[Résolu] Mon PC se comporte bizarement

Un bonjour ?

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

Double-clique VundoFix.exe afin de le lancer

Clique sur le bouton Scan for Vundo

Lorsque le scan est complété, clique sur le bouton Remove Vundo

Une invite te demandera si tu veux supprimer les fichiers, clique YES

Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

Voici le resultat de VundoFix:


VundoFix V6.5.1

Checking Java version...

Scan started at 15:23:41 26/06/2007

Listing files found while scanning....

C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\qtvwa.bak1
C:\WINDOWS\system32\qtvwa.bak2
C:\WINDOWS\system32\qtvwa.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\awvtq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qtvwa.bak1
C:\WINDOWS\system32\qtvwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qtvwa.bak2
C:\WINDOWS\system32\qtvwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qtvwa.ini
C:\WINDOWS\system32\qtvwa.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.1

Checking Java version...

Scan started at 15:57:06 26/06/2007

Listing files found while scanning....

C:\WINDOWS\system32\ehkmp.bak1
C:\WINDOWS\system32\ehkmp.ini
C:\WINDOWS\system32\pmkhe.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ehkmp.bak1
C:\WINDOWS\system32\ehkmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ehkmp.ini
C:\WINDOWS\system32\ehkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkhe.dll
C:\WINDOWS\system32\pmkhe.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.1

Checking Java version...

Scan started at 18:06:13 26/06/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\nqtwa.bak1
C:\WINDOWS\system32\nqtwa.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\awtqn.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\nqtwa.bak1
C:\WINDOWS\system32\nqtwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\nqtwa.ini
C:\WINDOWS\system32\nqtwa.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\awtqn.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.1

Checking Java version...

Scan started at 18:16:13 26/06/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.7.7

Checking Java version...

Scan started at 12:49:17 05/02/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...


Et le nouveau rapport de hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:15:33, on 05/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\fswsclds.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\SECURI~1\174112\Program\BACKWE~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\sstray.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\program files\steam\steam.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\svchost.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Johann\Mes documents\jm.conchonnet\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 68.178.211.86 wrhax.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: svchost.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/Dj...
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/Da...{896A23A1-5821-4609-A6C6-6D5536C585C9}
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar....
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher....
O17 - HKLM\System\CCS\Services\Tcpip\..\{933D6120-03DB-416C-8BFF-3A53BCCC5890}: NameServer = 80.10.246.1 81.253.149.10
O20 - AppInit_DLLs: c:\windows\system32\jkkjiji.dll
O21 - SSODL: printers - {929F8212-016C-41F2-B3CE-9D7DA12A2A31} - libcintle2.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Securitoo AntiVirus (BackWeb Client - 174112) - Unknown owner - C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure\fswsclds.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9926 bytes



Je suis terriblement désolé de mon manque de politesse, bien le bonjour Angeldark !

On continue  

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique sur combofix.exe afin de le lancer.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Il y a un probléme, combofix m'affiche un message d'erreur comme quoi le fichier C:\WINDOWS\System32\kmd.exe est introuvable, que dois je faire ?

C'est pas cmd ?

Non non il marque que windows n'as pas pu trouver "kmd.exe".

Tu as Kazaa d'installé ?

Non je n'ai pas ce logiciel d'instalé par contre j'ai emule ainsi que limewire.

Ok. Faudrait se calmer sur le P2P...

Télécharge MSNFix.zip ([#ff0000]!aur3n7[/#f]) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).

Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.

[#ff0000]Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.[/#f]

Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log

Impossible de lancer le fichier, tout comme l'invité de commande il me dit que le fichier est utilisé par une autre application.

Tu peux essayer en sans échec ?

Aprés un redemarage en mode sans echec j'ai pu lancer MSnfix qui a trouvé une infection, je l'ai fait suprimer et voici le rapport:


MSNFix 1.654

C:\Documents and Settings\Johann\Bureau\MSNFix
Fix exécuté le 06/02/2008 - 15:19:33,35 By Johann
mode sans échec

************************ Recherche les fichiers présents

... C:\WINDOWS\system32\tmp.txt
... C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\svchost.exe
... C:\Documents and Settings\Johann\new.txt
... C:\WINDOWS\b???.exe
... C:\WINDOWS\system32\mcrh.tmp

************************ Recherche les dossiers présents

... C:\Install\
... C:\Temp\




************************ Suppression des fichiers

.. OK ... C:\WINDOWS\system32\tmp.txt
.. OK ... C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\svchost.exe
.. OK ... C:\Documents and Settings\Johann\new.txt
.. OK ... C:\WINDOWS\b???.exe
.. OK ... C:\WINDOWS\system32\mcrh.tmp


************************ Suppression des dossiers

/!\ ... C:\Install\
/!\ ... C:\Temp\


************************ Nettoyage du registre



************************ Fichiers suspects

Aucun Fichier trouvé


Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 06022008_15202465.zip


Information ...... Information ...... Information ......

/!\ /!\ MSNFix n'est pas affilié a livekill CleanMessenger /!\ /!\

Ce pseudo antivirus copie les bases de MSNFix pour se tenir a jour


/!\ /!\ MSNFix is not affiliated with Livekill CleanMessenger /!\ /!\

------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

Reposte un rapport Hijackthis.

Voila le rapport d'hijackthis:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:13:39, on 06/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\fswsclds.exe
C:\PROGRA~1\SECURI~1\174112\Program\BACKWE~1.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\sstray.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\LXSUPMON.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Johann\Mes documents\jm.conchonnet\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 68.178.211.86 wrhax.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/Dj...
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/Da...{896A23A1-5821-4609-A6C6-6D5536C585C9}
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar....
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher....
O17 - HKLM\System\CCS\Services\Tcpip\..\{933D6120-03DB-416C-8BFF-3A53BCCC5890}: NameServer = 81.253.149.9 80.10.246.132
O20 - AppInit_DLLs: c:\windows\system32\jkkjiji.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Securitoo AntiVirus (BackWeb Client - 174112) - Unknown owner - C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure\fswsclds.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9801 bytes







J'ai de nouveau accés au gestionnaire de tâche.

Tu peux tenter Combofix ?

Combofix a marché voici le rapport:



ComboFix 08-02.05.3 - Johann 2008-02-06 17:22:14.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.559 [GMT 1:00]
Endroit: C:\Documents and Settings\Johann\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Florent\new.txt
C:\Documents and Settings\Florent\ravmonlog
C:\Documents and Settings\Jean-Marie\new.txt
C:\Documents and Settings\Jean-Marie\ravmonlog
C:\Documents and Settings\Johann\ravmonlog
C:\WINDOWS\system32\nshA7C.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-06 to 2008-02-06 ))))))))))))))))))))))))))))))))))))
.

2008-02-06 13:58 . 2008-02-06 13:58 <REP> d-------- C:\Temp\WPDNSE
2008-02-03 15:24 . 2004-02-13 11:59 30,456,330 --a------ C:\WINDOWS\RVS_1.0_1.54_FR.RTP
2008-02-02 18:03 . 2004-01-30 12:13 27,888,581 --a------ C:\WINDOWS\RVS_1.0_1.53_FR.RTP
2008-02-02 18:03 . 2003-11-04 13:30 49,152 --a------ C:\WINDOWS\Iniexpander.exe
2008-02-02 18:03 . 2003-11-04 19:24 1,185 --a------ C:\WINDOWS\1.31.add
2008-02-02 18:03 . 2003-11-04 19:27 216 --a------ C:\WINDOWS\1.50.add
2008-02-02 17:58 . 2008-02-02 17:58 <REP> d-------- C:\Program Files\Ubi Soft
2008-02-02 17:52 . 2008-02-03 15:21 <REP> d-------- C:\Program Files\Red Storm Entertainment
2008-02-01 18:37 . 2008-02-01 18:43 <REP> d-------- C:\vcs5BGEffects
2008-02-01 18:36 . 2008-02-01 20:18 <REP> d-------- C:\Program Files\AV Vcs 6.0 DIAMOND
2008-01-31 18:40 . 2008-02-03 14:16 <REP> d-------- C:\Program Files\Feudalism_at
2008-01-30 13:47 . 2008-01-30 13:47 <REP> d-------- C:\Program Files\FireFly Studios
2008-01-26 15:47 . 2008-01-26 15:47 <REP> d-------- C:\Program Files\THQ
2008-01-23 16:32 . 2008-01-23 16:40 <REP> d-------- C:\Documents and Settings\Johann\Application Data\mIRC
2008-01-19 23:58 . 2008-02-06 15:37 <REP> d-------- C:\Program Files\S2SaTstrat
2008-01-18 22:53 . 2008-01-18 22:53 330,489 --a------ C:\WINDOWS\Revolution Script _Source Uninstaller.exe
2008-01-18 19:32 . 2008-01-18 19:32 <REP> d-------- C:\cstrike
2008-01-18 19:32 . 2001-08-23 15:25 1,706,800 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-01-18 19:32 . 2008-01-18 19:32 86 --a------ C:\WINDOWS\INpact_CSS_Hud_tweaker.INI
2008-01-17 20:24 . 2008-01-17 20:24 <REP> d-------- C:\Documents and Settings\Florence\Application Data\teamspeak2
2008-01-16 12:48 . 2008-01-16 12:48 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-01-16 12:39 . 2008-01-16 12:39 <REP> d-------- C:\Program Files\AxBx
2008-01-15 12:39 . 2008-01-15 12:39 <REP> d-------- C:\Program Files\CCleaner
2008-01-11 15:44 . 2008-01-11 15:46 <REP> d-------- C:\Program Files\eMule
2008-01-11 15:35 . 2008-01-11 15:35 <REP> d-------- C:\Temp\nsxA75.tmp
2008-01-11 15:35 . 2008-01-11 15:35 <REP> d-------- C:\Temp\nshA76.tmp
2008-01-11 15:35 . 2008-01-11 15:35 <REP> d-------- C:\Temp\nsdA78.tmp
2008-01-11 14:18 . 2008-01-11 14:25 <REP> d-------- C:\Temp\nsqA78.tmp
2008-01-11 14:03 . 2008-01-11 14:03 <REP> d-------- C:\Temp\isp94E.tmp
2008-01-10 21:28 . 2008-01-10 21:28 307,200 --a------ C:\Temp\swt-win32-3346.dll
2008-01-10 21:28 . 2008-01-10 21:28 32,768 --a------ C:\Temp\swt-awt-win32-3346.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 16:12 --------- d-----w C:\Program Files\Wanadoo
2008-02-06 16:12 --------- d-----w C:\Program Files\Steam
2008-02-06 14:37 --------- d-----w C:\Program Files\GameSpy Arcade
2008-02-03 14:28 --------- d-----w C:\Program Files\Ubisoft
2008-02-03 14:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-30 19:52 --------- d-----w C:\Documents and Settings\Johann\Application Data\LimeWire
2008-01-27 19:10 --------- d-----w C:\Documents and Settings\Florent\Application Data\LimeWire
2008-01-26 20:10 --------- d-----w C:\Documents and Settings\Jean-Marie\Application Data\LimeWire
2008-01-18 18:16 --------- d-----w C:\Documents and Settings\Johann\Application Data\AVG7
2008-01-18 18:16 --------- d-----w C:\Documents and Settings\Jean-Marie\Application Data\AVG7
2008-01-18 18:16 --------- d-----w C:\Documents and Settings\Florent\Application Data\AVG7
2008-01-18 18:16 --------- d-----w C:\Documents and Settings\Florence\Application Data\AVG7
2008-01-18 18:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-18 18:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-17 06:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-15 11:30 --------- d-----w C:\Program Files\EA GAMES
2008-01-02 14:31 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-02 12:38 --------- d-----w C:\Program Files\Google
2007-12-27 10:06 --------- d-----w C:\Documents and Settings\Florent\Application Data\Media Player Classic
2007-12-19 18:37 80,097 ----a-w C:\WINDOWS\system32\dcads-remove.exe
2007-12-19 18:20 40,731 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe
2007-12-19 17:45 --------- d-----w C:\Documents and Settings\Johann\Application Data\Media Player Classic
2007-12-19 17:44 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-19 17:08 --------- d-----w C:\Documents and Settings\Johann\Application Data\Ahead
2007-12-08 15:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-27 21:09 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-11-17 17:24 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-17 11:48 82,640 ----a-w C:\Documents and Settings\Johann\Application Data\GDIPFONTCACHEV1.DAT
2007-05-14 12:31 82,640 ----a-w C:\Documents and Settings\Florence\Application Data\GDIPFONTCACHEV1.DAT
2007-05-14 12:14 82,640 ----a-w C:\Documents and Settings\Jean-Marie\Application Data\GDIPFONTCACHEV1.DAT
2006-11-09 16:15 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 20:05 68856]
"Steam"="c:\program files\steam\steam.exe" [2007-11-30 19:08 1266936]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-10-25 13:00 185896]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-06-06 10:15 861184]
"NWEReboot"="" []
"nForce Tray Options"="sstray.exe" [2002-11-13 08:34 73728 C:\WINDOWS\system32\sstray.exe]
"MessagerStarter Wanadoo"="C:\PROGRA~1\MESSAG~1\StartMessager.exe" [2003-04-04 15:47 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 15:51 257088]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2002-07-22 17:34 135168]
"LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.exe" [2001-10-09 17:07 818688]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2003-05-23 08:46 24576]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2003-05-23 08:46 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2003-05-23 08:46 53248]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 23:54 160768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]

C:\Documents and Settings\Johann\Menu D‚marrer\Programmes\D‚marrage\
ubisoft register.lnk - C:\Program Files\Ubisoft\Register\schedule.exe [2008-02-03 15:28:53 28672]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-12 15:06:34 113664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\jkkjiji.dll

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 16:11]
R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\si3112r.sys [2006-01-12 11:56]
R2 BackWeb Client - 174112;Securitoo AntiVirus;C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE [2007-08-25 16:53]
R2 F-Secure AVP;F-Secure AVP;C:\Program Files\F-Secure\Anti-Virus\fsavp.sys [2001-05-25 09:44]
R2 F-Secure F-PROT;F-Secure F-PROT;C:\Program Files\F-Secure\Anti-Virus\fsfp.sys [2007-08-26 07:24]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Common\FSfilter.sys [2001-06-28 02:05]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Common\FSgk.sys [2001-06-28 02:05]
R2 F-Secure Orion;F-Secure Orion;C:\Program Files\F-Secure\Anti-Virus\fsorion.sys [2007-08-26 07:24]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Common\FSrec.sys [2001-06-28 02:05]
R2 FSpm;F-Secure Policy Manager;C:\Program Files\F-Secure\Common\FSPM.SYS [2002-01-24 17:55]
R2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;C:\Program Files\F-Secure\fswsclds.exe [2007-08-26 07:26]
R2 HPFECP16;HPFECP16;C:\WINDOWS\system32\drivers\HPFECP16.SYS [1998-08-18 13:03]
S4 Windows Firewall;Windows Firewall;C:\WINDOWS\system32\SVCH0ST.EXE []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{662b8998-93f0-11db-8a68-0090d0b39625}]
\Shell\AutoRun\command - G:\setupSNK.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-06 15:49:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-06 17:25:03
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-06 17:27:02
ComboFix-quarantined-files.txt 2008-02-06 16:26:54
ComboFix2.txt 2007-06-28 13:21:15
ComboFix3.txt 2007-06-26 19:56:34
ComboFix4.txt 2007-06-26 19:15:08
.
2008-01-13 17:14:39 --- E O F ---




On touche au but non ?

Re,

[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

Excuse moi j'ai oublié d'enlever les protections.  

Voilà le rapport combofix:





ComboFix 08-02.05.3 - Johann 2008-02-06 18:19:23.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.597 [GMT 1:00]
Endroit: C:\Documents and Settings\Johann\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Johann\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE
C:\Temp\isp94E.tmp
C:\Temp\nsdA78.tmp
C:\Temp\nshA76.tmp
C:\Temp\nsqA78.tmp
C:\Temp\nsxA75.tmp
C:\WINDOWS\Iniexpander.exe
c:\windows\system32\jkkjiji.dll
.

((((((((((((((((((((((((((((( Fichiers créés 2008-01-06 to 2008-02-06 ))))))))))))))))))))))))))))))))))))
.

2008-02-06 18:18 . 2008-02-06 18:20 53,248 --a------ C:\WINDOWS\PSEXESVC.EXE
2008-02-06 18:06 . 2004-08-03 23:54 400,896 --a------ C:\kmd.exe
2008-02-06 13:58 . 2008-02-06 13:58 <REP> d-------- C:\Temp\WPDNSE
2008-02-03 15:24 . 2004-02-13 11:59 30,456,330 --a------ C:\WINDOWS\RVS_1.0_1.54_FR.RTP
2008-02-02 18:03 . 2004-01-30 12:13 27,888,581 --a------ C:\WINDOWS\RVS_1.0_1.53_FR.RTP
2008-02-02 18:03 . 2003-11-04 19:24 1,185 --a------ C:\WINDOWS\1.31.add
2008-02-02 18:03 . 2003-11-04 19:27 216 --a------ C:\WINDOWS\1.50.add
2008-02-02 17:58 . 2008-02-02 17:58 <REP> d-------- C:\Program Files\Ubi Soft
2008-02-02 17:52 . 2008-02-03 15:21 <REP> d-------- C:\Program Files\Red Storm Entertainment
2008-02-01 18:37 . 2008-02-01 18:43 <REP> d-------- C:\vcs5BGEffects
2008-02-01 18:36 . 2008-02-01 20:18 <REP> d-------- C:\Program Files\AV Vcs 6.0 DIAMOND
2008-01-31 18:40 . 2008-02-03 14:16 <REP> d-------- C:\Program Files\Feudalism_at
2008-01-30 13:47 . 2008-01-30 13:47 <REP> d-------- C:\Program Files\FireFly Studios
2008-01-26 15:47 . 2008-01-26 15:47 <REP> d-------- C:\Program Files\THQ
2008-01-23 16:32 . 2008-01-23 16:40 <REP> d-------- C:\Documents and Settings\Johann\Application Data\mIRC
2008-01-19 23:58 . 2008-02-06 15:37 <REP> d-------- C:\Program Files\S2SaTstrat
2008-01-18 22:53 . 2008-01-18 22:53 330,489 --a------ C:\WINDOWS\Revolution Script _Source Uninstaller.exe
2008-01-18 19:32 . 2008-01-18 19:32 <REP> d-------- C:\cstrike
2008-01-18 19:32 . 2001-08-23 15:25 1,706,800 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-01-18 19:32 . 2008-01-18 19:32 86 --a------ C:\WINDOWS\INpact_CSS_Hud_tweaker.INI
2008-01-17 20:24 . 2008-01-17 20:24 <REP> d-------- C:\Documents and Settings\Florence\Application Data\teamspeak2
2008-01-16 12:48 . 2008-01-16 12:48 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-01-16 12:39 . 2008-01-16 12:39 <REP> d-------- C:\Program Files\AxBx
2008-01-15 12:39 . 2008-01-15 12:39 <REP> d-------- C:\Program Files\CCleaner
2008-01-11 15:44 . 2008-01-11 15:46 <REP> d-------- C:\Program Files\eMule
2008-01-11 15:35 . 2008-01-11 15:35 <REP> d-------- C:\Temp\nsxA75.tmp
2008-01-11 15:35 . 2008-01-11 15:35 <REP> d-------- C:\Temp\nshA76.tmp
2008-01-11 15:35 . 2008-01-11 15:35 <REP> d-------- C:\Temp\nsdA78.tmp
2008-01-11 14:18 . 2008-01-11 14:25 <REP> d-------- C:\Temp\nsqA78.tmp
2008-01-11 14:03 . 2008-01-11 14:03 <REP> d-------- C:\Temp\isp94E.tmp
2008-01-10 21:28 . 2008-01-10 21:28 307,200 --a------ C:\Temp\swt-win32-3346.dll
2008-01-10 21:28 . 2008-01-10 21:28 32,768 --a------ C:\Temp\swt-awt-win32-3346.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 17:12 --------- d-----w C:\Program Files\Wanadoo
2008-02-06 16:12 --------- d-----w C:\Program Files\Steam
2008-02-06 14:37 --------- d-----w C:\Program Files\GameSpy Arcade
2008-02-03 14:28 --------- d-----w C:\Program Files\Ubisoft
2008-02-03 14:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-30 19:52 --------- d-----w C:\Documents and Settings\Johann\Application Data\LimeWire
2008-01-27 19:10 --------- d-----w C:\Documents and Settings\Florent\Application Data\LimeWire
2008-01-26 20:10 --------- d-----w C:\Documents and Settings\Jean-Marie\Application Data\LimeWire
2008-01-18 18:16 --------- d-----w C:\Documents and Settings\Johann\Application Data\AVG7
2008-01-18 18:16 --------- d-----w C:\Documents and Settings\Jean-Marie\Application Data\AVG7
2008-01-18 18:16 --------- d-----w C:\Documents and Settings\Florent\Application Data\AVG7
2008-01-18 18:16 --------- d-----w C:\Documents and Settings\Florence\Application Data\AVG7
2008-01-18 18:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-18 18:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-17 06:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-15 11:30 --------- d-----w C:\Program Files\EA GAMES
2008-01-02 14:31 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-02 12:38 --------- d-----w C:\Program Files\Google
2007-12-27 10:06 --------- d-----w C:\Documents and Settings\Florent\Application Data\Media Player Classic
2007-12-19 18:37 80,097 ----a-w C:\WINDOWS\system32\dcads-remove.exe
2007-12-19 18:20 40,731 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe
2007-12-19 17:45 --------- d-----w C:\Documents and Settings\Johann\Application Data\Media Player Classic
2007-12-19 17:44 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-19 17:08 --------- d-----w C:\Documents and Settings\Johann\Application Data\Ahead
2007-12-08 15:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-27 21:09 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-11-17 17:24 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-17 11:48 82,640 ----a-w C:\Documents and Settings\Johann\Application Data\GDIPFONTCACHEV1.DAT
2007-05-14 12:31 82,640 ----a-w C:\Documents and Settings\Florence\Application Data\GDIPFONTCACHEV1.DAT
2007-05-14 12:14 82,640 ----a-w C:\Documents and Settings\Jean-Marie\Application Data\GDIPFONTCACHEV1.DAT
2006-11-09 16:15 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 20:05 68856]
"Steam"="c:\program files\steam\steam.exe" [2007-11-30 19:08 1266936]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-10-25 13:00 185896]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-06-06 10:15 861184]
"NWEReboot"="" []
"nForce Tray Options"="sstray.exe" [2002-11-13 08:34 73728 C:\WINDOWS\system32\sstray.exe]
"MessagerStarter Wanadoo"="C:\PROGRA~1\MESSAG~1\StartMessager.exe" [2003-04-04 15:47 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 15:51 257088]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2002-07-22 17:34 135168]
"LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.exe" [2001-10-09 17:07 818688]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2003-05-23 08:46 24576]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2003-05-23 08:46 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2003-05-23 08:46 53248]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 23:54 160768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]

C:\Documents and Settings\Johann\Menu D‚marrer\Programmes\D‚marrage\
ubisoft register.lnk - C:\Program Files\Ubisoft\Register\schedule.exe [2008-02-03 15:28:53 28672]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-12 15:06:34 113664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 16:11]
R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\si3112r.sys [2006-01-12 11:56]
R2 BackWeb Client - 174112;Securitoo AntiVirus;C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE [2007-08-25 16:53]
R2 F-Secure AVP;F-Secure AVP;C:\Program Files\F-Secure\Anti-Virus\fsavp.sys [2001-05-25 09:44]
R2 F-Secure F-PROT;F-Secure F-PROT;C:\Program Files\F-Secure\Anti-Virus\fsfp.sys [2007-08-26 07:24]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Common\FSfilter.sys [2001-06-28 02:05]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Common\FSgk.sys [2001-06-28 02:05]
R2 F-Secure Orion;F-Secure Orion;C:\Program Files\F-Secure\Anti-Virus\fsorion.sys [2007-08-26 07:24]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Common\FSrec.sys [2001-06-28 02:05]
R2 FSpm;F-Secure Policy Manager;C:\Program Files\F-Secure\Common\FSPM.SYS [2002-01-24 17:55]
R2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;C:\Program Files\F-Secure\fswsclds.exe [2007-08-26 07:26]
R2 HPFECP16;HPFECP16;C:\WINDOWS\system32\drivers\HPFECP16.SYS [1998-08-18 13:03]
S4 Windows Firewall;Windows Firewall;C:\WINDOWS\system32\SVCH0ST.EXE []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{662b8998-93f0-11db-8a68-0090d0b39625}]
\Shell\AutoRun\command - G:\setupSNK.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-06 15:49:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-06 18:20:19
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-06 18:20:50
ComboFix-quarantined-files.txt 2008-02-06 17:20:40
ComboFix2.txt 2008-02-06 17:12:11
ComboFix3.txt 2008-02-06 16:27:03
ComboFix4.txt 2007-06-28 13:21:15
ComboFix5.txt 2007-06-26 19:56:34
.
2008-01-13 17:14:39 --- E O F ---






Et le rapport hijackthis:





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:21:46, on 06/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\fswsclds.exe
C:\PROGRA~1\SECURI~1\174112\Program\BACKWE~1.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\sstray.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\LXSUPMON.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Johann\Mes documents\jm.conchonnet\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.mi

Recommence avec le script suivant :

Désolé d ema longue absence mais voici les deux rapports que tu m'a demandé:


ComboFix 08-02.05.3 - Johann 2008-02-11 14:38:37.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.608 [GMT 1:00]
Endroit: C:\Documents and Settings\Johann\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Johann\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE
C:\kmd.exe
C:\Temp\isp94E.tmp
C:\Temp\nsdA78.tmp
C:\Temp\nshA76.tmp
C:\Temp\nsqA78.tmp
C:\Temp\nsxA75.tmp
C:\WINDOWS\PSEXESVC.EXE
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\kmd.exe
C:\WINDOWS\PSEXESVC.EXE

.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-11 to 2008-02-11 ))))))))))))))))))))))))))))))))))))
.

2008-02-11 09:34 . 2008-02-11 09:34 <REP> d-------- C:\Temp\WPDNSE
2008-02-09 12:12 . 2008-02-10 14:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-03 15:24 . 2004-02-13 11:59 30,456,330 --a------ C:\WINDOWS\RVS_1.0_1.54_FR.RTP
2008-02-02 18:03 . 2004-01-30 12:13 27,888,581 --a------ C:\WINDOWS\RVS_1.0_1.53_FR.RTP
2008-02-02 18:03 . 2003-11-04 19:24 1,185 --a------ C:\WINDOWS\1.31.add
2008-02-02 18:03 . 2003-11-04 19:27 216 --a------ C:\WINDOWS\1.50.add
2008-02-01 18:37 . 2008-02-01 18:43 <REP> d-------- C:\vcs5BGEffects
2008-02-01 18:36 . 2008-02-01 20:18 <REP> d-------- C:\Program Files\AV Vcs 6.0 DIAMOND
2008-01-23 16:32 . 2008-01-23 16:40 <REP> d-------- C:\Documents and Settings\Johann\Application Data\mIRC
2008-01-19 23:58 . 2008-02-06 15:37 <REP> d-------- C:\Program Files\S2SaTstrat
2008-01-18 22:53 . 2008-01-18 22:53 330,489 --a------ C:\WINDOWS\Revolution Script _Source Uninstaller.exe
2008-01-18 19:32 . 2008-01-18 19:32 <REP> d-------- C:\cstrike
2008-01-18 19:32 . 2001-08-23 15:25 1,706,800 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-01-18 19:32 . 2008-01-18 19:32 86 --a------ C:\WINDOWS\INpact_CSS_Hud_tweaker.INI
2008-01-17 20:24 . 2008-01-17 20:24 <REP> d-------- C:\Documents and Settings\Florence\Application Data\teamspeak2
2008-01-16 12:48 . 2008-01-16 12:48 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-01-15 12:39 . 2008-01-15 12:39 <REP> d-------- C:\Program Files\CCleaner
2008-01-11 15:44 . 2008-02-11 13:39 <REP> d-------- C:\Program Files\eMule
2008-01-11 15:35 . 2008-01-11 15:35 <REP> d-------- C:\Temp\nsxA75.tmp
2008-01-11 15:35 . 2008-01-11 15:35 <REP> d-------- C:\Temp\nshA76.tmp
2008-01-11 15:35 . 2008-01-11 15:35 <REP> d-------- C:\Temp\nsdA78.tmp
2008-01-11 14:18 . 2008-01-11 14:25 <REP> d-------- C:\Temp\nsqA78.tmp
2008-01-11 14:03 . 2008-01-11 14:03 <REP> d-------- C:\Temp\isp94E.tmp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-11 13:37 --------- d-----w C:\Program Files\Wanadoo
2008-02-11 13:27 --------- d-----w C:\Program Files\Microsoft Games
2008-02-11 12:38 --------- d-----w C:\Program Files\Steam
2008-02-09 15:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-09 11:15 --------- d-----w C:\Program Files\Google
2008-02-06 14:37 --------- d-----w C:\Program Files\GameSpy Arcade
2008-01-30 19:52 --------- d-----w C:\Documents and Settings\Johann\Application Data\LimeWire
2008-01-27 19:10 --------- d-----w C:\Documents and Settings\Florent\Application Data\LimeWire
2008-01-26 20:10 --------- d-----w C:\Documents and Settings\Jean-Marie\Application Data\LimeWire
2008-01-18 18:16 --------- d-----w C:\Documents and Settings\Johann\Application Data\AVG7
2008-01-18 18:16 --------- d-----w C:\Documents and Settings\Jean-Marie\Application Data\AVG7
2008-01-18 18:16 --------- d-----w C:\Documents and Settings\Florent\Application Data\AVG7
2008-01-18 18:16 --------- d-----w C:\Documents and Settings\Florence\Application Data\AVG7
2008-01-18 18:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-18 18:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-17 06:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-02 14:31 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-27 10:06 --------- d-----w C:\Documents and Settings\Florent\Application Data\Media Player Classic
2007-12-19 18:37 80,097 ----a-w C:\WINDOWS\system32\dcads-remove.exe
2007-12-19 18:20 40,731 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe
2007-12-19 17:45 --------- d-----w C:\Documents and Settings\Johann\Application Data\Media Player Classic
2007-12-19 17:44 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-19 17:08 --------- d-----w C:\Documents and Settings\Johann\Application Data\Ahead
2007-11-27 21:09 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-11-17 17:24 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-17 11:48 82,640 ----a-w C:\Documents and Settings\Johann\Application Data\GDIPFONTCACHEV1.DAT
2007-05-14 12:31 82,640 ----a-w C:\Documents and Settings\Florence\Application Data\GDIPFONTCACHEV1.DAT
2007-05-14 12:14 82,640 ----a-w C:\Documents and Settings\Jean-Marie\Application Data\GDIPFONTCACHEV1.DAT
2006-11-09 16:15 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 20:05 68856]
"Steam"="c:\program files\steam\steam.exe" [2007-11-30 19:08 1266936]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-10-25 13:00 185896]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-06-06 10:15 861184]
"NWEReboot"="" []
"nForce Tray Options"="sstray.exe" [2002-11-13 08:34 73728 C:\WINDOWS\system32\sstray.exe]
"MessagerStarter Wanadoo"="C:\PROGRA~1\MESSAG~1\StartMessager.exe" [2003-04-04 15:47 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 15:51 257088]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2002-07-22 17:34 135168]
"LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.exe" [2001-10-09 17:07 818688]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2003-05-23 08:46 24576]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2003-05-23 08:46 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2003-05-23 08:46 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-12 15:06:34 113664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-09 12:12:03 125624]

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 16:11]
R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\si3112r.sys [2006-01-12 11:56]
R2 BackWeb Client - 174112;Securitoo AntiVirus;C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE [2007-08-25 16:53]
R2 F-Secure AVP;F-Secure AVP;C:\Program Files\F-Secure\Anti-Virus\fsavp.sys [2001-05-25 09:44]
R2 F-Secure F-PROT;F-Secure F-PROT;C:\Program Files\F-Secure\Anti-Virus\fsfp.sys [2007-08-26 07:24]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Common\FSfilter.sys [2001-06-28 02:05]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Common\FSgk.sys [2001-06-28 02:05]
R2 F-Secure Orion;F-Secure Orion;C:\Program Files\F-Secure\Anti-Virus\fsorion.sys [2007-08-26 07:24]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Common\FSrec.sys [2001-06-28 02:05]
R2 FSpm;F-Secure Policy Manager;C:\Program Files\F-Secure\Common\FSPM.SYS [2002-01-24 17:55]
R2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;C:\Program Files\F-Secure\fswsclds.exe [2007-08-26 07:26]
R2 HPFECP16;HPFECP16;C:\WINDOWS\system32\drivers\HPFECP16.SYS [1998-08-18 13:03]
S4 Windows Firewall;Windows Firewall;C:\WINDOWS\system32\SVCH0ST.EXE []

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-06 15:49:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 14:41:20
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-11 14:43:16
ComboFix-quarantined-files.txt 2008-02-11 13:43:08
ComboFix2.txt 2008-02-06 17:20:50
ComboFix3.txt 2008-02-06 17:12:11
ComboFix4.txt 2008-02-06 16:27:03
ComboFix5.txt 2007-06-28 13:21:15
.
2008-01-13 17:14:39 --- E O F ---















Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:45:20, on 11/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\fswsclds.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\sstray.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\LXSUPMON.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\PROGRA~1\SECURI~1\174112\Program\BACKWE~1.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Johann\Mes documents\jm.conchonnet\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 68.178.211.86 wrhax.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/Dj...
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/Da...{896A23A1-5821-4609-A6C6-6D5536C585C9}
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar....
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher....
O17 - HKLM\System\CCS\Services\Tcpip\..\{933D6120-03DB-416C-8BFF-3A53BCCC5890}: NameServer = 80.10.246.1 81.253.149.2
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Securitoo AntiVirus (BackWeb Client - 174112) - Unknown owner - C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure\fswsclds.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9839 bytes

Mieux ?

Oui j'ai vraiment l'impression que mon PC va mieux. J'ai d enouveau accées aux invite d eocmmande et au gestionnaire de tâche.

Je te remercie de m'avoir aider et te remercie aussi pour ce magnifique post "preventions et protections" que tu as fait.

Allez je t'invite à manger des crépes !

Tu as des questions ?

Je ne pense pas mais si j'en ai je n'hésiterais pas à te demander.

Ok  

Télécharge ToolsCleaner sur ton Bureau.

Clique sur Recherche et laisse le scan se terminer.

Clique sur Suppression pour finaliser.

Clique sur Quitter, pour que le rapport puisse se créer.

Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)

Désactive puis réactive la restauration du système : Voir aide

Ajoute maintenant [Résolu] au titre. Pour cela :
* Clique, dans ton premier message, sur le bouton "Editer"
* Rajoute la mention [Résolu] au titre
* Clique ensuite sur "Valider votre message"

Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :