
11/29/06 19:19:09 [Note]: 4022 1143
11/29/06 19:19:09 [Note]: 4020 1144 65536
11/29/06 19:19:09 [Note]: 4022 1144
11/29/06 19:19:09 [Note]: 4020 1145 65536
11/29/06 19:19:09 [Note]: 4022 1145
11/29/06 19:19:10 [Note]: 4020 1146 65536
11/29/06 19:19:10 [Note]: 4022 1146
11/29/06 19:19:10 [Note]: 4020 1147 65536
11/29/06 19:19:10 [Note]: 4022 1147
11/29/06 19:19:10 [Note]: 4020 1148 65536
11/29/06 19:19:10 [Note]: 4022 1148
11/29/06 19:19:10 [Note]: 4020 1149 65536
11/29/06 19:19:10 [Note]: 4022 1149
11/29/06 19:19:10 [Note]: 4020 1150 65536
11/29/06 19:19:10 [Note]: 4022 1150
11/29/06 19:19:10 [Note]: 4020 1151 65536
11/29/06 19:19:10 [Note]: 4022 1151
11/29/06 19:19:10 [Note]: 4020 1152 65536
11/29/06 19:19:10 [Note]: 4022 1152
11/29/06 19:19:10 [Note]: 4020 1153 65536
11/29/06 19:19:10 [Note]: 4022 1153
11/29/06 19:19:10 [Note]: 4020 1154 65536
11/29/06 19:19:10 [Note]: 4022 1154
11/29/06 19:19:10 [Note]: 4020 1155 65536
11/29/06 19:19:10 [Note]: 4022 1155
11/29/06 19:19:10 [Note]: 4020 1156 65536
11/29/06 19:19:10 [Note]: 4022 1156
11/29/06 19:19:10 [Note]: 4020 1157 65536
11/29/06 19:19:10 [Note]: 4022 1157
11/29/06 19:19:10 [Note]: 4020 1158 65536
11/29/06 19:19:10 [Note]: 4022 1158
11/29/06 19:19:10 [Note]: 4020 1159 65536
11/29/06 19:19:10 [Note]: 4022 1159
11/29/06 19:19:10 [Note]: 4020 1160 65536
11/29/06 19:19:10 [Note]: 4022 1160
11/29/06 19:19:10 [Note]: 4020 1161 65536
11/29/06 19:19:10 [Note]: 4022 1161
11/29/06 19:19:10 [Note]: 4020 1162 65536
11/29/06 19:19:10 [Note]: 4022 1162
11/29/06 19:19:10 [Note]: 4020 1171 65536
11/29/06 19:19:10 [Note]: 4018 1171 65536
11/29/06 19:19:10 [Note]: 4020 1172 65536
11/29/06 19:19:10 [Note]: 4018 1172 65536
11/29/06 19:19:10 [Note]: 4020 1171 65536
11/29/06 19:19:10 [Note]: 4018 1171 65536
11/29/06 19:19:10 [Note]: 4020 1171 65536
11/29/06 19:19:10 [Note]: 4018 1171 65536
11/29/06 19:19:10 [Note]: 4020 1171 65536
11/29/06 19:19:10 [Note]: 4018 1171 65536
11/29/06 19:19:10 [Note]: 4020 1171 65536
11/29/06 19:19:10 [Note]: 4018 1171 65536
11/29/06 19:19:10 [Note]: 4020 1171 65536
11/29/06 19:19:10 [Note]: 4018 1171 65536
11/29/06 19:19:10 [Note]: 4020 1171 65536
11/29/06 19:19:10 [Note]: 4018 1171 65536
11/29/06 19:19:15 [Note]: 4020 1262 65536
11/29/06 19:19:15 [Note]: 4022 1262
11/29/06 19:19:20 [Note]: 4020 1339 65536
11/29/06 19:19:20 [Note]: 4018 1339 65536
11/29/06 19:19:20 [Note]: 4020 1339 65536
11/29/06 19:19:20 [Note]: 4018 1339 65536
11/29/06 19:19:20 [Note]: 4020 1339 65536
11/29/06 19:19:20 [Note]: 4018 1339 65536
11/29/06 19:19:20 [Note]: 4020 1344 65536
11/29/06 19:19:20 [Note]: 4018 1344 65536
11/29/06 19:19:20 [Note]: 4020 1344 65536
11/29/06 19:19:20 [Note]: 4018 1344 65536
11/29/06 19:19:30 [Note]: 4020 1477 65536
11/29/06 19:19:30 [Note]: 4018 1477 65536
11/29/06 19:19:30 [Note]: 4020 1477 65536
11/29/06 19:19:30 [Note]: 4018 1477 65536
11/29/06 19:19:30 [Note]: 4020 1477 65536
11/29/06 19:19:30 [Note]: 4018 1477 65536
11/29/06 19:19:30 [Note]: 4020 1477 65536
11/29/06 19:19:30 [Note]: 4018 1477 65536
11/29/06 19:19:30 [Note]: 4020 1477 65536
11/29/06 19:19:30 [Note]: 4018 1477 65536
11/29/06 19:19:30 [Note]: 4020 1477 65536
11/29/06 19:19:30 [Note]: 4018 1477 65536
11/29/06 19:19:30 [Note]: 4020 1477 65536
11/29/06 19:19:30 [Note]: 4018 1477 65536
11/29/06 19:19:30 [Note]: 4020 1477 65536
11/29/06 19:19:30 [Note]: 4018 1477 65536
11/29/06 19:19:30 [Note]: 4020 1477 65536
11/29/06 19:19:30 [Note]: 4018 1477 65536
11/29/06 19:19:30 [Note]: 4020 1477 65536
11/29/06 19:19:30 [Note]: 4018 1477 65536
11/29/06 19:19:30 [Note]: 4020 1477 65536
11/29/06 19:19:30 [Note]: 4018 1477 65536
11/29/06 19:19:30 [Note]: 4020 1477 65536
11/29/06 19:19:30 [Note]: 4018 1477 65536
11/29/06 19:19:30 [Note]: 4020 1477 65536
11/29/06 19:19:30 [Note]: 4018 1477 65536
11/29/06 19:19:30 [Note]: 4020 1477 65536
11/29/06 19:19:31 [Note]: 4018 1477 65536
11/29/06 19:19:31 [Note]: 4020 1477 65536
11/29/06 19:19:31 [Note]: 4018 1477 65536
11/29/06 19:19:37 [Note]: 4020 1478 65536
11/29/06 19:19:37 [Note]: 4018 1478 65536
11/29/06 19:19:42 [Note]: 4020 1478 65536
11/29/06 19:19:42 [Note]: 4018 1478 65536
11/29/06 19:20:03 [Note]: 4020 1478 65536
11/29/06 19:20:03 [Note]: 4018 1478 65536
11/29/06 19:20:03 [Note]: 4020 1478 65536
11/29/06 19:20:03 [Note]: 4018 1478 65536
11/29/06 19:20:03 [Note]: 4020 1478 65536
11/29/06 19:20:03 [Note]: 4018 1478 65536
11/29/06 19:20:03 [Note]: 4020 1478 65536
11/29/06 19:20:03 [Note]: 4018 1478 65536
11/29/06 19:20:04 [Note]: 4020 1478 65536
11/29/06 19:20:04 [Note]: 4018 1478 65536
11/29/06 19:20:05 [Note]: 4020 1478 65536
11/29/06 19:20:05 [Note]: 4018 1478 65536
11/29/06 19:20:05 [Note]: 4020 1478 65536
11/29/06 19:20:05 [Note]: 4018 1478 65536
11/29/06 19:20:05 [Note]: 4020 1478 65536
11/29/06 19:20:05 [Note]: 4018 1478 65536
11/29/06 19:20:05 [Note]: 4020 1478 65536
11/29/06 19:20:05 [Note]: 4018 1478 65536
11/29/06 19:20:05 [Note]: 4020 1478 65536
11/29/06 19:20:05 [Note]: 4018 1478 65536
11/29/06 19:20:05 [Note]: 4020 1478 65536
11/29/06 19:20:05 [Note]: 4018 1478 65536
11/29/06 19:20:05 [Note]: 4020 1478 65536
11/29/06 19:20:05 [Note]: 4018 1478 65536
11/29/06 19:20:06 [Note]: 4020 1478 65536
11/29/06 19:20:06 [Note]: 4018 1478 65536
11/29/06 19:20:06 [Note]: 4020 1478 65536
11/29/06 19:20:06 [Note]: 4018 1478 65536
11/29/06 19:20:06 [Note]: 4020 1478 65536
11/29/06 19:20:06 [Note]: 4018 1478 65536
11/29/06 19:20:06 [Note]: 4020 1478 65536
11/29/06 19:20:06 [Note]: 4018 1478 65536
11/29/06 19:20:06 [Note]: 4020 2159 65536
11/29/06 19:20:06 [Note]: 4022 2159
11/29/06 19:20:06 [Note]: 4020 2160 65536
11/29/06 19:20:06 [Note]: 4022 2160
11/29/06 19:20:06 [Note]: 4020 2161 65536
11/29/06 19:20:06 [Note]: 4022 2161
11/29/06 19:20:06 [Note]: 4020 2162 65536
11/29/06 19:20:06 [Note]: 4022 2162
11/29/06 19:20:06 [Note]: 4020 2163 65536
11/29/06 19:20:06 [Note]: 4022 2163
11/29/06 19:20:06 [Note]: 4020 2164 65536
11/29/06 19:20:06 [Note]: 4022 2164
11/29/06 19:20:06 [Note]: 4020 2165 65536
11/29/06 19:20:06 [Note]: 4022 2165
11/29/06 19:20:06 [Note]: 4020 2166 65536
11/29/06 19:20:06 [Note]: 4022 2166
11/29/06 19:20:06 [Note]: 4020 2167 65536
11/29/06 19:20:06 [Note]: 4022 2167
11/29/06 19:20:06 [Note]: 4020 2168 65536
11/29/06 19:20:06 [Note]: 4022 2168
11/29/06 19:20:06 [Note]: 4020 2169 65536
11/29/06 19:20:06 [Note]: 4022 2169
11/29/06 19:20:06 [Note]: 4020 2170 65536
11/29/06 19:20:06 [Note]: 4022 2170
11/29/06 19:20:06 [Note]: 4020 2171 65536
11/29/06 19:20:06 [Note]: 4022 2171
11/29/06 19:20:06 [Note]: 4020 2172 65536
11/29/06 19:20:06 [Note]: 4022 2172
11/29/06 19:20:06 [Note]: 4020 2173 65536
11/29/06 19:20:06 [Note]: 4022 2173
11/29/06 19:20:06 [Note]: 4020 2174 65536
11/29/06 19:20:06 [Note]: 4022 2174
11/29/06 19:20:07 [Note]: 4020 2175 65536
11/29/06 19:20:07 [Note]: 4022 2175
11/29/06 19:20:07 [Note]: 4020 2176 65536
11/29/06 19:20:07 [Note]: 4022 2176
11/29/06 19:20:07 [Note]: 4020 2177 65536
11/29/06 19:20:07 [Note]: 4022 2177
11/29/06 19:20:07 [Note]: 4020 2178 65536
11/29/06 19:20:07 [Note]: 4022 2178
11/29/06 19:20:07 [Note]: 4020 2179 65536
11/29/06 19:20:07 [Note]: 4022 2179
11/29/06 19:20:07 [Note]: 4020 2180 65536
11/29/06 19:20:07 [Note]: 4022 2180
11/29/06 19:20:07 [Note]: 4020 2181 65536
11/29/06 19:20:07 [Note]: 4022 2181
11/29/06 19:20:07 [Note]: 4020 2183 65536
11/29/06 19:20:07 [Note]: 4022 2183
11/29/06 19:20:07 [Note]: 4020 2184 65536
11/29/06 19:20:07 [Note]: 4022 2184
11/29/06 19:20:07 [Note]: 4020 2185 65536
11/29/06 19:20:07 [Note]: 4022 2185
11/29/06 19:20:07 [Note]: 4020 2186 65536
11/29/06 19:20:07 [Note]: 4022 2186
11/29/06 19:20:07 [Note]: 4020 2187 65536
11/29/06 19:20:07 [Note]: 4022 2187
11/29/06 19:20:07 [Note]: 4020 2188 65536
11/29/06 19:20:07 [Note]: 4022 2188
11/29/06 19:20:07 [Note]: 4020 2189 65536
11/29/06 19:20:07 [Note]: 4022 2189
11/29/06 19:20:07 [Note]: 4020 2190 65536
11/29/06 19:20:07 [Note]: 4022 2190
11/29/06 19:20:07 [Note]: 4020 2191 65536
11/29/06 19:20:07 [Note]: 4022 2191
11/29/06 19:20:07 [Note]: 4020 2192 65536
11/29/06 19:20:07 [Note]: 4022 2192
11/29/06 19:20:07 [Note]: 4020 2193 65536
11/29/06 19:20:07 [Note]: 4022 2193
11/29/06 19:20:07 [Note]: 4020 2194 65536
11/29/06 19:20:07 [Note]: 4022 2194
11/29/06 19:20:07 [Note]: 4020 2195 65536
11/29/06 19:20:07 [Note]: 4022 2195
11/29/06 19:20:07 [Note]: 4020 2196 65536
11/29/06 19:20:07 [Note]: 4022 2196
11/29/06 19:20:07 [Note]: 4020 2197 65536
11/29/06 19:20:07 [Note]: 4022 2197
11/29/06 19:20:07 [Note]: 4020 2198 65536
11/29/06 19:20:07 [Note]: 4022 2198
11/29/06 19:20:07 [Note]: 4020 2199 65536
11/29/06 19:20:07 [Note]: 4022 2199
11/29/06 19:20:07 [Note]: 4020 2200 65536
11/29/06 19:20:07 [Note]: 4022 2200
11/29/06 19:20:07 [Note]: 4020 2201 65536
11/29/06 19:20:07 [Note]: 4022 2201
11/29/06 19:20:07 [Note]: 4020 2202 65536
11/29/06 19:20:07 [Note]: 4022 2202
11/29/06 19:20:07 [Note]: 4020 2203 65536
11/29/06 19:20:07 [Note]: 4022 2203
11/29/06 19:20:07 [Note]: 4020 2204 65536
11/29/06 19:20:07 [Note]: 4022 2204
11/29/06 19:20:07 [Note]: 4020 2205 65536
11/29/06 19:20:07 [Note]: 4022 2205
11/29/06 19:20:07 [Note]: 4020 1478 65536
11/29/06 19:20:07 [Note]: 4018 1478 65536
11/29/06 19:20:07 [Note]: 4020 1478 65536
11/29/06 19:20:07 [Note]: 4018 1478 65536
11/29/06 19:20:07 [Note]: 4020 1478 65536
11/29/06 19:20:07 [Note]: 4018 1478 65536
11/29/06 19:20:07 [Note]: 4020 1478 65536
11/29/06 19:20:07 [Note]: 4018 1478 65536
11/29/06 19:20:09 [Note]: 4020 1478 65536
11/29/06 19:20:09 [Note]: 4018 1478 65536
11/29/06 19:20:09 [Note]: 4020 1478 65536
11/29/06 19:20:09 [Note]: 4018 1478 65536
11/29/06 19:20:09 [Note]: 4020 1478 65536
11/29/06 19:20:09 [Note]: 4018 1478 65536
11/29/06 19:21:09 [Note]: 4020 2411 65536
11/29/06 19:21:09 [Note]: 4022 2411
11/29/06 19:21:11 [Note]: 4020 2804 65536
11/29/06 19:21:11 [Note]: 4022 2804
11/29/06 19:21:11 [Note]: 4020 2805 65536
11/29/06 19:21:11 [Note]: 4022 2805
11/29/06 19:21:13 [Note]: 4020 2778 65536
11/29/06 19:21:13 [Note]: 4022 2778
11/29/06 19:21:17 [Note]: 4020 2814 65536
11/29/06 19:21:17 [Note]: 4022 2814
11/29/06 19:21:17 [Note]: 4020 2769 65536
11/29/06 19:21:17 [Note]: 4022 2769
11/29/06 19:21:24 [Note]: 4020 2801 65536
11/29/06 19:21:24 [Note]: 4022 2801
11/29/06 19:21:24 [Note]: 4020 2770 65536
11/29/06 19:21:24 [Note]: 4022 2770
11/29/06 19:21:24 [Note]: 4020 2763 65536
11/29/06 19:21:24 [Note]: 4022 2763
11/29/06 19:21:24 [Note]: 4020 2764 65536
11/29/06 19:21:24 [Note]: 4022 2764
11/29/06 19:21:24 [Note]: 4020 2765 65536
11/29/06 19:21:24 [Note]: 4022 2765
11/29/06 19:21:24 [Note]: 4020 2766 65536
11/29/06 19:21:24 [Note]: 4022 2766
11/29/06 19:21:24 [Note]: 4020 2767 65536
11/29/06 19:21:24 [Note]: 4022 2767
11/29/06 19:21:24 [Note]: 4020 2768 65536
11/29/06 19:21:24 [Note]: 4022 2768
11/29/06 19:21:24 [Note]: 4020 2771 65536
11/29/06 19:21:24 [Note]: 4022 2771
11/29/06 19:21:24 [Note]: 4020 2772 65536
11/29/06 19:21:24 [Note]: 4022 2772
11/29/06 19:21:24 [Note]: 4020 2773 65536
11/29/06 19:21:24 [Note]: 4022 2773
11/29/06 19:21:24 [Note]: 4020 2774 65536
11/29/06 19:21:24 [Note]: 4022 2774
11/29/06 19:21:24 [Note]: 4020 2775 65536
11/29/06 19:21:24 [Note]: 4022 2775
11/29/06 19:21:24 [Note]: 4020 2776 65536
11/29/06 19:21:24 [Note]: 4022 2776
11/29/06 19:21:24 [Note]: 4020 2777 65536
11/29/06 19:21:24 [Note]: 4022 2777
11/29/06 19:21:24 [Note]: 4020 2779 65536
11/29/06 19:21:24 [Note]: 4022 2779
11/29/06 19:21:24 [Note]: 4020 2780 65536
11/29/06 19:21:24 [Note]: 4022 2780
11/29/06 19:21:24 [Note]: 4020 2781 65536
11/29/06 19:21:24 [Note]: 4022 2781
11/29/06 19:21:24 [Note]: 4020 2782 65536
11/29/06 19:21:24 [Note]: 4022 2782
11/29/06 19:21:24 [Note]: 4020 2783 65536
11/29/06 19:21:24 [Note]: 4022 2783
11/29/06 19:21:24 [Note]: 4020 2784 65536
11/29/06 19:21:24 [Note]: 4022 2784
11/29/06 19:21:24 [Note]: 4020 2785 65536
11/29/06 19:21:24 [Note]: 4022 2785
11/29/06 19:21:24 [Note]: 4020 2803 65536
11/29/06 19:21:24 [Note]: 4022 2803
11/29/06 19:21:24 [Note]: 4020 2806 65536
11/29/06 19:21:24 [Note]: 4022 2806
11/29/06 19:21:24 [Note]: 4020 2807 65536
11/29/06 19:21:24 [Note]: 4022 2807
11/29/06 19:21:24 [Note]: 4020 2808 65536
11/29/06 19:21:24 [Note]: 4022 2808
11/29/06 19:21:24 [Note]: 4020 2809 65536
11/29/06 19:21:24 [Note]: 4022 2809
11/29/06 19:21:26 [Note]: 4020 2811 65536
11/29/06 19:21:26 [Note]: 4022 2811
11/29/06 19:21:26 [Note]: 4020 2812 65536
11/29/06 19:21:26 [Note]: 4022 2812
11/29/06 19:21:26 [Note]: 4020 2813 65536
11/29/06 19:21:26 [Note]: 4022 2813
11/29/06 19:21:26 [Note]: 4020 2815 65536
11/29/06 19:21:26 [Note]: 4022 2815
11/29/06 19:21:26 [Note]: 4020 2802 65536
11/29/06 19:21:26 [Note]: 4022 2802
11/29/06 19:21:26 [Note]: 4020 2810 65536
11/29/06 19:21:26 [Note]: 4022 2810
11/29/06 19:21:33 [Note]: 4020 3175 65536
11/29/06 19:21:33 [Note]: 4022 3175
11/29/06 19:21:38 [Note]: 4020 3176 65536
11/29/06 19:21:38 [Note]: 4022 3176
11/29/06 19:21:45 [Note]: 4020 3178 65536
11/29/06 19:21:45 [Note]: 4022 3178
11/29/06 19:21:45 [Note]: 4020 3186 65536
11/29/06 19:21:45 [Note]: 4022 3186
11/29/06 19:21:45 [Note]: 4020 3194 65536
11/29/06 19:21:45 [Note]: 4022 3194
11/29/06 19:21:45 [Note]: 4020 3177 65536
11/29/06 19:21:45 [Note]: 4022 3177
11/29/06 19:21:45 [Note]: 4020 3179 65536
11/29/06 19:21:45 [Note]: 4022 3179
11/29/06 19:21:45 [Note]: 4020 3180 65536
11/29/06 19:21:45 [Note]: 4022 3180
11/29/06 19:21:45 [Note]: 4020 3181 65536
11/29/06 19:21:45 [Note]: 4022 3181
11/29/06 19:21:45 [Note]: 4020 3182 65536
11/29/06 19:21:45 [Note]: 4022 3182
11/29/06 19:21:45 [Note]: 4020 3183 65536
11/29/06 19:21:45 [Note]: 4022 3183
11/29/06 19:21:45 [Note]: 4020 3184 65536
11/29/06 19:21:45 [Note]: 4022 3184
11/29/06 19:21:45 [Note]: 4020 3185 65536
11/29/06 19:21:45 [Note]: 4022 3185
11/29/06 19:21:45 [Note]: 4020 3187 65536
11/29/06 19:21:45 [Note]: 4022 3187
11/29/06 19:21:45 [Note]: 4020 3188 65536
11/29/06 19:21:45 [Note]: 4022 3188
11/29/06 19:21:45 [Note]: 4020 3189 65536
11/29/06 19:21:45 [Note]: 4022 3189
11/29/06 19:21:45 [Note]: 4020 3190 65536
11/29/06 19:21:45 [Note]: 4022 3190
11/29/06 19:21:45 [Note]: 4020 3191 65536
11/29/06 19:21:45 [Note]: 4022 3191
11/29/06 19:21:45 [Note]: 4020 3192 65536
11/29/06 19:21:45 [Note]: 4022 3192
11/29/06 19:21:45 [Note]: 4020 3193 65536
11/29/06 19:21:45 [Note]: 4022 3193
11/29/06 19:21:45 [Note]: 4020 3195 65536
11/29/06 19:21:45 [Note]: 4022 3195
11/29/06 19:21:45 [Note]: 4020 3196 65536
11/29/06 19:21:45 [Note]: 4022 3196
11/29/06 19:21:45 [Note]: 4020 3197 65536
11/29/06 19:21:45 [Note]: 4022 3197
11/29/06 19:23:03 [Note]: 4020 7050 65536
11/29/06 19:23:03 [Note]: 4018 7050 65536

voila le rapport hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 19:18:39, on 29/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\RemoteControlService.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\NB Probe\NBProbe.exe
C:\Program Files\ASUS\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ledBirdXP\ledBirdXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\ppic\Bureau\blbeta.exe
C:\Documents and Settings\ppic\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [NB Probe] C:\Program Files\ASUS\NB Probe\NBProbe.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\ASUS\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ledBirdXP] C:\Program Files\ledBirdXP\ledBirdXP.exe -autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: MultiFrame.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O15 - Trusted Zone: http://www.forom.net
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

merci a toute aide!

Autres pages sur : fenetre pub intempestive

| Etre averti des réponses
| Alerter

Répondre à ppic

Lassé par la pub ? Créez un compte

Angeldark

29 Novembre 2006 19:26:09

Bonsoir,

Infection Egdaccess.

Les manipulations sont à faire sans interruption et dans l'ordre
Si tu ne comprends pas quelque chose, demande des explications avant de commencer.

Enregistre cette page pour avoir accès à la procédure en mode sans échec :
- Fichier
- Enregistrer Sous...
- Nom du fichier : Procédure
- Type : Page Web, complète
- Pour l'emplacement, chosis ton Bureau
- Clique maintenant sur Enregistrer

Télécharge :

Brute Force Uninstaller (de Merjin).
Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)

Navipromo.zip et décompresse-le sur ton bureau.

FAIS UN CLIQUE-DROIT ICI et choisis "Enregistrer la cible sous..." afin de télécharger EGDACCESS.bfu (de Metallica). Sauvegarde-le dans le dossier créé (C:\BFU).
Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important).

Note : Si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers".

AIDE : Comment installer et utiliser BFU ?

Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.

Lance le fichier Navipromo.bat qui se trouve sur ton bureau dans le dossier Navipromo. Sélectionne l'option "Recherche et suppression automatique" en tapant sur la touche R.
S'il trouve quelque chose, tu verras défiler des lignes dans la fenêtre de commande et au bout de quelques instants, il faudra que tu appuies sur une touche pour que le nettoyage soit lancé.

Démarre "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)

- Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :

EGDACCESS.bfu

- Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\EGDACCESS.bfu

Clique sur Execute et laisse-le faire son travail.

Attends que Complete script execution apparaîsse pour cliquer sur OK.
Clique Exit pour fermer le programme BFU.

Redémarre normalement.

Poste les rapports :
- Hijackthis
- C:\egd.txt
- C:\Navipromo.txt

| Alerter

Répondre à Angeldark

ppic

29 Novembre 2006 22:18:31

voila voila !

- Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 23:09:06, on 29/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\ppic\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [NB Probe] C:\Program Files\ASUS\NB Probe\NBProbe.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\ASUS\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ledBirdXP] C:\Program Files\ledBirdXP\ledBirdXP.exe -autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: MultiFrame.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O15 - Trusted Zone: http://www.forom.net
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

- C:\egd.txt
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\\WINDOWS\\ATK0100\\HControl.exe"
"ASUS Live Update"="C:\\Program Files\\ASUS\\ASUS Live Update\\ALU.exe"
"NB Probe"="C:\\Program Files\\ASUS\\NB Probe\\NBProbe.exe"
"Wireless Console 2"="C:\\Program Files\\ASUS\\Wireless Console 2\\wcourier.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"RemoteControl"="\"C:\\Program Files\\ASUSTeK\\ASUSDVD\\PDVDServ.exe\""
"Power_Gear"="C:\\Program Files\\ASUS\\Power4 Gear\\BatteryLife.exe 1"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Control Center"="C:\\Program Files\\ASUS\\WLAN Card Utilities\\Center.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

- C:\Navipromo.txt
Rapport Navipromo.bat 0.5 effectué le 29/11/2006 à 21:33:26,68

** Recherche...

Fin du rapport de recherche
Adware Navipromo non trouvé avec cette méthode

-------------

Rapport Navipromo.bat 0.5 effectué le 29/11/2006 à 23:05:59,81

** Recherche...

1/ ghpqqsadbd trouvé, recherche de ghpqqsadbd*
C:\WINDOWS\system32\ghpqqsadbd.dat
C:\WINDOWS\system32\ghpqqsadbd.exe
C:\WINDOWS\system32\ghpqqsadbd_nav.dat
C:\WINDOWS\system32\ghpqqsadbd_navps.dat
C:\WINDOWS\prefetch\GHPQQSADBD.EXE-10E666DD.pf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ghpqqsadbd REG_SZ c:\windows\system32\ghpqqsadbd.exe ghpqqsadbd

------------------
Fin du rapport de recherche
Adware Navipromo trouvé 1 fois avec cette méthode

################################################

** Nettoyage...

1/ Déplacement de ghpqqsadbd* vers C:\Navipromo\Backups...
C:\Windows\System32\ghpqqsadbd* déplacé avec succès !
C:\WINDOWS\prefetch\ghpqqsadbd* déplacé avec succès

------------------
* Suppression clés et valeurs de registre
1 entrées de registre ont été nettoyées

* Backups :

C:\Navipromo\Backups\ARPCache.reg
C:\Navipromo\Backups\ghpqqsadbd.dat
C:\Navipromo\Backups\ghpqqsadbd.exe
C:\Navipromo\Backups\GHPQQSADBD.EXE-10E666DD.pf
C:\Navipromo\Backups\ghpqqsadbd_nav.dat
C:\Navipromo\Backups\ghpqqsadbd_navps.dat
C:\Navipromo\Backups\HKCURun.reg
C:\Navipromo\Backups\HKLMRun.reg
C:\Navipromo\Backups\Uninstall.reg

Ajout d'extension .off aux backups

## Fin du rapport de Suppression

voila donc!
mes problèmes semblent aux oubliettes, je te remercie grandement

| Alerter

Répondre à ppic

Angeldark

30 Novembre 2006 15:39:49

Re,

Supprime ce dossier :
C:\Navipromo\Backups\

Télécharge puis installe AVG Anti-Spyware (AVG AS)
Une fois AVG AS lancé, clique sur "Mise à jour"
Ferme le programme.
AIDE : Tuto sur Avg Antispyware (Malekal)

Redémarre en mode sans échec

Relance AVG AS puis choisis l'onglet "Analyse"
Puis l'onglet "Paramètres"
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

/!\ Si un fichier est infecté en fin d'analyse /!\
Clique sur "Appliquer toutes les actions "

Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.

Redémarre normalement
Copie/Colle le rapport AVG AS ainsi qu'un rapport Hijackthis.

| Alerter

Répondre à Angeldark

Lassé par la pub ? Créez un compte

Créer un nouveau sujet

Contenus similaires :

Tags :

service pack 2

Tom's guide dans le monde