spyware pénible

Bonjour,

Quels sont tes symptômes ?

Hé bien j'ai des fenêtres publicitaire qui apparaissent quand je navigue sur internet par lot de 3 4 assez réguliérement. de plus (mais je sais pas si c'est le même probléme) c'est assez rare mais ça m'arrive depuis un ou 2 mois, mon ordinateur se déconnecte d'internet et me renvoi sur la page d'accueil windows sauf que je n'ai plus un seul icone visible, donc je dois redémarer mon ordi. mais je crois pas qu'il y est un rapport entre ces deux causes.

enfin voila merci a toi pour ta réponse

Re,

Télécharge Gmer.
Dézippe le dans un dossier ou sur ton bureau.

Déconnecte toi d'Internet puis et ferme tous les programmes.
Double-clique sur Gmer.exe.

IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

Clique sur l'onglet rootkit.
A droite, coche Files et Services.
Clique maintenant sur Scan.

Lorsque le scan est terminé, clique sur Copy.

Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.

alors voici ce que j'ai obtenu (etrange olechaux un amis ?????? enfin je croyais lol)


GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2008-01-04 15:24:59
Windows 5.1.2600 Service Pack 2


---- Files - GMER 1.0.13 ----

ADS C:\Documents and Settings\Le Tacon\Local Settings\Application Data\Microsoft\Messenger\tom.letacon@hotmail.fr\SharingMetadata\olechaux@yahoo.fr\DFSR\Staging\CS{5621E9E0-0DD7-CBE4-04FA-EC67902E2BAD}\01\10-{5621E9E0-0DD7-CBE4-04FA-EC67902E2BAD}-v1-{94ED59C3-1730-49AD-8153-5FF40AF5B99E}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Le Tacon\Local Settings\Application Data\Microsoft\Messenger\tom.letacon@hotmail.fr\SharingMetadata\olechaux@yahoo.fr\DFSR\Staging\CS{5621E9E0-0DD7-CBE4-04FA-EC67902E2BAD}\11\11-{94ED59C3-1730-49AD-8153-5FF40AF5B99E}-v11-{94ED59C3-1730-49AD-8153-5FF40AF5B99E}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Le Tacon\Local Settings\Application Data\Microsoft\Messenger\tom.letacon@hotmail.fr\SharingMetadata\olechaux@yahoo.fr\DFSR\Staging\CS{5621E9E0-0DD7-CBE4-04FA-EC67902E2BAD}\11\11-{94ED59C3-1730-49AD-8153-5FF40AF5B99E}-v11-{94ED59C3-1730-49AD-8153-5FF40AF5B99E}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Le Tacon\Local Settings\Application Data\Microsoft\Messenger\tom.letacon@hotmail.fr\SharingMetadata\olechaux@yahoo.fr\DFSR\Staging\CS{5621E9E0-0DD7-CBE4-04FA-EC67902E2BAD}\11\11-{94ED59C3-1730-49AD-8153-5FF40AF5B99E}-v11-{94ED59C3-1730-49AD-8153-5FF40AF5B99E}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.3
ADS C:\Documents and Settings\Le Tacon\Local Settings\Application Data\Microsoft\Messenger\tom.letacon@hotmail.fr\SharingMetadata\olechaux@yahoo.fr\DFSR\Staging\CS{5621E9E0-0DD7-CBE4-04FA-EC67902E2BAD}\11\11-{94ED59C3-1730-49AD-8153-5FF40AF5B99E}-v11-{94ED59C3-1730-49AD-8153-5FF40AF5B99E}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Le Tacon\Local Settings\Application Data\Microsoft\Messenger\tom.letacon@hotmail.fr\SharingMetadata\olechaux@yahoo.fr\DFSR\Staging\CS{5621E9E0-0DD7-CBE4-04FA-EC67902E2BAD}\12\12-{94ED59C3-1730-49AD-8153-5FF40AF5B99E}-v12-{94ED59C3-1730-49AD-8153-5FF40AF5B99E}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Le Tacon\Local Settings\Application Data\Microsoft\Messenger\tom.letacon@hotmail.fr\SharingMetadata\olechaux@yahoo.fr\DFSR\Staging\CS{5621E9E0-0DD7-CBE4-04FA-EC67902E2BAD}\12\12-{94ED59C3-1730-49AD-8153-5FF40AF5B99E}-v12-{94ED59C3-1730-49AD-8153-5FF40AF5B99E}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Le Tacon\Local Settings\Application Data\Microsoft\Messenger\tom.letacon@hotmail.fr\SharingMetadata\olechaux@yahoo.fr\DFSR\Staging\CS{5621E9E0-0DD7-CBE4-04FA-EC67902E2BAD}\13\13-{94ED59C3-1730-49AD-8153-5FF40AF5B99E}-v13-{94ED59C3-1730-49AD-8153-5FF40AF5B99E}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Le Tacon\Local Settings\Application Data\Microsoft\Messenger\tom.letacon@hotmail.fr\SharingMetadata\olechaux@yahoo.fr\DFSR\Staging\CS{5621E9E0-0DD7-CBE4-04FA-EC67902E2BAD}\13\13-{94ED59C3-1730-49AD-8153-5FF40AF5B99E}-v13-{94ED59C3-1730-49AD-8153-5FF40AF5B99E}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Le Tacon\Local Settings\Application Data\Microsoft\Messenger\tom.letacon@hotmail.fr\SharingMetadata\olechaux@yahoo.fr\DFSR\Staging\CS{5621E9E0-0DD7-CBE4-04FA-EC67902E2BAD}\14\14-{94ED59C3-1730-49AD-8153-5FF40AF5B99E}-v14-{94ED59C3-1730-49AD-8153-5FF40AF5B99E}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Le Tacon\Local Settings\Application Data\Microsoft\Messenger\tom.letacon@hotmail.fr\SharingMetadata\olechaux@yahoo.fr\DFSR\Staging\CS{5621E9E0-0DD7-CBE4-04FA-EC67902E2BAD}\14\14-{94ED59C3-1730-49AD-8153-5FF40AF5B99E}-v14-{94ED59C3-1730-49AD-8153-5FF40AF5B99E}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Le Tacon\Local Settings\Application Data\Microsoft\Messenger\tom.letacon@hotmail.fr\SharingMetadata\olechaux@yahoo.fr\DFSR\Staging\CS{5621E9E0-0DD7-CBE4-04FA-EC67902E2BAD}\15\15-{94ED59C3-1730-49AD-8153-5FF40AF5B99E}-v15-{94ED59C3-1730-49AD-8153-5FF40AF5B99E}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Le Tacon\Local Settings\Application Data\Microsoft\Messenger\tom.letacon@hotmail.fr\SharingMetadata\olechaux@yahoo.fr\DFSR\Staging\CS{5621E9E0-0DD7-CBE4-04FA-EC67902E2BAD}\15\15-{94ED59C3-1730-49AD-8153-5FF40AF5B99E}-v15-{94ED59C3-1730-49AD-8153-5FF40AF5B99E}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Le Tacon\Local Settings\Application Data\Microsoft\Messenger\tom.letacon@hotmail.fr\SharingMetadata\olechaux@yahoo.fr\DFSR\Staging\CS{5621E9E0-0DD7-CBE4-04FA-EC67902E2BAD}\16\16-{94ED59C3-1730-49AD-8153-5FF40AF5B99E}-v16-{94ED59C3-1730-49AD-8153-5FF40AF5B99E}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Le Tacon\Local Settings\Application Data\Microsoft\Messenger\tom.letacon@hotmail.fr\SharingMetadata\olechaux@yahoo.fr\DFSR\Staging\CS{5621E9E0-0DD7-CBE4-04FA-EC67902E2BAD}\16\16-{94ED59C3-1730-49AD-8153-5FF40AF5B99E}-v16-{94ED59C3-1730-49AD-8153-5FF40AF5B99E}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
File C:\Documents and Settings\Le Tacon\Local Settings\Application Data\nygcuogc.dat
File C:\Documents and Settings\Le Tacon\Local Settings\Application Data\nygcuogc.exe
File C:\Documents and Settings\Le Tacon\Local Settings\Application Data\nygcuogc_nav.dat
File C:\Documents and Settings\Le Tacon\Local Settings\Application Data\nygcuogc_navps.dat
File C:\WINDOWS\Prefetch\NYGCUOGC.EXE-044F19A6.pf

---- EOF - GMER 1.0.13 ----

Re,

C'est du Navipromo.

Télécharge Navilog1.exe (IL-MAFIOSO)
Enregistre-le sur ton Bureau.
Lance l'installation en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
[#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse

NOTE : Le rapport se trouve également ici : C:\fixnavi.txt

ok c bon

Search Navipromo version 3.3.8 commencé le 04/01/2008 à 15:34:16,82

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




*** Recherche dossiers dans "C:\Documents and Settings\Le Tacon\application data" ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Fichier(s) caché(s) :

C:\Documents and Settings\Le Tacon\Local Settings\Application Data\nygcuogc.dat
C:\Documents and Settings\Le Tacon\Local Settings\Application Data\nygcuogc.exe
C:\Documents and Settings\Le Tacon\Local Settings\Application Data\nygcuogc_nav.dat
C:\Documents and Settings\Le Tacon\Local Settings\Application Data\nygcuogc_navps.dat



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\Le Tacon\local settings\application data" *

Fichiers trouvés :

nygcuogc.exe trouvé !



*** Recherche fichiers ***


C:\WINDOWS\system32\nvs2.inf trouvé !


*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :


* Dans "C:\Documents and Settings\Le Tacon\local settings\application data" :

nygcuogc.dat trouvé !

3)Recherche Certificats :

Certificat Egroup trouvé !

4)Recherche fichiers connus :

C:\WINDOWS\system32\xbeeg.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 04/01/2008 à 15:41:12,79 ***

Re,

Double clique sur le raccourci de Navilog1 présent sur ton Bureau.
Suis les instructions. Choisis ensuite l'option 2 puis valide.
Laisse toi guider et réponds aux questions éventuelles.

L'utilitaire va t'informer qu'il va redémarrer l'ordinateur.
[#ff0000]**Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts**[/#f]
Appuie maintenant sur une touche, comme demandé.
(si ton PC ne redémarre pas automatiquement, fais-le manuellement)

Patiente jusqu'à l'apparition de ce message :
"*** Nettoyage Termine le ..... ***"

Le Bloc-notes va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver.
Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

Poste le rapport sauvegardé auparavant (C:\cleannavi.txt)
Ainsi qu'un nouveau rapport Hijackthis.

ok voilà ce que j'ai

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:22:43, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\LETACO~1\LOCALS~1\Temp\Répertoire temporaire 4 pour hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} (ULiveCtrl Control) - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://fr.midas.games.yahoo.net/ctl/kingcomie.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9935 bytes


Clean Navipromo version 3.3.8 commencé le 04/01/2008 à 16:05:00,01

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS

Mode suppression automatique


*** Creation backups fichiers trouvés par Catchme ***

Copie vers "C:\Program Files\navilog1\Backupnavi"

Copie C:\Documents and Settings\Le Tacon\Local Settings\Application Data\nygcuogc.dat réalisée avec succès !
Copie C:\Documents and Settings\Le Tacon\Local Settings\Application Data\nygcuogc.exe réalisée avec succès !
Copie C:\Documents and Settings\Le Tacon\Local Settings\Application Data\nygcuogc_nav.dat réalisée avec succès !
Copie C:\Documents and Settings\Le Tacon\Local Settings\Application Data\nygcuogc_navps.dat réalisée avec succès !

*** Suppression des fichiers trouvés avec Catchme ***

C:\Documents and Settings\Le Tacon\Local Settings\Application Data\nygcuogc.dat supprimé !
C:\Documents and Settings\Le Tacon\Local Settings\Application Data\nygcuogc.exe supprimé !
C:\Documents and Settings\Le Tacon\Local Settings\Application Data\nygcuogc_nav.dat supprimé !
C:\Documents and Settings\Le Tacon\Local Settings\Application Data\nygcuogc_navps.dat supprimé !

** 2ème passage avec résultats Catchme **

* Dans C:\WINDOWS\system32 *


C:\WINDOWS\prefetch\nygcuogc*.pf trouvé !
Copie C:\WINDOWS\prefetch\nygcuogc*.pf réalisée avec succès !
C:\WINDOWS\prefetch\nygcuogc*.pf supprimé !

* Dans "C:\Documents and Settings\Le Tacon\local settings\application data" *


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans C:\WINDOWS\System32 *


* Suppression dans "C:\Documents and Settings\Le Tacon\local settings\application data" *



*** Suppression dossiers dans C:\WINDOWS ***


*** Suppression dossiers dans C:\Program Files ***


*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***


*** Suppression dossiers dans "C:\Documents and Settings\Le Tacon\application data" ***


*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***



*** Suppression fichiers ***

C:\WINDOWS\system32\nvs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Le Tacon\local settings\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans C:\WINDOWS\system32 *


* Dans "C:\Documents and Settings\Le Tacon\local settings\application data" *


*** Sauvegarde du Registre vers dossier Backupnavi ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !

*** Nettoyage terminé le 04/01/2008 à 16:08:56,51 ***

C'est déjà mieux ?

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic

désolé pour le retard ça a mis du temps mais ça y est c'est fait. alors depuis que j'ai antivir j'ai deux fenetres qui s'ouvrent:
c:\windows\system32\geebx.dll
is the trojan horse TR/Vundo.Gen

et l'autre

c:\system volume information\...\A0082322.exe
is the trojan horse TR/Agent.29184.D

le probleme est que quoi que je fassent (supprimer ou quarantaine) le message revient systématiquement.


sinon voila le rapport

04.01.2008 18:39:44 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
04.01.2008 18:39:44 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\
04.01.2008 18:39:44 - Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\
04.01.2008 18:39:44 - Start the Update GUI... Displaymode: 0

04.01.2008 18:39:44 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
04.01.2008 18:39:44 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\
04.01.2008 18:39:44 - Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\
04.01.2008 18:39:44 - Start the Update GUI... Displaymode: 0

04.01.2008 18:39:46 - Keyfile: OK [FULL Mode]

04.01.2008 18:39:46 - Avira AntiVir PersonalEdition Classic

04.01.2008 18:39:47 - Master IDX file has changed
04.01.2008 18:39:52 - Keyfile: OK [FULL Mode]

04.01.2008 18:39:52 - Downloading the product.info file from http://dl1.avgate.net/upd/idx/classic-nt-en.info.gz
04.01.2008 18:39:53 - File basic-nt/2k/avgntflt.sys's operating system doesn't match the current one. File ignored.
04.01.2008 18:39:53 - File basic-nt/avadmin.exe's operating system doesn't match the current one. File ignored.
04.01.2008 18:39:53 - File basic-nt/avgio64.sys's operating system doesn't match the current one. File ignored.
04.01.2008 18:39:53 - File basic-nt/imp64b.exe's operating system doesn't match the current one. File ignored.
04.01.2008 18:39:53 - File basic-nt/psapi.dll's operating system doesn't match the current one. File ignored.
04.01.2008 18:39:53 - File basic-nt/shlext64.dll's operating system doesn't match the current one. File ignored.
04.01.2008 18:39:53 - File basic-nt/vista64/avgntflt.sys's operating system doesn't match the current one. File ignored.
04.01.2008 18:39:53 - File basic-nt/wsctool.exe's operating system doesn't match the current one. File ignored.
04.01.2008 18:39:53 - File basic-nt/xp64/avgntflt.sys's operating system doesn't match the current one. File ignored.
04.01.2008 18:39:53 - File basic-nt/2k/avgntdd.sys's operating system doesn't match the current one. File ignored.
04.01.2008 18:39:53 - File basic-nt/2k/avgntmgr.sys's operating system doesn't match the current one. File ignored.
04.01.2008 18:39:53 - File basic-nt/nt/avgntdd.sys's operating system doesn't match the current one. File ignored.
04.01.2008 18:39:53 - File basic-nt/nt/avgntmgr.sys's operating system doesn't match the current one. File ignored.
04.01.2008 18:39:53 - File basic-nt/vista64/avgntflt.sys's operating system doesn't match the current one. File ignored.
04.01.2008 18:39:53 - Downloading the product.info file from http://dl1.avgate.net/upd/idx/vdf.info.gz
04.01.2008 18:39:55 - Keyfile: OK [FULL Mode]

04.01.2008 18:39:55 - Downloading the product.info file from http://dl1.avgate.net/upd/idx/specvir-nt.info.gz
04.01.2008 18:39:56 - Downloading the product.info file from http://dl1.avgate.net/upd/idx/engine.info.gz
04.01.2008 18:39:56 - Downloading the product.info file from http://dl1.avgate.net/upd/idx/engine-nt-en.info.gz
04.01.2008 18:39:57 - Module: SELFUPDATE Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 15
04.01.2008 18:39:57 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlib.dll 1.2.10.20 < 1.2.10.21
04.01.2008 18:39:57 - Module: MAIN Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 75
04.01.2008 18:39:57 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe 7.2.0.12 < 7.2.0.14
04.01.2008 18:39:58 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe 7.2.0.13 < 7.2.0.16
04.01.2008 18:39:58 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe 7.0.0.81 < 7.0.0.82
04.01.2008 18:39:58 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\ccguard.dll 7.0.1.34 < 7.0.1.35
04.01.2008 18:39:58 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\preupd.exe 7.0.0.34 < 7.0.0.36
04.01.2008 18:39:58 - Module: COMMAPPDATA Source: winwks\en\ Destination: C:\Documents and Settings\All Users\Application Data\ Files: 1
04.01.2008 18:39:58 - Module: TEXT Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 3
04.01.2008 18:39:58 - Module: VDF Source: vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 4
04.01.2008 18:39:58 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir1.vdf 7.0.0.0 < 7.0.1.95
04.01.2008 18:39:58 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir2.vdf 7.0.0.1 < 7.0.1.170
04.01.2008 18:39:58 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf 7.0.0.2 < 7.0.1.194
04.01.2008 18:39:58 - Module: AVREP_NT Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
04.01.2008 18:39:58 - Module: ENGINE Source: engine\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 2
04.01.2008 18:39:58 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avewin32.dll 7.6.0.15 < 7.6.0.46
04.01.2008 18:39:58 - Module: ENGINE_NT_EN Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
04.01.2008 18:39:58 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avpack32.dll 7.3.0.15 < 7.6.0.2
04.01.2008 18:39:58 - Module: DRV Source: winwks\en\ Destination: C:\WINDOWS\SYSTEM32\drivers\ Files: 4
04.01.2008 18:39:58 - C:\WINDOWS\SYSTEM32\drivers\avipbb.sys 1.0.2.11 < 1.0.2.13
04.01.2008 18:39:58 - Minifilter is installed

04.01.2008 18:39:58 - Minifilter is possible

04.01.2008 18:39:58 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | FilterType

04.01.2008 18:39:58 - Initialize avnotify.exe

04.01.2008 18:39:58 - Starting avnotify.exe successful

04.01.2008 18:39:58 - Preparing to download files
04.01.2008 18:39:58 - 13 files need to be downloaded / copied from http://dl1.avgate.net/upd/
04.01.2008 18:39:58 - #1: Downloading and extracting http://dl1.avgate.net/upd/winwks/en/basic-nt/updlib.dll... to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\winwks\en\basic-nt/updlib.dll
04.01.2008 18:40:00 - #2: Downloading and extracting http://dl1.avgate.net/upd/winwks/en/basic-nt/avcenter.e... to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\winwks\en\basic-nt/avcenter.exe
04.01.2008 18:40:03 - #3: Downloading and extracting http://dl1.avgate.net/upd/winwks/en/basic-nt/avgnt.exe.... to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\winwks\en\basic-nt/avgnt.exe
04.01.2008 18:40:05 - #4: Downloading and extracting http://dl1.avgate.net/upd/winwks/en/basic-nt/avguard.ex... to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\winwks\en\basic-nt/avguard.exe
04.01.2008 18:40:07 - #5: Downloading and extracting http://dl1.avgate.net/upd/winwks/en/basic-nt/ccguard.dl... to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\winwks\en\basic-nt/ccguard.dll
04.01.2008 18:40:09 - #6: Downloading and extracting http://dl1.avgate.net/upd/winwks/en/basic-nt/preupd.exe... to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\winwks\en\basic-nt/preupd.exe
04.01.2008 18:40:10 - #7: Downloading and extracting http://dl1.avgate.net/upd/winwks/en/basic-nt/addr_file.... to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\winwks\en\basic-nt/addr_file.html
04.01.2008 18:40:11 - #8: Downloading and extracting http://dl1.avgate.net/upd/vdf/antivir1.vdf.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\vdf\antivir1.vdf
04.01.2008 18:41:00 - #9: Downloading and extracting http://dl1.avgate.net/upd/vdf/antivir2.vdf.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\vdf\antivir2.vdf
04.01.2008 18:41:04 - #10: Downloading and extracting http://dl1.avgate.net/upd/vdf/antivir3.vdf.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\vdf\antivir3.vdf
04.01.2008 18:41:05 - #11: Downloading and extracting http://dl1.avgate.net/upd/engine/avewin32.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\engine\avewin32.dll
04.01.2008 18:41:19 - #12: Downloading and extracting http://dl1.avgate.net/upd/engine/nt/avpack32.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\engine\nt\avpack32.dll
04.01.2008 18:41:23 - #13: Downloading and extracting http://dl1.avgate.net/upd/winwks/en/basic-nt/avipbb.sys... to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\winwks\en\basic-nt/avipbb.sys
04.01.2008 18:41:29 - Service AVEService is not installed

04.01.2008 18:41:29 - Service AntiVirMailService is not installed

04.01.2008 18:41:29 - Initialize fwinst.exe

04.01.2008 18:41:29 - Initialize fwinst.exe

04.01.2008 18:41:29 - Service AntiVirFirewallService is not installed

04.01.2008 18:41:29 - Service antivirwebservice is not installed

04.01.2008 18:41:29 - Status of service AntiVirService is running

04.01.2008 18:41:29 - Initialize avgnt.exe

04.01.2008 18:41:29 - Status of service AntiVirScheduler is running

04.01.2008 18:41:29 - Minifilter is installed

04.01.2008 18:41:29 - Minifilter is possible

04.01.2008 18:41:29 - Initialize avscan.exe

04.01.2008 18:41:29 - Initialize avconfig.cpl

04.01.2008 18:41:29 - Initialize avcenter.exe

04.01.2008 18:41:29 - shell extension is installed

04.01.2008 18:41:29 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | RootkitsInstalled

04.01.2008 18:41:29 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | RootkitsInstalled

04.01.2008 18:41:29 - Service AVEService is not installed

04.01.2008 18:41:29 - Service AntiVirMailService is not installed

04.01.2008 18:41:29 - Initialize fwinst.exe

04.01.2008 18:41:29 - Initialize fwinst.exe

04.01.2008 18:41:29 - Service AntiVirFirewallService is not installed

04.01.2008 18:41:29 - shell extension is installed

04.01.2008 18:41:29 - Initialize regsvr32.exe

04.01.2008 18:41:29 - shell extension removed successfully

04.01.2008 18:41:29 - avgnt.exe closed.

04.01.2008 18:41:29 - Status of service AntiVirScheduler is running

04.01.2008 18:41:29 - Service AntiVirScheduler successfully stopped

04.01.2008 18:41:29 - Status of service AntiVirService is running

04.01.2008 18:41:31 - Service AntiVirService successfully stopped

04.01.2008 18:41:31 - Starting to install
04.01.2008 18:41:31 - Processing module SELFUPDATE Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
04.01.2008 18:41:31 - Current Direcory:C:\Program Files\Avira\AntiVir PersonalEdition Classic, About to execute C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\SelfUpdateTemp\update.exe --log-template="${DAY}.${MONTH}.${YEAR} ${HOUR}:${MINUTE}:${SECOND} - ${MSG}".Self Update helper
04.01.2008 18:41:32 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
04.01.2008 18:41:32 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\
04.01.2008 18:41:32 - Temp Directory: C:\WINDOWS\TEMP\Update_Temp\
04.01.2008 18:41:32 - Avira AntiVir PersonalEdition Classic

04.01.2008 18:41:33 - Self update: Copying file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\winwks\en\basic-nt/updlib.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlib.dll
04.01.2008 18:41:33 - Executing original update application
04.01.2008 18:41:33 - Current Direcory:C:\Program Files\Avira\AntiVir PersonalEdition Classic, About to execute C:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe --config-file="C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\update.conf" --install-path="C:\Program Files\Avira\AntiVir PersonalEdition Classic" --log-template="${DAY}.${MONTH}.${YEAR} ${HOUR}:${MINUTE}:${SECOND} - ${MSG}" --NoSelfUpdate "--TmpDir=C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60" "--LogFile=C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\LOGFILES\Upd-2008-01-04-18-39-44.log" "--TmpFilesList=C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\ToRemove.txt".Executing original update application
04.01.2008 18:41:33 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
04.01.2008 18:41:33 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\
04.01.2008 18:41:33 - Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\
04.01.2008 18:41:33 - Start the Update GUI... Displaymode: 0

04.01.2008 18:41:33 - Avira AntiVir PersonalEdition Classic

04.01.2008 18:41:33 - Master IDX file has changed
04.01.2008 18:41:33 - File basic-nt/2k/avgntflt.sys's operating system doesn't match the current one. File ignored.
04.01.2008 18:41:33 - File basic-nt/avadmin.exe's operating system doesn't match the current one. File ignored.
04.01.2008 18:41:33 - File basic-nt/avgio64.sys's operating system doesn't match the current one. File ignored.
04.01.2008 18:41:33 - File basic-nt/imp64b.exe's operating system doesn't match the current one. File ignored.
04.01.2008 18:41:33 - File basic-nt/psapi.dll's operating system doesn't match the current one. File ignored.
04.01.2008 18:41:33 - File basic-nt/shlext64.dll's operating system doesn't match the current one. File ignored.
04.01.2008 18:41:33 - File basic-nt/vista64/avgntflt.sys's operating system doesn't match the current one. File ignored.
04.01.2008 18:41:33 - File basic-nt/wsctool.exe's operating system doesn't match the current one. File ignored.
04.01.2008 18:41:33 - File basic-nt/xp64/avgntflt.sys's operating system doesn't match the current one. File ignored.
04.01.2008 18:41:33 - File basic-nt/2k/avgntdd.sys's operating system doesn't match the current one. File ignored.
04.01.2008 18:41:33 - File basic-nt/2k/avgntmgr.sys's operating system doesn't match the current one. File ignored.
04.01.2008 18:41:33 - File basic-nt/nt/avgntdd.sys's operating system doesn't match the current one. File ignored.
04.01.2008 18:41:33 - File basic-nt/nt/avgntmgr.sys's operating system doesn't match the current one. File ignored.
04.01.2008 18:41:33 - File basic-nt/vista64/avgntflt.sys's operating system doesn't match the current one. File ignored.
04.01.2008 18:41:33 - Downloading the product.info file from http://dl1.avgate.net/upd/idx/vdf.info.gz
04.01.2008 18:41:33 - Downloading the product.info file from http://dl1.avgate.net/upd/idx/specvir-nt.info.gz
04.01.2008 18:41:33 - Downloading the product.info file from http://dl1.avgate.net/upd/idx/engine.info.gz
04.01.2008 18:41:33 - Downloading the product.info file from http://dl1.avgate.net/upd/idx/engine-nt-en.info.gz
04.01.2008 18:41:33 - Module: SELFUPDATE Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 15
04.01.2008 18:41:34 - Module: MAIN Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 75
04.01.2008 18:41:34 - Module: COMMAPPDATA Source: winwks\en\ Destination: C:\Documents and Settings\All Users\Application Data\ Files: 1
04.01.2008 18:41:34 - Module: TEXT Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 3
04.01.2008 18:41:34 - Module: VDF Source: vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 4
04.01.2008 18:41:34 - Module: AVREP_NT Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
04.01.2008 18:41:34 - Module: ENGINE Source: engine\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 2
04.01.2008 18:41:34 - Module: ENGINE_NT_EN Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
04.01.2008 18:41:34 - Module: DRV Source: winwks\en\ Destination: C:\WINDOWS\SYSTEM32\drivers\ Files: 4
04.01.2008 18:41:34 - Minifilter is installed

04.01.2008 18:41:34 - Minifilter is possible

04.01.2008 18:41:34 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | FilterType

04.01.2008 18:41:34 - Preparing to download files
04.01.2008 18:41:34 - 12 files need to be downloaded / copied from http://dl1.avgate.net/upd/
04.01.2008 18:41:34 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\winwks\en\basic-nt\avcenter.exe.gz already exists in temporary folder and it will not be downloaded again
04.01.2008 18:41:34 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\winwks\en\basic-nt\avgnt.exe.gz already exists in temporary folder and it will not be downloaded again
04.01.2008 18:41:34 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\winwks\en\basic-nt\avguard.exe.gz already exists in temporary folder and it will not be downloaded again
04.01.2008 18:41:34 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\winwks\en\basic-nt\ccguard.dll.gz already exists in temporary folder and it will not be downloaded again
04.01.2008 18:41:34 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\winwks\en\basic-nt\preupd.exe.gz already exists in temporary folder and it will not be downloaded again
04.01.2008 18:41:34 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\winwks\en\basic-nt\addr_file.html.gz already exists in temporary folder and it will not be downloaded again
04.01.2008 18:41:34 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\vdf\antivir1.vdf.gz already exists in temporary folder and it will not be downloaded again
04.01.2008 18:41:34 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\vdf\antivir2.vdf.gz already exists in temporary folder and it will not be downloaded again
04.01.2008 18:41:34 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\vdf\antivir3.vdf.gz already exists in temporary folder and it will not be downloaded again
04.01.2008 18:41:34 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\engine\avewin32.dll.gz already exists in temporary folder and it will not be downloaded again
04.01.2008 18:41:34 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\engine\nt\avpack32.dll.gz already exists in temporary folder and it will not be downloaded again
04.01.2008 18:41:34 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\winwks\en\basic-nt\avipbb.sys.gz already exists in temporary folder and it will not be downloaded again
04.01.2008 18:41:34 - Starting to install
04.01.2008 18:41:34 - Processing module MAIN Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
04.01.2008 18:41:34 - File C:\Documents and Settings\All Users\Application Data\addr_file.html will not be backed up because it doesn't exist
04.01.2008 18:41:34 - Processing module COMMAPPDATA Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\winwks\en\ Destination: C:\Documents and Settings\All Users\Application Data\
04.01.2008 18:41:34 - Processing module VDF Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
04.01.2008 18:41:35 - Processing module ENGINE Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\engine\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
04.01.2008 18:41:36 - Processing module ENGINE_NT_EN Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
04.01.2008 18:41:36 - Processing module DRV Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_477e6f60\winwks\en\ Destination: C:\WINDOWS\SYSTEM32\drivers\
04.01.2008 18:41:36 - A total of 12 files were updated
04.01.2008 18:41:36 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |UpdateInProgress

04.01.2008 18:41:36 - Service AVEService is not installed

04.01.2008 18:41:36 - Service AntiVirMailService is not installed

04.01.2008 18:41:36 - Initialize fwinst.exe

04.01.2008 18:41:36 - Initialize fwinst.exe

04.01.2008 18:41:36 - Service AntiVirFirewallService is not installed

04.01.2008 18:41:36 - Service antivirwebservice is not installed

04.01.2008 18:41:36 - Status of service AntiVirService is stopped

04.01.2008 18:41:36 - Initialize avgnt.exe

04.01.2008 18:41:36 - Status of service AntiVirScheduler is stopped

04.01.2008 18:41:36 - Minifilter is installed

04.01.2008 18:41:36 - Minifilter is possible

04.01.2008 18:41:36 - Initialize avscan.exe

04.01.2008 18:41:36 - Initialize avconfig.cpl

04.01.2008 18:41:36 - Initialize avcenter.exe

04.01.2008 18:41:36 - shell extension is installed

04.01.2008 18:41:36 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | RootkitsInstalled

04.01.2008 18:41:36 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | RootkitsInstalled

04.01.2008 18:41:43 - Service AntiVirService successfully started

04.01.2008 18:41:43 - Starting avgnt.exe successful

04.01.2008 18:41:45 - Service AntiVirScheduler successfully started

04.01.2008 18:41:45 - shell extension is installed

04.01.2008 18:41:45 - Initialize regsvr32.exe

04.01.2008 18:41:45 - installation of shell extension successful

04.01.2008 18:41:45 - Cannot start the service antivirwebservice

04.01.2008 18:41:45 - Dialup: 0

04.01.2008 18:41:45 - Downloaded bytes: 5857575

04.01.2008 18:41:45 - Downloaded file(s): 13

04.01.2008 18:41:45 - Downloaded file(s): updlib.dll; avcenter.exe; avgnt.exe; avguard.exe; ccguard.dll; preupd.exe; addr_file.html; antivir1.vdf; antivir2.vdf; antivir3.vdf; avewin32.dll; avpack32.dll; avipbb.sys

04.01.2008 18:41:45 - Engine version local : 7.6.0.15

04.01.2008 18:41:45 - Engine version internet: 7.6.0.46

04.01.2008 18:41:45 - 0. VDF version local : 6.40.0.0

04.01.2008 18:41:45 - 0. VDF version internet: 6.40.0.0

04.01.2008 18:41:45 - 1. VDF version local : 7.0.0.0

04.01.2008 18:41:45 - 1. VDF version internet: 7.0.1.95

04.01.2008 18:41:45 - 2. VDF version local : 7.0.0.1

04.01.2008 18:41:45 - 2. VDF version internet: 7.0.1.170

04.01.2008 18:41:45 - 3. VDF version local : 7.0.0.2

04.01.2008 18:41:45 - 3. VDF version internet: 7.0.1.194

04.01.2008 18:41:45 - Required time: 00:11

04.01.2008 18:41:45 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |LastUpdate

04.01.2008 18:41:46 - Update finished successfully

Sinon oui je te remercie car je n'ai plus de fenetre qui s'ouvrent lorsque je surf. Merci encore

Tu as regardé le tuto pour le scan ?

Je recommence

bon je crois que c'est ça:



AntiVir PersonalEdition Classic
Report file date: vendredi 4 janvier 2008 20:39

Scanning for 1000802 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Le Tacon
Computer name: TOM

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 17:41:35
ANTIVIR2.VDF : 7.0.1.170 311296 Bytes 28/12/2007 17:41:35
ANTIVIR3.VDF : 7.0.1.194 93696 Bytes 04/01/2008 17:41:35
AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 04/01/2008 17:41:36
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.2 360488 Bytes 04/01/2008 17:41:36
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Windows System Directory
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysdir.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 4 janvier 2008 20:39

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned
Scan process 'WOOBrowser.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Watch.exe' - '1' Module(s) have been scanned
Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned
Scan process 'hpqimzone.exe' - '1' Module(s) have been scanned
Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
Scan process 'Inactivity.exe' - '1' Module(s) have been scanned
Scan process 'Toaster.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'ComComp.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'GestionnaireInternet.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'ISUSPM.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'mqtgsvc.exe' - '1' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'QPService.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'HP Wireless Assistant.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
Scan process 'mqsvc.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'msdtc.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
61 processes with 61 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
C:\WINDOWS\system32\yayxwxw.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\yayxwxw.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen

The registry was scanned ( '51' files ).


Starting the file scan:

Begin scan in 'C:\WINDOWS\system32'
C:\WINDOWS\system32\geebx.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\yayxwxw.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!


End of the scan: vendredi 4 janvier 2008 20:47
Used time: 08:15 min

The scan has been done completely.

240 Scanning directories
4256 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
4253 Files not concerned
3 Archives were scanned
3 Warnings
0 Notes

Reposte un rapport Hijackthis  

le voila

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:16:59, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
c:\program files\avira\antivir personaledition classic\avscan.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\DOCUME~1\LETACO~1\LOCALS~1\Temp\Répertoire temporaire 5 pour hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\yayxwxw.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AAE5E642-0E5D-408C-9574-7AB0514815CD} - C:\WINDOWS\system32\geebx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} (ULiveCtrl Control) - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://fr.midas.games.yahoo.net/ctl/kingcomie.cab
O20 - Winlogon Notify: yayxwxw - C:\WINDOWS\SYSTEM32\yayxwxw.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10802 bytes

Alors tu vois qlque chose, car j'ai l'impression que antivir n'arrive pas à me supprimer ce trojan (au moins antivir la détacté lui, n'est ce pas avast!!!!)

J'avais raté le vundo.

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

Double-clique VundoFix.exe afin de le lancer

Clique sur le bouton Scan for Vundo

Lorsque le scan est complété, clique sur le bouton Remove Vundo

Une invite te demandera si tu veux supprimer les fichiers, clique YES

Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

Salut Angeldark ca va bien?
Bon hier soir j'ai fais qlques manip et je pense avoir viré Vundo (enfin presque entierement). cependant il me reste encore des cochoneries. je te poste un rapport hijack et vundofix
merci


VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 23:50:54 04/01/2008

Listing files found while scanning....

C:\windows\system32\geebx.dll
C:\windows\system32\xbeeg.ini
C:\windows\system32\xbeeg.ini2
C:\WINDOWS\system32\yayxwxw.dll

Beginning removal...

Attempting to delete C:\windows\system32\geebx.dll
C:\windows\system32\geebx.dll Has been deleted!

Attempting to delete C:\windows\system32\xbeeg.ini
C:\windows\system32\xbeeg.ini Has been deleted!

Attempting to delete C:\windows\system32\xbeeg.ini2
C:\windows\system32\xbeeg.ini2 Has been deleted!

Performing Repairs to the registry.
Done!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:21:36, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\abcde\abcde.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AAE5E642-0E5D-408C-9574-7AB0514815CD} - C:\WINDOWS\system32\geebx.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} (ULiveCtrl Control) - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://fr.midas.games.yahoo.net/ctl/kingcomie.cab
O20 - Winlogon Notify: yayxwxw - yayxwxw.dll (file missing)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10899 bytes

je sais pas si je dis une connerie mais les lignes
02 BHO (no name) ;
09 extra button/compare product prices ;
09 extra button/compare travel rates ;
ainsi que 020 winlogan me parraissent suspectes
et toi, t'en pense quoi?

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique sur combofix.exe afin de le lancer.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Re, alors voila ce que j'ai eu



ComboFix 08-01-06.1 - Le Tacon 2008-01-05 18:57:07.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.475 [GMT 1:00]
Running from: C:\Documents and Settings\Le Tacon\Bureau\combofix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Le Tacon\Application Data\macromedia\Flash Player\#SharedObjects\AD5WEZQW\www.broadcaster.com
C:\Documents and Settings\Le Tacon\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Le Tacon\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Le Tacon\Application Data\ShoppingReport
C:\Documents and Settings\Le Tacon\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Le Tacon\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Le Tacon\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Le Tacon\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Le Tacon\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Le Tacon\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Le Tacon\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Program Files\ShoppingReport
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))))))))
.

2008-01-09 17:15 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-01-09 17:14 . 2008-01-09 17:14 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-01-09 17:13 . 2008-01-09 17:13 <REP> d-------- C:\Program Files\Microsoft.NET
2008-01-09 17:10 . 2008-01-09 17:10 <REP> dr-h----- C:\MSOCache
2008-01-05 18:56 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 14:16 . 2008-01-05 14:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-04 18:51 . 2008-01-04 18:51 <REP> d---s---- C:\Documents and Settings\LocalService\Temporary Internet Files
2008-01-04 18:51 . 2008-01-04 18:51 <REP> d---s---- C:\Documents and Settings\LocalService\Historique
2008-01-04 18:39 . 2008-01-04 18:39 <REP> d-------- C:\Program Files\Avira
2008-01-04 18:39 . 2008-01-04 18:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-04 15:33 . 2008-01-04 16:08 <REP> d-------- C:\Program Files\Navilog1
2008-01-04 15:20 . 2008-01-04 15:20 250 --a------ C:\WINDOWS\gmer.ini
2008-01-04 14:33 . 2008-01-04 16:07 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-02 21:32 . 2008-01-02 21:32 <REP> d-------- C:\Documents and Settings\Le Tacon\Application Data\dvdcss
2007-12-31 17:24 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-12-31 17:24 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2007-12-31 17:23 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-12-31 17:23 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-12-31 17:23 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-31 17:23 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-30 17:50 . 2007-12-30 17:50 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2007-12-30 17:49 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-12-30 17:49 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-12-30 17:49 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-12-30 17:49 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-12-30 17:49 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-12-30 17:49 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-12-30 17:48 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-12-30 17:45 . 2007-12-31 17:35 70,604 --a------ C:\WINDOWS\hpoins05.dat
2007-12-30 17:45 . 2004-12-14 17:06 19,696 --------- C:\WINDOWS\hpomdl05.dat
2007-12-23 17:33 . 2007-12-23 17:33 <REP> d-------- C:\Documents and Settings\Le Tacon\Application Data\Sonic
2007-12-23 17:33 . 2007-12-23 17:33 <REP> d-------- C:\Documents and Settings\Le Tacon\Application Data\Leadertech
2007-12-22 18:01 . 2008-01-09 17:16 497 --a------ C:\WINDOWS\ODBC.INI
2007-12-22 18:00 . 2002-05-14 13:08 94,208 --a------ C:\WINDOWS\system32\dllcache\fpencode.dll
2007-12-22 17:57 . 2007-12-22 17:57 <REP> d-------- C:\Documents and Settings\Le Tacon\Application Data\Microsoft Web Folders

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 17:06 --------- d-----w C:\Program Files\QuickTime
2008-05-19 17:06 --------- d-----w C:\Program Files\iTunes
2008-05-19 17:06 --------- d-----w C:\Program Files\iPod
2008-05-19 17:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-19 17:05 --------- d-----w C:\Program Files\Apple Software Update
2008-01-12 18:33 --------- d-----w C:\Program Files\Google
2008-01-12 18:33 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-12 18:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-06 18:02 --------- d-----w C:\Program Files\Wanadoo
2007-12-30 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-12-30 16:51 --------- d-----w C:\Program Files\HP
2007-12-30 16:51 --------- d-----w C:\Program Files\Hewlett-Packard
2007-12-22 16:57 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-16 16:11 --------- d-----w C:\Program Files\SopCast
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-04-14 13:55 310 ----a-w C:\Documents and Settings\Le Tacon\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AAE5E642-0E5D-408C-9574-7AB0514815CD}]
C:\WINDOWS\system32\geebx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-25 05:00 15360]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 21:58 458752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 20:03 36975]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 09:00 7585792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-18 09:00 86016]
"nwiz"="nwiz.exe" [2006-08-18 09:00 1617920 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 01:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 06:01 761946]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-11 20:55 102400]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 10:33 163840]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 15:02 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 09:23 1187840]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 08:52 643072]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-03-20 16:34 213936]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-03-20 16:34 86960]
"ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2006-03-20 16:34 213936]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 15:51 257088]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-04 18:41 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-25 05:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayxwxw]
yayxwxw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessagerStarter Wanadoo]
C:\PROGRA~1\MESSAG~1\StartMessager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PokerPop.exe]
F:\POKERP~1.exe

R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 21:39]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-06 00:49]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c043e026-8ebf-11dc-b04e-001636a7a614}]
\Shell\Auto\command - bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-19 17:05:49 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 19:01:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ???XX??????Y?@?????<?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-06 19:03:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-06 18:03:20
.
2007-12-22 00:41:44 --- E O F ---

Re,

[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

Ok alors voila

combofix
ComboFix 08-01-06.1 - Le Tacon 2008-01-06 19:15:23.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.543 [GMT 1:00]
Running from: C:\Documents and Settings\Le Tacon\Bureau\combofix.exe
Command switches used :: C:\Documents and Settings\Le Tacon\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\geebx.dll
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))))))))
.

2008-01-09 17:15 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-01-09 17:14 . 2008-01-09 17:14 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-01-09 17:13 . 2008-01-09 17:13 <REP> d-------- C:\Program Files\Microsoft.NET
2008-01-09 17:10 . 2008-01-09 17:10 <REP> dr-h----- C:\MSOCache
2008-01-05 18:56 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 14:16 . 2008-01-05 14:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-04 18:51 . 2008-01-04 18:51 <REP> d---s---- C:\Documents and Settings\LocalService\Temporary Internet Files
2008-01-04 18:51 . 2008-01-04 18:51 <REP> d---s---- C:\Documents and Settings\LocalService\Historique
2008-01-04 18:39 . 2008-01-04 18:39 <REP> d-------- C:\Program Files\Avira
2008-01-04 18:39 . 2008-01-04 18:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-04 15:33 . 2008-01-04 16:08 <REP> d-------- C:\Program Files\Navilog1
2008-01-04 15:20 . 2008-01-04 15:20 250 --a------ C:\WINDOWS\gmer.ini
2008-01-04 14:33 . 2008-01-04 16:07 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-02 21:32 . 2008-01-02 21:32 <REP> d-------- C:\Documents and Settings\Le Tacon\Application Data\dvdcss
2007-12-31 17:24 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-12-31 17:24 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2007-12-31 17:23 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-12-31 17:23 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-12-31 17:23 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-31 17:23 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-30 17:50 . 2007-12-30 17:50 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2007-12-30 17:49 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-12-30 17:49 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-12-30 17:49 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-12-30 17:49 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-12-30 17:49 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-12-30 17:49 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-12-30 17:48 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-12-30 17:45 . 2007-12-31 17:35 70,604 --a------ C:\WINDOWS\hpoins05.dat
2007-12-30 17:45 . 2004-12-14 17:06 19,696 --------- C:\WINDOWS\hpomdl05.dat
2007-12-23 17:33 . 2007-12-23 17:33 <REP> d-------- C:\Documents and Settings\Le Tacon\Application Data\Sonic
2007-12-23 17:33 . 2007-12-23 17:33 <REP> d-------- C:\Documents and Settings\Le Tacon\Application Data\Leadertech
2007-12-22 18:01 . 2008-01-09 17:16 497 --a------ C:\WINDOWS\ODBC.INI
2007-12-22 18:00 . 2002-05-14 13:08 94,208 --a------ C:\WINDOWS\system32\dllcache\fpencode.dll
2007-12-22 17:57 . 2007-12-22 17:57 <REP> d-------- C:\Documents and Settings\Le Tacon\Application Data\Microsoft Web Folders

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 17:06 --------- d-----w C:\Program Files\QuickTime
2008-05-19 17:06 --------- d-----w C:\Program Files\iTunes
2008-05-19 17:06 --------- d-----w C:\Program Files\iPod
2008-05-19 17:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-19 17:05 --------- d-----w C:\Program Files\Apple Software Update
2008-01-12 18:33 --------- d-----w C:\Program Files\Google
2008-01-12 18:33 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-12 18:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-06 18:04 --------- d-----w C:\Program Files\Wanadoo
2007-12-30 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-12-30 16:51 --------- d-----w C:\Program Files\HP
2007-12-30 16:51 --------- d-----w C:\Program Files\Hewlett-Packard
2007-12-22 16:57 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-16 16:11 --------- d-----w C:\Program Files\SopCast
2007-11-14 07:28 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 09:57 3,086,848 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:36 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:36 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-24 15:58 228,864 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-24 15:58 228,864 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-21 17:24 159,744 ----a-w C:\WINDOWS\system32\UCLiveCore.dll
2007-10-21 16:33 241,664 ----a-w C:\WINDOWS\system32\UCLiveSocket.dll
2007-10-11 05:59 96,768 ------w C:\WINDOWS\system32\dllcache\inseng.dll
2007-10-11 05:59 670,208 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-11 05:59 620,032 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-11 05:59 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-11 05:59 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-11 05:59 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 05:59 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-11 05:59 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-11 05:59 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-10-11 05:59 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-10-11 05:59 205,824 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-11 05:59 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-11 05:59 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 05:59 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-11 05:59 1,498,624 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 05:59 1,056,768 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 05:59 1,024,512 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 10:48 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2007-04-14 13:55 310 ----a-w C:\Documents and Settings\Le Tacon\Application Data\wklnhst.dat
2005-09-24 06:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-06_19.03.03.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-05 11:55:25 56,056 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-06 18:06:04 56,056 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-05 11:55:25 67,524 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-01-06 18:06:04 67,524 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-01-05 11:55:25 391,404 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-06 18:06:04 391,404 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-01-05 11:55:25 394,254 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-01-06 18:06:04 394,254 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-25 05:00 15360]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 21:58 458752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 20:03 36975]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 09:00 7585792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-18 09:00 86016]
"nwiz"="nwiz.exe" [2006-08-18 09:00 1617920 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 01:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 06:01 761946]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-11 20:55 102400]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 10:33 163840]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 15:02 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 09:23 1187840]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 08:52 643072]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-03-20 16:34 213936]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-03-20 16:34 86960]
"ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2006-03-20 16:34 213936]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 15:51 257088]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-04 18:41 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-25 05:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 08:39:30]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessagerStarter Wanadoo]
C:\PROGRA~1\MESSAG~1\StartMessager.exe

R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 21:39]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-06 00:49]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c043e026-8ebf-11dc-b04e-001636a7a614}]
\Shell\Auto\command - bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-19 17:05:49 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 19:16:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ???XX??????Y?@?????<?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-06 19:17:08
ComboFix-quarantined-files.txt 2008-01-06 18:17:06
ComboFix2.txt 2008-01-06 18:03:23
.
2007-12-22 00:41:44 --- E O F ---




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:18:23, on 06/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\abcde\abcde.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} (ULiveCtrl Control) - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://fr.midas.games.yahoo.net/ctl/kingcomie.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9727 bytes

C'est mieux ?

re,
oui c deja bien mieux effecivement, mais il me reste des virus selon antivir du type TR/dropper.gen et TR/Dldr.Zlob.cba

L'emplacement ?

l'emplacement est c:\system volume information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP237\A0117401.exe
apparement j'en ai plusieur à cet endroit. C'est un fichier caché et lorsque je tente d'y acceder je suis rejeté

On va s'en charger facilement.

Télécharge ToolsCleaner sur ton Bureau.

Clique sur Recherche et laisse le scan se terminer.

Clique sur Suppression pour finaliser.

Clique sur Quitter, pour que le rapport puisse se créer.

Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)

Désactive puis réactive la restauration du système : Voir aide

ok alors voila le rapport

-->- Recherche:

C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\Le Tacon\Bureau\ComboFix.exe: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\QooBox\Quarantine\C\Combofix: trouvé !
C:\WINDOWS\Gmer.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\Le Tacon\Bureau\ComboFix.exe: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\WINDOWS\Gmer.exe: Erreur de suppression !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Program Files\Navilog1: supprimé !

Et maintenant ?

Je sais pas, lorsque je vais sur antivir dans la partie quarantaine et que je scan les virus il me marque detected object after 1 before 1. comment je dois faire pour savoir s'il sont detruit?

L'emplacement ?