salut Angeldark,
j'ai lu [dossier] prevention et protection et j'ai vu que tu donnais des coups de mains aux personnes en difficultés.voila,mon pc est équipé de windows vista basic, j'ai internet explorer.j'ai attrapé un cheval de troie comme virus, et j'ai fait un avast et un kaspersky qui a détecter les virus mais ils ne veulent pas les traiter ni les suprimé.
je te donne les résultat du hijackthis.
merci de ton aide!!!!
a bientot.

hijackthis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:08:40, on 15/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
C:\Program Files\Orange HSS\systray\systrayapp.exe
C:\Program Files\Orange HSS\Deskboard\deskboard.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Windows\explorer.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Valé\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\windows sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [MSServer] "rundll32.exe" C:\Users\VAL~1\AppData\Local\Temp\efcCvwUM.dll,#1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [2826c118] rundll32.exe "C:\Users\VAL~1\AppData\Local\Temp\pnfdjrwt.dll",b
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{86D4E83F-E95F-4147-B654-0255350728CB}
O4 - HKCU\..\Run: [cmds] "rundll32.exe" C:\Users\VAL~1\AppData\Local\Temp\khFUmKby.dll,c
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 6896 bytes

Bonjour,

Je ne suis pas le seul à désinfecter

Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !

• Télécharge ComboFix (sUBs) sur ton Bureau.
• Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

merci de ton aide !!
voici le raport de ComboFix :

ComboFix 08-05-12.1 - Valé 2008-05-15 15:53:44.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6000.0.1252.1.1036.18.163 [GMT 2:00]
Endroit: C:\Users\Valé\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\PlayMP3z
C:\Program Files\PlayMP3z\uninstall.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 13:59 4,194,304 --sha-w C:\Users\Valé\ntuser.dat
2008-05-15 13:58 4,194,304 --sha-w C:\Users\Valé\ntuser.dat
2008-05-15 13:53 2,097,152 --sha-w C:\Users\Invité\ntuser.dat
2008-05-15 13:53 2,097,152 --sha-w C:\Users\Invité\ntuser.dat
2008-05-15 07:05 --------- d-----w C:\ProgramData\Google Updater
2008-05-14 21:30 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 21:30 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 18:03 164 ----a-w C:\install.dat
2008-05-14 07:38 1,495,112 ----a-w C:\Users\Valé\install_flash_player.exe
2008-05-14 07:38 1,495,112 ----a-w C:\Users\Valé\install_flash_player.exe
2008-05-13 21:28 --------- d-----w C:\ProgramData\ESET
2008-05-13 21:20 --------- d-----w C:\Program Files\Navilog1
2008-05-13 18:27 --------- d---a-w C:\ProgramData\TEMP
2008-05-13 09:42 --------- d-----w C:\Program Files\Google
2008-05-13 06:00 --------- d-----w C:\ProgramData\Prevx
2008-05-13 05:00 --------- d-----w C:\Program Files\Common Files\Panda Software
2008-05-12 16:37 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-11 16:39 --------- d-----w C:\Users\Valé\AppData\Roaming\Mozilla
2008-05-05 17:51 --------- d-----w C:\Program Files\Common Files\BOONTY Shared
2008-04-30 19:23 --------- d-----w C:\Program Files\Microsoft Games
2008-04-28 19:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-25 10:10 --------- d-----w C:\ProgramData\GamesBar
2008-04-21 17:45 --------- d-----w C:\ProgramData\Oberon Media
2008-04-21 08:32 --------- d-----w C:\ProgramData\Logishrd
2008-04-21 08:32 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-04-19 19:49 --------- d-----w C:\Users\Valé\AppData\Roaming\LimeWire
2008-04-17 11:24 --------- d-----w C:\Program Files\Common Files\Oberon Media
2008-04-17 09:29 --------- d-----w C:\ProgramData\Apple Computer
2008-04-17 07:35 --------- d-----w C:\Users\Valé\AppData\Roaming\Apple Computer
2008-04-17 07:33 --------- d-----w C:\Program Files\QuickTime
2008-04-17 07:27 --------- d-----w C:\Program Files\Common Files\Apple
2008-04-17 07:25 --------- d-----w C:\ProgramData\Apple
2008-04-17 07:25 --------- d-----w C:\Program Files\Apple Software Update
2008-04-13 16:49 --------- d-----w C:\Users\Valé\AppData\Roaming\DeepBurner
2008-04-12 09:25 --------- d-----w C:\Users\Valé\AppData\Roaming\PlayFirst
2008-04-12 09:25 --------- d-----w C:\ProgramData\PlayFirst
2008-04-11 12:18 --------- d-----w C:\ProgramData\MumboJumbo
2008-04-01 19:25 --------- d-----w C:\ProgramData\WLInstaller
2008-04-01 19:24 --------- d-s---w C:\Users\Valé\AppData\Roaming\Microsoft
2008-03-27 14:16 15,872 ------w C:\Windows\System32\winskfr.dll
2008-03-27 11:18 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-03-26 18:40 --------- d-----w C:\ProgramData\BOONTY
2008-03-23 08:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-06 09:25 4,103,032 ----a-w C:\Windows\System32\SpoonUninstall.exe
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 16:49 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-01-21 08:40 1,132 ----a-w C:\Users\Valé\AppData\Roaming\wklnhst.dat
2007-12-16 12:51 174 --sha-w C:\Program Files\desktop.ini
2008-01-05 10:55 2,516 --sha-w C:\Windows\System32\KGyGaAvL.sys
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"Sidebar"="C:\Program Files\windows sidebar\sidebar.exe" [2008-01-10 10:00 1232896]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-12 22:01 68856]
"RunSpySweeperScheduleAtStartup"="C:\Windows\system32\msfeedssync.exe" [2006-11-02 11:45 12288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-12 18:39 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-05-12 22:00:50 124400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\Acer\EMPOWE~1\eMode\PCM\Kernel\Burner\MKDMP3Enc.ACM

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide d'Adobe Reader.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lancement rapide d'Adobe Reader.lnk
backup=C:\Windows\pss\Lancement rapide d'Adobe Reader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
--a------ 2007-01-24 10:27 319488 C:\Acer\Empowering Technology\SysMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
--a------ 2007-02-15 18:39 151552 C:\Acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apanel]
C:\ACERSW\config\NewSetApanel.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-05-12 18:39 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
--a------ 2006-11-24 21:20 622592 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
--a------ 2007-02-07 00:04 464168 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2005-03-17 20:30 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Installation Diagnostics]
--a------ 2006-11-04 11:52 126976 C:\Program Files\Brother\Brmfl06a\Brinstck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPTENET_GUI]
--a------ 2006-12-20 11:14 404536 C:\PROGRA~1\CONTRO~1\bin\optgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]
--a------ 2007-07-24 20:03 102400 C:\Program Files\Orange HSS\SessionManager\SessionManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2005-03-17 20:17 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2007-01-12 21:24 151552 C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-03-23 13:04 4423680 C:\Windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
--a------ 2006-09-25 15:00 49152 C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-10 10:00 1232896 C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-10-14 11:22 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystrayORAHSS]
--a------ 2007-07-24 20:55 94208 C:\Program Files\Orange HSS\Systray\SystrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
--a------ 2006-11-05 21:48 57344 C:\Acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-12-16 08:18 1006264 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{27A992E8-3191-4058-BDC4-1321D34A3BBD}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{825364F4-5206-4106-9837-CCC9FB893293}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7544676B-122D-44D9-B6F1-22A42CF36183}"= UDP:C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{1A18564B-6511-4C7F-B95E-0AD529D9AAFD}"= TCP:C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{EFE8DCAE-7635-4074-8040-2F5EFE92AEF2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{CC2F451E-58E2-4CEB-9778-9889EF6753B5}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{A092B5EF-2A9E-457D-AFDD-83032F337ECE}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{D25745B1-95F3-4832-A669-FF44238389F0}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{9EF2A851-2043-44C5-96F7-13B14F4D4751}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{0D88BB8A-3781-421D-90A8-4A0A17CCE82C}C:\\users\\valé\\desktop\\emule.exe"= UDP:C:\users\valé\desktop\emule.exe:emule.exe
"UDP Query User{E28ED3C4-CBEC-4878-B4A3-4C80FBA2B731}C:\\users\\valé\\desktop\\emule.exe"= TCP:C:\users\valé\desktop\emule.exe:emule.exe
"{FD296680-6964-4303-B774-A71048275A9B}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{74800000-A9BE-4677-A665-C95407F31A35}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{4000FA29-C2F3-483D-8770-8B6E182F43D7}C:\\program files\\microsoft games\\age of empires ii trial\\empires2.exe"= UDP:C:\program files\microsoft games\age of empires ii trial\empires2.exe:Age of Empires II
"UDP Query User{C9ABFA1D-2067-48E1-93E5-C7A1C51B73F6}C:\\program files\\microsoft games\\age of empires ii trial\\empires2.exe"= TCP:C:\program files\microsoft games\age of empires ii trial\empires2.exe:Age of Empires II
"TCP Query User{BEEBB5A9-D3D6-42D6-A8DD-7B32CDBE31B8}C:\\program files\\atari\\act of war - direct action\\actofwar.exe"= UDP:C:\program files\atari\act of war - direct action\actofwar.exe:ACTOFWAR
"UDP Query User{433E1A6D-84ED-4539-B7FB-C420C3246243}C:\\program files\\atari\\act of war - direct action\\actofwar.exe"= TCP:C:\program files\atari\act of war - direct action\actofwar.exe:ACTOFWAR
"{705A1F68-7AD4-457B-BA4C-CFB94991DF8A}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{3A821033-8E50-41D1-81DC-94F818A78F94}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{6B2C169B-6A3F-4D8C-9F33-F8B7C43AC420}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{4A341FDE-7435-4EF9-BEF9-F3501FB00517}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{B1EC8C9E-2ADA-4A2D-8DD3-581054046069}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{6552E66E-61C9-4A58-A233-D649EFF1CCB4}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\Orange HSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 05:22]
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-12 18:36]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-12 18:37]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 16:04]
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 22:46]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-31 09:22]
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2008-05-05 19:51]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 22:46]
S4 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
S4 OPTENET_FILTER;Orange Contrôle Parental;C:\Program Files\Controle Parental\bin\optproxy.exe [2006-12-21 20:15]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7e75b1e-1381-11dd-b847-001c2531a75a}]
\shell\Auto\command - cmd /C launch.bat
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-15 13:36:11 C:\Windows\Tasks\User_Feed_Synchronization-{86D4E83F-E95F-4147-B654-0255350728CB}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 15:58:34
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background??s

Balayage des fichiers cachés ...


C:\Users\Valé\AppData\Local\Microsoft\Messenger\rachel-79@hotmail.fr\SharingMetadata\Working\database_4E28_26DB_2826_C1B7\$db_clean$ 0 bytes

Scan terminé avec succès
Les fichiers cachés: 1

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\Windows\system32\winlogon.exe
-> C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll

PROCESS: C:\Windows\system32\lsass.exe
-> C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
-> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
.
Temps d'accomplissement: 2008-05-15 16:01:05
ComboFix-quarantined-files.txt 2008-05-15 14:00:58

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

229 --- E O F --- 2008-05-14 21:30:41

Re,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

• Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
• Afin de lancer la recherche, clic sur"Rechercher".
• Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

AIDE : Tuto en images sur MBAM

ok le Malwarebyte's Anti-Malware est en route et il a deja trouver 2 éléments infectés, je te donne le rapport dés que c'est fini.

No problem

re voila le rapport :

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 752

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 130017
Temps écoulé: 16 minute(s), 43 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 14

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Mirar (AdWare.Mirar) -> No action taken.
HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\Software\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winvi (Adware.SoftMate) -> No action taken.
HKEY_CURRENT_USER\Software\winvi (Adware.SoftMate) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\winvi (Adware.SoftMate) -> No action taken.
C:\Program Files\winvi\dsktp (Adware.SoftMate) -> No action taken.
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> No action taken.
C:\Users\Valé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> No action taken.

Fichier(s) infecté(s):
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\winvi\Uninst.exe (Adware.SoftMate) -> No action taken.
C:\Program Files\winvi\version.ini (Adware.SoftMate) -> No action taken.
C:\Program Files\winvi\dsktp\AC_RunActiveContent.js (Adware.SoftMate) -> No action taken.
C:\Program Files\winvi\dsktp\desktop.html (Adware.SoftMate) -> No action taken.
C:\Program Files\winvi\dsktp\internetDetection.swf (Adware.SoftMate) -> No action taken.
C:\Program Files\winvi\dsktp\settings.sol (Adware.SoftMate) -> No action taken.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk (Adware.PlayMP3Z) -> No action taken.

salut angeldark !
j'ai refait un malwarebytes ce matin et voila le resultat :
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 755

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 132926
Temps écoulé: 24 minute(s), 29 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Reposte un rapport Hijackthis.

re,

voila le nouveau rapport de hijackthis:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:07:53, on 16/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
C:\Program Files\Orange HSS\systray\systrayapp.exe
C:\Program Files\Orange HSS\Deskboard\deskboard.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Orange HSS\browser\browser.exe
C:\Users\Valé\Desktop\anti-virus\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\windows sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{86D