Bonjour


Télécharge HijackThis v1.99.1
http://pchelpbordeaux.free.fr/logiciels.html
Tutorial
http://pchelpbordeaux.free.fr/tuto.html
Démo en image
http://perso.orange.fr/rginformati [...] hijack.htm

Fais un scan et poste l'analyse ici.

Re


Tu as deux antivirus, Norton et Avast. Il en faut un seul, il y a risque de conflit. Supprime en un.


$$ Télécharge
SDFix sur ton bureau
http://downloads.andymanchesta.com [...] /SDFix.exe

clean.zip
http://www.malekal.com/download/clean.zip
Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.


$$ Redémarre en mode sans échec.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.


$$ Ouvre le dossier Clean qui se trouve sur ton bureau, et double-clic sur clean.cmd.
Choisis l'option 2
Enregistre le rapport une fois le scan terminé


$$ Double clique sur SDFix.exe et choisis Install
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
Tape Y pour lancer le script.
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire
Presse une touche pour redémarrer

Le PC va mettre du temps avant de démarrer, presse une touche lorsque "Finished" s'affiche

Ouvre le dossier SDFix et copie/colle ici le contenu du fichier "Report.txt" avec le rapport qui se trouve ici C:\rapport_clean.txt et un nouveau HijackThis.

Re, Voici le rapport SDFix:

SDFix: Version 1.85

Run by HP_Propri%u201Ataire - 03/06/2007 - 11:11:59,37

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service

Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\-38959~1 - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\0exinjs.a9.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\2exinjs.a9.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\3exinjs.a9.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\4exinjs.a9.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\5exinjs.a9.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\6exinjs.a9.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\8exinjs.a9.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\9exinjs.a9.exe - Deleted
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\injs.a9.exe.conf - Deleted

Removing Temp Files...

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL France"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Dassault Systemes\\B16\\intel_a\\code\\bin\\CNEXT.exe"="C:\\Program Files\\Dassault Systemes\\B16\\intel_a\\code\\bin\\CNEXT.exe:*:Enabled:CATIA"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Wolfram Research\\Mathematica\\5.2\\Mathematica.exe"="C:\\Program Files\\Wolfram Research\\Mathematica\\5.2\\Mathematica.exe:*:Enabled:Mathematica 5.2 for Students"
"C:\\Program Files\\Wolfram Research\\Mathematica\\5.2\\MathKernel.exe"="C:\\Program Files\\Wolfram Research\\Mathematica\\5.2\\MathKernel.exe:*:Enabled:Mathematica 5.2 for Students Kernel"
"C:\\Program Files\\Wolfram Research\\Mathematica\\5.2\\math.exe"="C:\\Program Files\\Wolfram Research\\Mathematica\\5.2\\math.exe:*:Enabled:math.exe"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\Program Files\\NeverwinterNights\\NWN\\nwmain.exe"="C:\\Program Files\\NeverwinterNights\\NWN\\nwmain.exe:*:Enabled:Neverwinter Nights"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Dassault Systemes\\B15\\intel_a\\code\\bin\\orbixd.exe"="C:\\Program Files\\Dassault Systemes\\B15\\intel_a\\code\\bin\\orbixd.exe:*:Enabledrbixd"
"C:\\Program Files\\Dassault Systemes\\B15\\intel_a\\code\\bin\\CNEXT.exe"="C:\\Program Files\\Dassault Systemes\\B15\\intel_a\\code\\bin\\CNEXT.exe:*:Enabled:CATIA"
"C:\\Program Files\\EA GAMES\\La Bataille pour la Terre du Milieu(tm)\\game.dat"="C:\\Program Files\\EA GAMES\\La Bataille pour la Terre du Milieu(tm)\\game.dat:*:Enabled:La Bataille pour la Terre du Milieu(tm)"
"C:\\Program Files\\EA GAMES\\La Bataille pour la Terre du Milieu(tm)\\patchget.dat"="C:\\Program Files\\EA GAMES\\La Bataille pour la Terre du Milieu(tm)\\patchget.dat:*:Enabledatchgrabber"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\4exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\4exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\47exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\47exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\17exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\17exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\40exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\40exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\58exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\58exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\98exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\98exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\63exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\63exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\81exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\81exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\19exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\19exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\8exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\8exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\27exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\27exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\67exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\67exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\78exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\78exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\2exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\2exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\72exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\72exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\49exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\49exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\77exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\77exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\76exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\76exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\20exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\20exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\28exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\28exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\32exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\32exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\44exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\44exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\37exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\37exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\74exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\74exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\51exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\51exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\59exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\59exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\87exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\87exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\66exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\66exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\36exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\36exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\38exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\38exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\11exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\11exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\69exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\69exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\71exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\71exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\30exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\30exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\34exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\34exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\21exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\21exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\57exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\57exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\15exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\15exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\5exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\5exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\56exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\56exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\97exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\97exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\23exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\23exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\39exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\39exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\65exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\65exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\84exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\84exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\99exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\99exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\24exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\24exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\13exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\13exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\60exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\60exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\18exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\18exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\35exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\35exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\92exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\92exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\62exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\62exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\70exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\70exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\88exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\88exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\3exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\3exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\96exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\96exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\33exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\33exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\91exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\91exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\14exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\14exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\48exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\48exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\22exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\22exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\90exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\90exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\50exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\50exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\31exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\31exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\10exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\10exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\68exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\68exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\41exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\41exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\43exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\43exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\75exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\75exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\26exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\26exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\61exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\61exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\6exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\6exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\25exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\25exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\45exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\45exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\9exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\9exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\54exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\54exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\0exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\0exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\52exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\52exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\64exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\64exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\73exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\73exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\94exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\94exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\93exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\93exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\53exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\53exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\55exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\55exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\12exinjs.a9.exe"="C:\\DOCUME~1\\HP_PRO~1\\LOCALS~1\\Temp\\12exinjs.a9.exe:*:Enabled:Microsoft Update"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\Program Files\Canon\MP Navigator 2.0\uinstrsc.dll
C:\Program Files\Microsoft Works Suite 2005\Setup\mnyinsta.dll
C:\Program Files\Microsoft Works Suite 2005\Setup\setuplng.dll
C:\Program Files\Canon\MP Navigator 2.0\Maint.exe
C:\Program Files\Microsoft Works Suite 2005\Setup\launcher.exe
C:\Program Files\Microsoft Works Suite 2005\Setup\RmvSuite.exe
C:\Program Files\Microsoft Works Suite 2005\Setup\unregwtr.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\HP_Propri%u201Ataire\Mes documents\Ma musique\iTunes\iTunes Music\Downloads\Podcasts\RUE DES ENTREPRENEURS 17.03.2007 _ F.tmp\AlbumArtSmall.jpg
C:\Documents and Settings\HP_Propri%u201Ataire\Mes documents\Ma musique\iTunes\iTunes Music\Downloads\Podcasts\RUE DES ENTREPRENEURS 17.03.2007 _ F.tmp\Folder.jpg
C:\Documents and Settings\HP_Propri%u201Ataire\Mes documents\Ma musique\iTunes\iTunes Music\Downloads\Podcasts\RUE DES ENTREPRENEURS 24.03.2007 _ F.tmp\AlbumArtSmall.jpg
C:\Documents and Settings\HP_Propri%u201Ataire\Mes documents\Ma musique\iTunes\iTunes Music\Downloads\Podcasts\RUE DES ENTREPRENEURS 24.03.2007 _ F.tmp\Folder.jpg
C:\Documents and Settings\HP_Propri%u201Ataire\Mes documents\SAUV\Documents and Settings\HP_Propri%u201Ataire\Mes documents\SAUVEGARDE\~WRL3602.tmp

Finished

Et voici le rapport Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 11:26:55, on 03/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dassault Systemes\B15\intel_a\code\bin\CATSysDemon.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {C7C7152F-6E85-44F3-A14B-A7F85FDDEA3B} (InstallerCtrl Class) - http://v7.e-tmm.com/bin/tol7inst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B15\intel_a\code\bin\CATSysDemon.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

Bonsoir


Hijackthis est propre, il reste des lignes inutiles et des morceaux de Norton.

Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer.


1 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.


2 Relance un scan HijackThis et coche les lignes ci-dessous :

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »


3 Tu clique sur Démarrer puis Exécuter, tu tapes services.msc et tu cliques sur OK.

Dans la liste des services, cherche et sélectionne
"France Telecom Routing Table Service" / double clique sur la ligne
/ vérifie dans Chemin d'accès des fichiers exécutables qu'il
s'agit bien de "C:\WINDOWS\System32\FTRTSVC.exe " / dans Type de démarrage,
sélectionne Désactiver / valide la modification.

Recommence avec

LiveUpdate et C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

Planificateur LiveUpdate automatique et C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

SymWMI Service (SymWSC) et c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe


4 Désinstalle ces applications (si tu les trouves) dans Ajout-Suppression de programmes :

Symantec


5 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :

C:\Program Files\Symantec
c:\Program Files\Fichiers communs\Symantec Shared


6 Lance le nettoyage avec CCleaner.


7 Redémarre normalement


8 Fais une analyse antivirus en ligne sur Kaspersky
http://webscanner.kaspersky.fr/
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse.
Colle son rapport ici.

Re, je dois poster qqch ? un scan Hijackthis ?

Re, Aucun des trois ne marche ...
Sur "http://webscanner.kaspersky.fr/" il faut apparement télécharger qqch (une version d'essais ... )
Sur "http://www.bitdefender.fr/scan8/ie.html" j'ai bien suivis ta méthode des ActiveX mais il me met un message d'erreur concernant les ActiveX ...
Enfin, sur "http://www.pandasoftware.com/activ [...] ncipal.htm", Avast! me bloque le scan à 50% en me disant qu'il s'agit d'un virus ...

Bref je n'arrive pas à scanner Online mon PC, pourtant Avast! ne m'affiche plus de "Cheval de Troie/Vers"
Dit moi si je dois reposter qqch, merci

Bonjour,

Pour le moment je n'ai plus de dysfonctionement, j'espère que ça va continuer. Merci pour ton aide en tout cas ! Je te tiens au courant.
Bonne continuation

De rien


alguno

Il faut créer ton propre post, cela évite les confusions.