search daily (résolu)

Bonjour,

Télécharge Gmer.
Dézippe le dans un dossier ou sur ton bureau.

Déconnecte toi d'Internet puis et ferme tous les programmes.
Double-clique sur Gmer.exe.

IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

Clique sur l'onglet rootkit.
A droite, coche Files et Services.
Clique maintenant sur Scan.

Lorsque le scan est terminé, clique sur Copy.

Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-12-08 22:35:01
Windows 5.1.2600 Service Pack 2


---- Files - GMER 1.0.13 ----

ADS C:\Documents and Settings\Chloé ORSINI\Local Settings\Application Data\Microsoft\Messenger\corsica_78@hotmail.com\SharingMetadata\aurel_6869@hotmail.com\DFSR\Staging\CS{D6867B08-B0AE-806B-224E-B19DA8B4AB2B}\01\33-{D6867B08-B0AE-806B-224E-B19DA8B4AB2B}-v1-{C0743621-790F-4617-A44E-44FCAA7EAB10}-v33-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Chloé ORSINI\Local Settings\Application Data\Microsoft\Messenger\corsica_78@hotmail.com\SharingMetadata\curie_oldschool@hotmail.fr\DFSR\Staging\CS{6D38576C-2294-7B87-2BCD-AC5DA67A12B6}\01\45-{6D38576C-2294-7B87-2BCD-AC5DA67A12B6}-v1-{C0743621-790F-4617-A44E-44FCAA7EAB10}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Chloé ORSINI\Local Settings\Application Data\Microsoft\Messenger\corsica_78@hotmail.com\SharingMetadata\fashiondu28@hotmail.fr\DFSR\Staging\CS{C72A496D-E3F8-B1C9-02A2-129EF32458DD}\01\29-{C72A496D-E3F8-B1C9-02A2-129EF32458DD}-v1-{C0743621-790F-4617-A44E-44FCAA7EAB10}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Chloé ORSINI\Local Settings\Application Data\Microsoft\Messenger\corsica_78@hotmail.com\SharingMetadata\krys78340@hotmail.fr\DFSR\Staging\CS{1C7F0D68-BFCC-85C1-0415-A176E80132DB}\01\12-{1C7F0D68-BFCC-85C1-0415-A176E80132DB}-v1-{C0743621-790F-4617-A44E-44FCAA7EAB10}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Chloé ORSINI\Local Settings\Application Data\Microsoft\Messenger\corsica_78@hotmail.com\SharingMetadata\krys78340@hotmail.fr\DFSR\Staging\CS{1C7F0D68-BFCC-85C1-0415-A176E80132DB}\14\14-{C0743621-790F-4617-A44E-44FCAA7EAB10}-v14-{C0743621-790F-4617-A44E-44FCAA7EAB10}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Chloé ORSINI\Local Settings\Application Data\Microsoft\Messenger\corsica_78@hotmail.com\SharingMetadata\krys78340@hotmail.fr\DFSR\Staging\CS{1C7F0D68-BFCC-85C1-0415-A176E80132DB}\14\14-{C0743621-790F-4617-A44E-44FCAA7EAB10}-v14-{C0743621-790F-4617-A44E-44FCAA7EAB10}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Chloé ORSINI\Local Settings\Application Data\Microsoft\Messenger\corsica_78@hotmail.com\SharingMetadata\krys78340@hotmail.fr\DFSR\Staging\CS{1C7F0D68-BFCC-85C1-0415-A176E80132DB}\14\14-{C0743621-790F-4617-A44E-44FCAA7EAB10}-v14-{C0743621-790F-4617-A44E-44FCAA7EAB10}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.3
ADS C:\Documents and Settings\Chloé ORSINI\Local Settings\Application Data\Microsoft\Messenger\corsica_78@hotmail.com\SharingMetadata\krys78340@hotmail.fr\DFSR\Staging\CS{1C7F0D68-BFCC-85C1-0415-A176E80132DB}\14\14-{C0743621-790F-4617-A44E-44FCAA7EAB10}-v14-{C0743621-790F-4617-A44E-44FCAA7EAB10}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Chloé ORSINI\Local Settings\Application Data\Microsoft\Messenger\corsica_78@hotmail.com\SharingMetadata\lelovelove@hotmail.fr\DFSR\Staging\CS{4944122F-3D79-A7ED-8D2F-F688226FBE38}\01\31-{4944122F-3D79-A7ED-8D2F-F688226FBE38}-v1-{C0743621-790F-4617-A44E-44FCAA7EAB10}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Chloé ORSINI\Local Settings\Application Data\Microsoft\Messenger\corsica_78@hotmail.com\SharingMetadata\louna782@hotmail.com\DFSR\Staging\CS{6EF2696A-85DF-083E-2868-009BD0EB7283}\01\21-{6EF2696A-85DF-083E-2868-009BD0EB7283}-v1-{C0743621-790F-4617-A44E-44FCAA7EAB10}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Chloé ORSINI\Local Settings\Application Data\Microsoft\Messenger\corsica_78@hotmail.com\SharingMetadata\mourad.91@hotmail.fr\DFSR\Staging\CS{6582E09B-8996-0413-51C8-AF6DA06183BF}\01\32-{6582E09B-8996-0413-51C8-AF6DA06183BF}-v1-{C0743621-790F-4617-A44E-44FCAA7EAB10}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Chloé ORSINI\Local Settings\Application Data\Microsoft\Messenger\corsica_78@hotmail.com\SharingMetadata\sox_93@hotmail.fr\DFSR\Staging\CS{3759A880-F481-5D74-1AEF-6A43A3C8293F}\01\20-{3759A880-F481-5D74-1AEF-6A43A3C8293F}-v1-{C0743621-790F-4617-A44E-44FCAA7EAB10}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Chloé ORSINI\Local Settings\Application Data\Microsoft\Messenger\corsica_78@hotmail.com\SharingMetadata\thewall_1@hotmail.fr\DFSR\Staging\CS{62060FDD-E56D-3E9A-6DFE-5A48EE4DAD29}\01\11-{62060FDD-E56D-3E9A-6DFE-5A48EE4DAD29}-v1-{C0743621-790F-4617-A44E-44FCAA7EAB10}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Chloé ORSINI\Local Settings\Application Data\Microsoft\Messenger\corsica_78@hotmail.com\SharingMetadata\thewall_1@hotmail.fr\DFSR\Staging\CS{62060FDD-E56D-3E9A-6DFE-5A48EE4DAD29}\50\22-{36909366-E36F-4F86-91A6-530A4163FA36}-v250-{C0743621-790F-4617-A44E-44FCAA7EAB10}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Chloé ORSINI\Local Settings\Application Data\Microsoft\Messenger\corsica_78@hotmail.com\SharingMetadata\thewall_1@hotmail.fr\DFSR\Staging\CS{62060FDD-E56D-3E9A-6DFE-5A48EE4DAD29}\50\22-{36909366-E36F-4F86-91A6-530A4163FA36}-v250-{C0743621-790F-4617-A44E-44FCAA7EAB10}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Chloé ORSINI\Local Settings\Application Data\Microsoft\Messenger\corsica_78@hotmail.com\SharingMetadata\thewall_1@hotmail.fr\DFSR\Staging\CS{62060FDD-E56D-3E9A-6DFE-5A48EE4DAD29}\52\23-{36909366-E36F-4F86-91A6-530A4163FA36}-v252-{C0743621-790F-4617-A44E-44FCAA7EAB10}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Chloé ORSINI\Local Settings\Application Data\Microsoft\Messenger\corsica_78@hotmail.com\SharingMetadata\thewall_1@hotmail.fr\DFSR\Staging\CS{62060FDD-E56D-3E9A-6DFE-5A48EE4DAD29}\52\23-{36909366-E36F-4F86-91A6-530A4163FA36}-v252-{C0743621-790F-4617-A44E-44FCAA7EAB10}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Chloé ORSINI\Local Settings\Application Data\Microsoft\Messenger\corsica_78@hotmail.com\SharingMetadata\tonyparker982@hotmail.com\DFSR\Staging\CS{E5DDE2B6-F6AF-7AC7-0AAB-48215872B425}\01\13-{E5DDE2B6-F6AF-7AC7-0AAB-48215872B425}-v1-{C0743621-790F-4617-A44E-44FCAA7EAB10}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Chloé ORSINI\Local Settings\Application Data\Microsoft\Messenger\corsica_78@hotmail.com\SharingMetadata\tonyparker982@hotmail.com\DFSR\Staging\CS{E5DDE2B6-F6AF-7AC7-0AAB-48215872B425}\59\30-{36909366-E36F-4F86-91A6-530A4163FA36}-v259-{C0743621-790F-4617-A44E-44FCAA7EAB10}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Chloé ORSINI\Local Settings\Application Data\Microsoft\Messenger\corsica_78@hotmail.com\SharingMetadata\tonyparker982@hotmail.com\DFSR\Staging\CS{E5DDE2B6-F6AF-7AC7-0AAB-48215872B425}\59\30-{36909366-E36F-4F86-91A6-530A4163FA36}-v259-{C0743621-790F-4617-A44E-44FCAA7EAB10}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Chloé ORSINI\Local Settings\Application Data\Microsoft\Messenger\corsica_78@hotmail.com\SharingMetadata\tonyparker982@hotmail.com\DFSR\Staging\CS{E5DDE2B6-F6AF-7AC7-0AAB-48215872B425}\65\29-{36909366-E36F-4F86-91A6-530A4163FA36}-v265-{20DD045F-02E2-48C5-B195-233830CB316B}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Chloé ORSINI\Local Settings\Application Data\Microsoft\Messenger\corsica_78@hotmail.com\SharingMetadata\winninours_2a@hotmail.fr\DFSR\Staging\CS{DF72B224-7B46-4CA2-2963-CB7D294B4435}\01\10-{DF72B224-7B46-4CA2-2963-CB7D294B4435}-v1-{C0743621-790F-4617-A44E-44FCAA7EAB10}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Jean Pierre ORSINI\Favoris\Outils\Ma-Config.com - Détecter sa configuration.url:favicon
ADS C:\Documents and Settings\Lucas Orsini\Favoris\Résultats de la recherche d:favicon

---- EOF - GMER 1.0.13 ----



voila ( merci beaucoup de m'aider )

Rien dans ce rapport.

Imprime ces instructions si nécessaire car il va y avoir un redémarrage de l'ordinateur.

Télécharge le FixWareout (LonnyRJones[/#f]) sur le Bureau.
**Si le lien ne fonctionne pas, clique [#ff0000]ici**

Lance le fix (FixWareout.exe), clique sur Next puis Install.
Assure-toi que Run fixit soit bien activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

Au final, poste le contenu du rapport C:\fixwareout\report.txt avec un nouveau rapport HijackThis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:46:56, on 09/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7CEFDA29-8241-4579-8E6F-93FA3FBD7DCD} - C:\WINDOWS\system32\d3dxo.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: dcads - {F173E53F-E042-49b6-BD46-983E93DA1B17} - C:\WINDOWS\system32\nsp1F.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Dcads Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Dcads Advanced Toolbar\toolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NI.UGESV_0001_N122M2811] "C:\Documents and Settings\Lucas Orsini\Bureau\setup_fr.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe /tray
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a64640a6788b444c8f55fa5cc263189d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a64640a6788b444c8f55fa5cc263189d
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7783 bytes

voila merci

Euh...le rapport FixWareout ?

Username "Lucas Orsini" - 09/12/2007 21:34:10 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Cache de résolution DNS vidé.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SoundMan"="SOUNDMAN.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"NI.UGESV_0001_N122M2811"="\"C:\\Documents and Settings\\Lucas Orsini\\Bureau\\setup_fr.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"ares"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"
"BitComet"="C:\\Program Files\\BitComet\\BitComet.exe /tray"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

Même redirection ?

oui

cela m'envoie toujours sur la page "seach daily " lors d'une recherche google

Ok  

Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.

11/12/2007 a 20:44:37,92

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files

On attaque  

Télécharge combofix.exe (par sUBs) sur ton Bureau.

Double clique combofix.exe.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

ComboFix 07-12-12.3 - Lucas Orsini 2007-12-12 13:48:38.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.597 [GMT 1:00]
Running from: C:\Documents and Settings\Lucas Orsini\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\WINDOWS\system32\nsp1F.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-12 to 2007-12-12 ))))))))))))))))))))))))))))))))))))
.

2007-12-12 12:53 . 2007-12-12 12:53 <REP> d-------- C:\WINDOWS\LastGood
2007-12-11 21:48 . 2007-12-11 21:48 <REP> d-------- C:\Documents and Settings\Chloé ORSINI\Application Data\HP
2007-12-11 20:44 . 2007-12-11 20:44 934,800 --a------ C:\upload_moi_MAISON-BIBLIO.tar.gz
2007-12-11 20:07 . 2007-12-11 20:07 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2007-12-11 17:19 . 2007-12-11 17:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-11 16:41 . 2007-12-11 16:41 59,219 --a------ C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
2007-12-10 19:47 . 2007-12-10 19:47 303,104 --a------ C:\WINDOWS\system32\dcads_sidebar.dll
2007-12-10 17:58 . 2007-12-10 17:58 <REP> d-------- C:\Program Files\MarkAny
2007-12-10 17:58 . 2007-12-10 17:58 <REP> d-------- C:\Documents and Settings\Lucas Orsini\Application Data\DataCast
2007-12-10 17:58 . 2007-11-20 15:36 118,784 --a------ C:\WINDOWS\system32\MaDRM.dll
2007-12-10 17:58 . 2007-11-20 15:36 44,544 --------- C:\WINDOWS\system32\msxml4a.dll
2007-12-10 17:57 . 2007-08-23 21:06 110,592 --a------ C:\WINDOWS\system32\TG_DUMP0708.DLL
2007-12-10 17:57 . 2007-11-20 15:35 40,960 --a------ C:\WINDOWS\system32\MAMACExtract.dll
2007-12-08 22:29 . 2007-12-08 22:29 250 --a------ C:\WINDOWS\gmer.ini
2007-12-08 09:25 . 2007-12-08 09:26 <REP> d-------- C:\Documents and Settings\Margaux Orsini\Application Data\AVG7
2007-12-07 16:59 . 2007-12-07 17:01 <REP> d-------- C:\Documents and Settings\Chloé ORSINI\Application Data\AVG7
2007-12-06 22:33 . 2007-12-08 08:34 <REP> d-------- C:\Documents and Settings\Lucas Orsini\Application Data\AVG7
2007-12-06 22:33 . 2007-12-06 22:33 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-06 22:33 . 2007-12-08 13:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-06 22:12 . 19,456 C:\WINDOWS\system32\drivers\zayfgwzl.dat
2007-12-06 15:37 . 2007-12-06 15:37 <REP> d-------- C:\Documents and Settings\Lucas Orsini\Application Data\MailWasherPro
2007-12-05 20:33 . 2004-08-05 13:00 68,608 --a------ C:\WINDOWS\system32\plugin.ocx
2007-12-05 20:33 . 2004-08-05 13:00 68,608 --a------ C:\WINDOWS\system32\dllcache\plugin.ocx
2007-12-05 20:27 . 2007-12-05 20:30 <REP> d-------- C:\Program Files\Hijackthis Version Française
2007-12-05 20:24 . 2007-12-05 20:24 <REP> d-------- C:\Program Files\Trend Micro
2007-12-05 20:17 . 2007-12-05 20:21 <REP> d-------- C:\Program Files\OutClock
2007-12-05 19:24 . 2007-12-05 19:24 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-05 18:08 . 2007-12-05 18:08 <REP> d-------- C:\Documents and Settings\Margaux Orsini\Application Data\Template
2007-12-05 12:50 . 2007-12-05 12:50 <REP> d-------- C:\Program Files\Fichiers communs\ReparateurDeSysteme
2007-12-05 12:50 . 2007-12-05 12:50 <REP> dr------- C:\Documents and Settings\All Users\Application Data\reparateurdesysteme
2007-12-05 12:46 . 2004-08-05 13:00 84,992 --a------ C:\WINDOWS\system32\d3dxo.dll
2007-12-01 15:59 . 2007-12-01 15:59 268 --ah----- C:\sqmdata07.sqm
2007-12-01 15:59 . 2007-12-01 15:59 244 --ah----- C:\sqmnoopt07.sqm
2007-12-01 15:46 . 2007-12-01 15:46 268 --ah----- C:\sqmdata06.sqm
2007-12-01 15:46 . 2007-12-01 15:46 244 --ah----- C:\sqmnoopt06.sqm
2007-11-30 23:47 . 2007-11-30 23:47 <REP> d-------- C:\Program Files\Windows Live Favorites
2007-11-30 19:32 . 2007-11-30 19:32 <REP> dr-h----- C:\Documents and Settings\Lucas Orsini\Application Data\SecuROM
2007-11-30 19:32 . 2007-11-30 19:32 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-11-30 18:50 . 2007-11-30 18:50 <REP> d-------- C:\Program Files\KONAMI
2007-11-28 17:50 . 2007-12-01 09:43 <REP> d-------- C:\Documents and Settings\Margaux Orsini\Contacts
2007-11-28 17:47 . 2007-12-05 18:10 <REP> d--h----- C:\Documents and Settings\Margaux Orsini\Voisinage réseau
2007-11-28 17:47 . 2007-11-16 20:12 <REP> d--h----- C:\Documents and Settings\Margaux Orsini\Voisinage d'impression
2007-11-28 17:47 . 2007-11-16 19:26 <REP> d--h----- C:\Documents and Settings\Margaux Orsini\Modèles
2007-11-28 17:47 . 2007-12-05 18:07 <REP> dr------- C:\Documents and Settings\Margaux Orsini\Mes documents
2007-11-28 17:47 . 2007-11-16 20:12 <REP> dr------- C:\Documents and Settings\Margaux Orsini\Menu Démarrer
2007-11-28 17:47 . 2007-12-08 09:25 <REP> dr------- C:\Documents and Settings\Margaux Orsini\Favoris
2007-11-28 17:47 . 2007-12-08 13:53 <REP> d-------- C:\Documents and Settings\Margaux Orsini\Bureau
2007-11-24 18:41 . 2007-11-24 18:41 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-11-24 18:41 . 2007-11-24 18:41 <REP> d-------- C:\Documents and Settings\Lucas Orsini\Application Data\AdobeUM
2007-11-22 16:22 . 2007-11-22 16:22 <REP> d-------- C:\Program Files\AtomixMP3
2007-11-21 19:39 . 2007-11-21 19:39 <REP> d-------- C:\Documents and Settings\Lucas Orsini\Application Data\Template
2007-11-20 18:18 . 2007-11-20 18:18 <REP> d-------- C:\Program Files\Dcads Advanced Toolbar
2007-11-20 18:18 . 2007-11-20 18:20 <REP> d-------- C:\Documents and Settings\Lucas Orsini\Application Data\Dcads Advanced Toolbar
2007-11-20 18:18 . 2007-12-01 11:10 80,118 --a------ C:\WINDOWS\system32\dcads-remove.exe
2007-11-20 18:18 . 2007-11-20 18:18 40,731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2007-11-20 18:02 . 2007-12-10 17:32 <REP> d-------- C:\Program Files\Incomplete
2007-11-20 18:01 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-19 18:52 . 2007-11-20 18:01 <REP> d-------- C:\Program Files\Java
2007-11-19 18:52 . 2007-11-19 18:52 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-11-19 18:51 . 2007-12-10 17:25 <REP> d-------- C:\Program Files\LimeWire
2007-11-19 17:49 . 2007-11-19 17:49 <REP> d-------- C:\Program Files\MSBuild
2007-11-19 17:45 . 2007-11-19 17:45 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2007-11-19 17:45 . 2007-11-19 17:45 <REP> d-------- C:\Program Files\Reference Assemblies
2007-11-19 17:44 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-11-18 15:23 . 2006-11-02 17:02 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2007-11-18 13:30 . 2007-11-18 13:30 <REP> d-------- C:\Documents and Settings\Lucas Orsini\Application Data\BitTorrent
2007-11-18 13:19 . 2007-11-18 13:19 <REP> d-------- C:\Downloads
2007-11-18 13:13 . 2007-11-18 13:13 <REP> d-------- C:\Documents and Settings\Lucas Orsini\Application Data\.BitTornado
2007-11-18 12:47 . 2007-11-18 12:56 <REP> d-------- C:\Documents and Settings\Lucas Orsini\Application Data\Azureus
2007-11-18 12:47 . 2007-11-18 12:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-11-18 11:38 . 2007-11-19 19:08 <REP> d-------- C:\Documents and Settings\Lucas Orsini\Incomplete
2007-11-18 11:38 . 2007-12-06 19:24 <REP> d-------- C:\Documents and Settings\Lucas Orsini\Application Data\LimeWire
2007-11-18 11:12 . 2007-11-18 11:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-11-18 11:10 . 2007-11-18 11:10 <REP> d-------- C:\Program Files\IVT Corporation
2007-11-18 11:10 . 2004-08-04 00:55 91,648 --a------ C:\WINDOWS\system32\drivers\kswdmcap.ax
2007-11-18 11:10 . 2004-08-04 00:55 61,952 --a------ C:\WINDOWS\system32\drivers\kstvtune.ax
2007-11-18 11:10 . 2004-08-04 00:54 54,784 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2007-11-18 11:10 . 2004-08-04 00:55 43,008 --a------ C:\WINDOWS\system32\drivers\ksxbar.ax
2007-11-18 11:10 . 2004-08-04 00:55 28,672 --a------ C:\WINDOWS\system32\drivers\vidcap.ax
2007-11-18 03:05 . 2007-11-18 03:05 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-18 03:01 . 2007-11-18 03:01 <REP> d-------- C:\Program Files\MSXML 4.0
2007-11-17 23:06 . 2007-11-17 23:06 <REP> d-------- C:\Documents and Settings\Chloé ORSINI\Application Data\vlc
2007-11-17 22:29 . 2007-11-17 23:16 <REP> d-------- C:\Documents and Settings\Chloé ORSINI\Contacts
2007-11-17 22:29 . 2007-11-17 23:16 <REP> d-------- C:\Documents and Settings\Chloé ORSINI\Contacts
2007-11-17 22:27 . 2007-11-16 20:12 <REP> d--h----- C:\Documents and Settings\Chloé ORSINI\Voisinage réseau
2007-11-17 22:27 . 2007-11-16 20:12 <REP> d--h----- C:\Documents and Settings\Chloé ORSINI\Voisinage réseau
2007-11-17 22:27 . 2007-11-16 20:12 <REP> d--h----- C:\Documents and Settings\Chloé ORSINI\Voisinage d'impression
2007-11-17 22:27 . 2007-11-16 20:12 <REP> d--h----- C:\Documents and Settings\Chloé ORSINI\Voisinage d'impression
2007-11-17 22:27 . 2007-11-16 19:26 <REP> d--h----- C:\Documents and Settings\Chloé ORSINI\Modèles
2007-11-17 22:27 . 2007-11-16 19:26 <REP> d--h----- C:\Documents and Settings\Chloé ORSINI\Modèles
2007-11-17 22:27 . 2007-12-11 21:48 <REP> dr------- C:\Documents and Settings\Chloé ORSINI\Mes documents
2007-11-17 22:27 . 2007-12-11 21:48 <REP> dr------- C:\Documents and Settings\Chloé ORSINI\Mes documents
2007-11-17 22:27 . 2007-11-16 20:12 <REP> dr------- C:\Documents and Settings\Chloé ORSINI\Menu Démarrer
2007-11-17 22:27 . 2007-11-16 20:12 <REP> dr------- C:\Documents and Settings\Chloé ORSINI\Menu Démarrer
2007-11-17 22:27 . 2007-12-11 21:18 <REP> dr------- C:\Documents and Settings\Chloé ORSINI\Favoris
2007-11-17 22:27 . 2007-12-11 21:18 <REP> dr------- C:\Documents and Settings\Chloé ORSINI\Favoris
2007-11-17 22:27 . 2007-12-08 13:53 <REP> d-------- C:\Documents and Settings\Chloé ORSINI\Bureau
2007-11-17 22:27 . 2007-12-08 13:53 <REP> d-------- C:\Documents and Settings\Chloé ORSINI\Bureau
2007-11-17 21:13 . 2007-11-17 21:13 <REP> d-------- C:\Program Files\uTorrent
2007-11-17 21:13 . 2007-12-02 19:17 <REP> d-------- C:\Documents and Settings\Lucas Orsini\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-06 21:26 --------- d-----w C:\Program Files\Google
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-18 12:28 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-18 12:13 --------- d-----w C:\Documents and Settings\Lucas Orsini\Application Data\.BitTornado
2007-11-17 19:54 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-11-16 19:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-11-16 19:27 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2007-11-16 19:27 --------- d-----w C:\Program Files\Fichiers communs\HP
2007-11-16 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2007-11-16 19:25 --------- d-----w C:\Program Files\HP
2007-11-16 19:25 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-16 19:25 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
2007-11-16 19:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-11-16 19:12 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-11-16 19:12 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-11-16 18:58 --------- d-----w C:\Program Files\Alwil Software
2007-11-16 18:32 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-16 18:28 --------- d-----w C:\Program Files\Services en ligne
2007-11-16 18:28 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
2007-12-10 19:47 303104 --a------ C:\WINDOWS\system32\dcads_sidebar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7CEFDA29-8241-4579-8E6F-93FA3FBD7DCD}]
2004-08-05 13:00 84992 --a------ C:\WINDOWS\system32\d3dxo.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"ares"="C:\Program Files\Ares\Ares.exe" []
"BitComet"="C:\Program Files\BitComet\BitComet.exe" []
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-05 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-06-01 10:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RunDLL32.exe" [2004-08-05 13:00 C:\WINDOWS\system32\rundll32.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"SoundMan"="SOUNDMAN.EXE" [2004-08-30 13:48 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"NI.UGESV_0001_N122M2811"="C:\Documents and Settings\Lucas Orsini\Bureau\setup_fr.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-07-16 17:33:36]
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]

R0 gbvckccu;gbvckccu;C:\WINDOWS\system32\drivers\zayfgwzl.dat
R3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys
R3 Cap7134;ProVideo Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
R3 PhTVTune;ProVideo WDM TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-11 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2007-12-12 11:51:15 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-12-12 12:05:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-12-11 19:38:00 C:\WINDOWS\Tasks\WebReg Photosmart 2570 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-12 13:51:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-12 13:52:26
.
2007-12-11 22:04:20 --- E O F ---


merci encore

Re,

[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

rapport combofix.txt:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vkquwexg

*******************

Script file located at: \??\C:\ComboFix\ComboDel.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File move operation C:\WINDOWS\system32\d3dxo.dll|C:\QooBox\Quarantine\C\WINDOWS\system32\d3dxo.dll.vir completed successfully.
File move operation C:\WINDOWS\system32\drivers\zayfgwzl.dat|C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\zayfgwzl.dat.vir completed successfully.


File C:\WINDOWS\system32\d3dxo.dll not found!
File move operation C:\WINDOWS\system32\d3dxo.dll|C:\QooBox\Quarantine\C\WINDOWS\system32\d3dxo.dll.vir failed!

Could not process line:
C:\WINDOWS\system32\d3dxo.dll|C:\QooBox\Quarantine\C\WINDOWS\system32\d3dxo.dll.vir
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\zayfgwzl.dat not found!
File move operation C:\WINDOWS\system32\drivers\zayfgwzl.dat|C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\zayfgwzl.dat.vir failed!

Could not process line:
C:\WINDOWS\system32\drivers\zayfgwzl.dat|C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\zayfgwzl.dat.vir
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

rapport hijackthis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:20, on 2007-12-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\HPZinw12.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7CEFDA29-8241-4579-8E6F-93FA3FBD7DCD} - C:\WINDOWS\system32\d3dxo.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {41C29B07-6F91-4966-91BE-2E2841643C83} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [combofix] "C:\WINDOWS\system32\cmd.exe" /c "cd /d C:\ComboFix\ & Combobatch.bat"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe /tray
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a64640a6788b444c8f55fa5cc263189d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a64640a6788b444c8f55fa5cc263189d
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7626 bytes

Euh...c'est pas le rapport Coimbofix ça...

ComboFix 07-12-12.3 - Lucas Orsini 2007-12-13 19:19:34.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.614 [GMT 1:00]
Running from: C:\Documents and Settings\Lucas Orsini\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Lucas Orsini\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\Lucas Orsini\Bureau\setup_fr.exe
C:\WINDOWS\system32\d3dxo.dll
C:\WINDOWS\system32\dcads_sidebar.dll
C:\WINDOWS\system32\drivers\zayfgwzl.dat
.

escuse moi

Pas complet.

ComboFix 07-12-12.3 - Lucas Orsini 2007-12-14 17:49:02.6 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.640 [GMT 1:00]
Running from: C:\Documents and Settings\Lucas Orsini\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Lucas Orsini\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\Lucas Orsini\Bureau\setup_fr.exe
C:\WINDOWS\system32\d3dxo.dll
C:\WINDOWS\system32\dcads_sidebar.dll
C:\WINDOWS\system32\drivers\zayfgwzl.dat
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data.\salesmonitor

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_GBVCKCCU
-------\gbvckccu




((((((((((((((((((((((((((((( Fichiers créés 2007-11-14 to 2007-12-14 ))))))))))))))))))))))))))))))))))))
.

2007-12-11 21:48 . 2007-12-11 21:48 <REP> d-------- C:\Documents and Settings\Chloé ORSINI\Application Data\HP
2007-12-11 20:07 . 2007-12-11 20:07 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2007-12-11 17:19 . 2007-12-11 17:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-11 16:41 . 2007-12-11 16:41 59,219 --a------ C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
2007-12-10 17:58 . 2007-12-10 17:58 <REP> d-------- C:\Program Files\MarkAny
2007-12-10 17:58 . 2007-12-10 17:58 <REP> d-------- C:\Documents and Settings\Lucas Orsini\Application Data\DataCast
2007-12-10 17:58 . 2007-11-20 15:36 118,784 --a------ C:\WINDOWS\system32\MaDRM.dll
2007-12-10 17:58 . 2007-11-20 15:36 44,544 --------- C:\WINDOWS\system32\msxml4a.dll
2007-12-10 17:57 . 2007-08-23 21:06 110,592 --a------ C:\WINDOWS\system32\TG_DUMP0708.DLL
2007-12-10 17:57 . 2007-11-20 15:35 40,960 --a------ C:\WINDOWS\system32\MAMACExtract.dll
2007-12-08 22:29 . 2007-12-08 22:29 250 --a------ C:\WINDOWS\gmer.ini
2007-12-08 09:25 . 2007-12-08 09:26 <REP> d-------- C:\Documents and Settings\Margaux Orsini\Application Data\AVG7
2007-12-07 16:59 . 2007-12-07 17:01 <REP> d-------- C:\Documents and Settings\Chloé ORSINI\Application Data\AVG7
2007-12-06 22:33 . 2007-12-08 08:34 <REP> d-------- C:\Documents and Settings\Lucas Orsini\Application Data\AVG7
2007-12-06 22:33 . 2007-12-06 22:33 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-06 22:33 . 2007-12-08 13:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-06 15:37 . 2007-12-06 15:37 <REP> d-------- C:\Documents and Settings\Lucas Orsini\Application Data\MailWasherPro
2007-12-05 20:27 . 2007-12-05 20:30 <REP> d-------- C:\Program Files\Hijackthis Version Française
2007-12-05 20:24 . 2007-12-05 20:24 <REP> d-------- C:\Program Files\Trend Micro
2007-12-05 20:17 . 2007-12-05 20:21 <REP> d-------- C:\Program Files\OutClock
2007-12-05 19:24 . 2007-12-05 19:24 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-05 18:08 . 2007-12-05 18:08 <REP> d-------- C:\Documents and Settings\Margaux Orsini\Application Data\Template
2007-12-05 12:50 . 2007-12-05 12:50 <REP> d-------- C:\Program Files\Fichiers communs\ReparateurDeSysteme
2007-12-05 12:50 . 2007-12-05 12:50 <REP> dr------- C:\Documents and Settings\All Users\Application Data\reparateurdesysteme
2007-12-01 15:59 . 2007-12-01 15:59 268 --ah----- C:\sqmdata07.sqm
2007-12-01 15:59 . 2007-12-01 15:59 244 --ah----- C:\sqmnoopt07.sqm
2007-12-01 15:46 . 2007-12-01 15:46 268 --ah----- C:\sqmdata06.sqm
2007-12-01 15:46 . 2007-12-01 15:46 244 --ah----- C:\sqmnoopt06.sqm
2007-11-30 23:47 . 2007-11-30 23:47 <REP> d-------- C:\Program Files\Windows Live Favorites
2007-11-30 19:32 . 2007-11-30 19:32 <REP> dr-h----- C:\Documents and Settings\Lucas Orsini\Application Data\SecuROM
2007-11-30 19:32 . 2007-11-30 19:32 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-11-30 18:50 . 2007-11-30 18:50 <REP> d-------- C:\Program Files\KONAMI
2007-11-28 17:50 . 2007-12-01 09:43 <REP> d-------- C:\Documents and Settings\Margaux Orsini\Contacts
2007-11-28 17:47 . 2007-12-05 18:10 <REP> d--h----- C:\Documents and Settings\Margaux Orsini\Voisinage réseau
2007-11-28 17:47 . 2007-11-16 20:12 <REP> d--h----- C:\Documents and Settings\Margaux Orsini\Voisinage d'impression
2007-11-28 17:47 . 2007-11-16 19:26 <REP> d--h----- C:\Documents and Settings\Margaux Orsini\Modèles
2007-11-28 17:47 . 2007-12-05 18:07 <REP> dr------- C:\Documents and Settings\Margaux Orsini\Mes documents
2007-11-28 17:47 . 2007-11-16 20:12 <REP> dr------- C:\Documents and Settings\Margaux Orsini\Menu Démarrer
2007-11-28 17:47 . 2007-12-08 09:25 <REP> dr------- C:\Documents and Settings\Margaux Orsini\Favoris
2007-11-28 17:47 . 2007-12-08 13:53 <REP> d-------- C:\Documents and Settings\Margaux Orsini\Bureau
2007-11-24 18:41 . 2007-11-24 18:41 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-11-24 18:41 . 2007-11-24 18:41 <REP> d-------- C:\Documents and Settings\Lucas Orsini\Application Data\AdobeUM
2007-11-22 16:22 . 2007-11-22 16:22 <REP> d-------- C:\Program Files\AtomixMP3
2007-11-21 19:39 . 2007-11-21 19:39 <REP> d-------- C:\Documents and Settings\Lucas Orsini\Application Data\Template
2007-11-20 18:18 . 2007-11-20 18:18 <REP> d-------- C:\Program Files\Dcads Advanced Toolbar
2007-11-20 18:18 . 2007-11-20 18:20 <REP> d-------- C:\Documents and Settings\Lucas Orsini\Application Data\Dcads Advanced Toolbar
2007-11-20 18:18 . 2007-12-01 11:10 80,118 --a------ C:\WINDOWS\system32\dcads-remove.exe
2007-11-20 18:18 . 2007-11-20 18:18 40,731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2007-11-20 18:02 . 2007-12-14 16:30 <REP> d-------- C:\Program Files\Incomplete
2007-11-20 18:01 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-19 18:52 . 2007-11-20 18:01 <REP> d-------- C:\Program Files\Java
2007-11-19 18:52 . 2007-11-19 18:52 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-11-19 18:51 . 2007-12-14 16:20 <REP> d-------- C:\Program Files\LimeWire
2007-11-19 17:49 . 2007-11-19 17:49 <REP> d-------- C:\Program Files\MSBuild
2007-11-19 17:45 . 2007-11-19 17:45 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2007-11-19 17:45 . 2007-11-19 17:45 <REP> d-------- C:\Program Files\Reference Assemblies
2007-11-19 17:44 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-11-18 15:23 . 2006-11-02 17:02 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2007-11-18 13:30 . 2007-11-18 13:30 <REP> d-------- C:\Documents and Settings\Lucas Orsini\Application Data\BitTorrent
2007-11-18 13:19 . 2007-11-18 13:19 <REP> d-------- C:\Downloads
2007-11-18 13:13 . 2007-11-18 13:13 <REP> d-------- C:\Documents and Settings\Lucas Orsini\Application Data\.BitTornado
2007-11-18 12:47 . 2007-11-18 12:56 <REP> d-------- C:\Documents and Settings\Lucas Orsini\Application Data\Azureus
2007-11-18 12:47 . 2007-11-18 12:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-11-18 11:38 . 2007-11-19 19:08 <REP> d-------- C:\Documents and Settings\Lucas Orsini\Incomplete
2007-11-18 11:38 . 2007-12-14 16:13 <REP> d-------- C:\Documents and Settings\Lucas Orsini\Application Data\LimeWire
2007-11-18 11:12 . 2007-11-18 11:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-11-18 11:10 . 2007-11-18 11:10 <REP> d-------- C:\Program Files\IVT Corporation
2007-11-18 11:10 . 2004-08-04 00:55 91,648 --a------ C:\WINDOWS\system32\drivers\kswdmcap.ax
2007-11-18 11:10 . 2004-08-04 00:55 61,952 --a------ C:\WINDOWS\system32\drivers\kstvtune.ax
2007-11-18 11:10 . 2004-08-04 00:54 54,784 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2007-11-18 11:10 . 2004-08-04 00:55 43,008 --a------ C:\WINDOWS\system32\drivers\ksxbar.ax
2007-11-18 11:10 . 2004-08-04 00:55 28,672 --a------ C:\WINDOWS\system32\drivers\vidcap.ax
2007-11-18 03:05 . 2007-11-18 03:05 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-18 03:01 . 2007-11-18 03:01 <REP> d-------- C:\Program Files\MSXML 4.0
2007-11-17 23:06 . 2007-11-17 23:06 <REP> d-------- C:\Documents and Settings\Chloé ORSINI\Application Data\vlc
2007-11-17 22:29 . 2007-11-17 23:16 <REP> d-------- C:\Documents and Settings\Chloé ORSINI\Contacts
2007-11-17 22:29 . 2007-11-17 23:16 <REP> d-------- C:\Documents and Settings\Chloé ORSINI\Contacts
2007-11-17 22:27 . 2007-11-16 20:12 <REP> d--h----- C:\Documents and Settings\Chloé ORSINI\Voisinage réseau
2007-11-17 22:27 . 2007-11-16 20:12 <REP> d--h----- C:\Documents and Settings\Chloé ORSINI\Voisinage réseau
2007-11-17 22:27 . 2007-11-16 20:12 <REP> d--h----- C:\Documents and Settings\Chloé ORSINI\Voisinage d'impression
2007-11-17 22:27 . 2007-11-16 20:12 <REP> d--h----- C:\Documents and Settings\Chloé ORSINI\Voisinage d'impression
2007-11-17 22:27 . 2007-11-16 19:26 <REP> d--h----- C:\Documents and Settings\Chloé ORSINI\Modèles
2007-11-17 22:27 . 2007-11-16 19:26 <REP> d--h----- C:\Documents and Settings\Chloé ORSINI\Modèles
2007-11-17 22:27 . 2007-12-11 21:48 <REP> dr------- C:\Documents and Settings\Chloé ORSINI\Mes documents
2007-11-17 22:27 . 2007-12-11 21:48 <REP> dr------- C:\Documents and Settings\Chloé ORSINI\Mes documents
2007-11-17 22:27 . 2007-11-16 20:12 <REP> dr------- C:\Documents and Settings\Chloé ORSINI\Menu Démarrer
2007-11-17 22:27 . 2007-11-16 20:12 <REP> dr------- C:\Documents and Settings\Chloé ORSINI\Menu Démarrer
2007-11-17 22:27 . 2007-12-11 21:18 <REP> dr------- C:\Documents and Settings\Chloé ORSINI\Favoris
2007-11-17 22:27 . 2007-12-11 21:18 <REP> dr------- C:\Documents and Settings\Chloé ORSINI\Favoris
2007-11-17 22:27 . 2007-12-08 13:53 <REP> d-------- C:\Documents and Settings\Chloé ORSINI\Bureau
2007-11-17 22:27 . 2007-12-08 13:53 <REP> d-------- C:\Documents and Settings\Chloé ORSINI\Bureau
2007-11-17 21:13 . 2007-11-17 21:13 <REP> d-------- C:\Program Files\uTorrent
2007-11-17 21:13 . 2007-12-02 19:17 <REP> d-------- C:\Documents and Settings\Lucas Orsini\Application Data\uTorrent
2007-11-17 21:02 . 2007-11-17 21:06 990 --a------ C:\WINDOWS\eReg.dat
2007-11-17 20:55 . 2007-11-17 20:55 <REP> d-------- C:\Program Files\EA GAMES
2007-11-17 20:45 . 2007-11-17 21:12 <REP> d-------- C:\Program Files\MyFree Codec
2007-11-17 20:39 . 2007-11-17 20:39 <REP> d-------- C:\Program Files\Samsung
2007-11-17 20:38 . 2007-11-17 20:38 <REP> d-------- C:\Program Files\Sony Ericsson
2007-11-17 20:23 . 2007-11-17 20:23 2,286 --a------ C:\WINDOWS\wizard.log_20071124_18_51_02
2007-11-17 20:20 . 2007-11-17 20:20 <REP> d-------- C:\Program Files\CONEXANT

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-06 21:26 --------- d-----w C:\Program Files\Google
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-18 12:13 --------- d-----w C:\Documents and Settings\Lucas Orsini\Application Data\.BitTornado
2007-11-17 19:54 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-11-16 19:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-11-16 19:27 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2007-11-16 19:27 --------- d-----w C:\Program Files\Fichiers communs\HP
2007-11-16 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2007-11-16 19:25 --------- d-----w C:\Program Files\HP
2007-11-16 19:25 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-16 19:25 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
2007-11-16 19:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-11-16 19:12 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-11-16 19:12 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-11-16 18:58 --------- d-----w C:\Program Files\Alwil Software
2007-11-16 18:32 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-16 18:28 --------- d-----w C:\Program Files\Services en ligne
2007-11-16 18:28 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"ares"="C:\Program Files\Ares\Ares.exe" []
"BitComet"="C:\Program Files\BitComet\BitComet.exe" []
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-05 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-06-01 10:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RunDLL32.exe" [2004-08-05 13:00 C:\WINDOWS\system32\rundll32.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"SoundMan"="SOUNDMAN.EXE" [2004-08-30 13:48 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-07-16 17:33:36]
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]

R3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys
R3 Cap7134;ProVideo Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
R3 PhTVTune;ProVideo WDM TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-13 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2007-12-14 16:47:29 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-12-14 13:05:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-12-11 19:38:00 C:\WINDOWS\Tasks\WebReg Photosmart 2570 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-14 17:51:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-14 17:52:31
.
2007-12-14 12:44:37 --- E O F ---


je galere

C'est pas mieux ?

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic

oui sa marche !! je ne sais pas comment vous remercier c'est tres simpa   merci!

Lé rapport ?

voila pour le scan d'antiVir



AntiVir PersonalEdition Classic
Report file date: samedi 15 décembre 2007 09:02

Scanning for 972845 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: MAISON-BIBLIO

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 08:01:30
ANTIVIR2.VDF : 7.0.1.96 2048 Bytes 14/12/2007 08:01:30
ANTIVIR3.VDF : 7.0.1.98 4096 Bytes 14/12/2007 08:01:30
AVEWIN32.DLL : 7.6.0.45 3084800 Bytes 15/12/2007 08:01:31
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 15 décembre 2007 09:02

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'hprblog.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'hpqimzone.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'BTNtService.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'BlueSoleil.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
42 processes with 42 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '31' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\qoobox\Quarantine\C\WINDOWS\system32\d3dxo.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{0A8D4667-272C-4DEC-BC5B-D8441F717E9B}\RP10\A0002040.dll
[DETECTION] Is the Trojan horse TR/Spy.Agent.208896
[INFO] The file was deleted!
C:\System Volume Information\_restore{0A8D4667-272C-4DEC-BC5B-D8441F717E9B}\RP11\A0002109.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!


End of the scan: samedi 15 décembre 2007 09:51
Used time: 49:42 min

The scan has been done completely.

4923 Scanning directories
178128 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
3 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
178125 Files not concerned
1017 Archives were scanned
1 Warnings
0 Notes

Reposte un rapport Hijackthis  

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:18:46, on 15/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\LUCASO~1\LOCALS~1\Temp\Rar$EX00.813\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {41C29B07-6F91-4966-91BE-2E2841643C83} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe /tray
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a64640a6788b444c8f55fa5cc263189d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a64640a6788b444c8f55fa5cc263189d
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8153 bytes

Encore des soucis ?

nan pas pour l'instant merci beaucoup  

Ok  

Télécharge ToolsCleaner sur ton Bureau.

Clique sur Recherche et laisse le scan se terminer.

Clique sur Suppression pour finaliser.

Clique sur Quitter, pour que le rapport puisse se créer.

Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)

Désactive puis réactive la restauration du système : Voir aide

Ajoute maintenant [Résolu] au titre. Pour cela :
* Clique, dans ton premier message, sur le bouton "Editer"
* Rajoute la mention [Résolu] au titre
* Clique ensuite sur "Valider votre message"

Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :

-->- Recherche:

C:\Documents and Settings\Lucas Orsini\Recent\HijackThis.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\WINDOWS\Gmer.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\Lucas Orsini\Recent\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\WINDOWS\Gmer.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Bon surf