Win32 Trojan-Gen

Bonjour,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

• Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
• Afin de lancer la recherche, clic sur"Rechercher".
• Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

AIDE : Tuto en images sur MBAM

Nan, pas besoin de reboot

Reposte un rapport Hijackthis.

Alors ça s'annonce comment ?
Merci pour ton aide en tout cas !!!

le voila !!!

ComboFix 08-06-19.4 - kEvaR 2008-06-20 20:56:52.1 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1036.18.1092 [GMT 2:00]
Endroit: C:\Users\kEvaR\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\jkkHYOEu.dll
C:\Windows\system32\pvxrjboy.ini
C:\Windows\system32\rpdwdsxb.ini
C:\Windows\System32\uEOYHkkj.ini
C:\Windows\System32\uEOYHkkj.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-20 to 2008-06-20 ))))))))))))))))))))))))))))))))))))
.

2008-06-21 00:35 . 2008-06-21 00:35 294 ---hs---- C:\Windows\System32\pvxrjboy.ini
2008-06-19 21:55 . 2008-06-19 21:55 <REP> d-------- C:\Program Files\WinSCP
2008-06-19 21:18 . 2008-06-19 21:18 86,016 --------- C:\Windows\System32\yobjrxvp.dll
2008-06-19 19:41 . 2008-06-19 19:41 <REP> d-------- C:\Users\kEvaR\AppData\Roaming\Malwarebytes
2008-06-19 19:41 . 2008-06-19 19:41 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-06-19 19:41 . 2008-06-19 19:41 <REP> d-------- C:\ProgramData\Malwarebytes
2008-06-19 19:41 . 2008-06-19 19:41 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-19 19:41 . 2008-06-10 19:02 34,296 --------- C:\Windows\System32\drivers\mbamcatchme.sys
2008-06-19 19:41 . 2008-06-10 19:02 15,864 --------- C:\Windows\System32\drivers\mbam.sys
2008-06-19 19:40 . 2008-06-19 19:40 <REP> d-------- C:\Users\kEvaR\AppData\Roaming\Download Manager
2008-06-19 18:58 . 2008-06-19 18:58 <REP> d-------- C:\Program Files\Trend Micro
2008-06-16 17:29 . 2008-06-16 17:29 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-06-16 17:28 . 2008-06-16 17:28 <REP> d-------- C:\Program Files\Red Kawa
2008-06-14 19:56 . 2008-06-14 19:56 <REP> d-------- C:\Program Files\Apple Software Update
2008-06-14 18:43 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 18:43 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 18:43 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 18:43 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-13 23:30 . 2008-06-13 23:30 0 --------- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-06-13 22:15 . 2008-06-14 20:10 <REP> d-------- C:\Users\kEvaR\AppData\Roaming\Apple Computer
2008-06-13 22:15 . 2008-06-13 22:15 <REP> d-------- C:\Program Files\iPod
2008-06-13 22:14 . 2008-06-13 22:15 <REP> d-------- C:\Program Files\iTunes
2008-06-13 22:13 . 2008-06-13 22:14 <REP> d-------- C:\Users\All Users\Apple Computer
2008-06-13 22:13 . 2008-06-13 22:14 <REP> d-------- C:\ProgramData\Apple Computer
2008-06-13 22:13 . 2008-06-13 22:14 <REP> d-------- C:\Program Files\QuickTime
2008-06-13 22:12 . 2008-06-13 22:12 <REP> d-------- C:\Users\All Users\Apple
2008-06-13 22:12 . 2008-06-13 22:12 <REP> d-------- C:\ProgramData\Apple
2008-06-13 22:12 . 2008-06-13 22:12 <REP> d-------- C:\Program Files\Common Files\Apple
2008-06-11 11:25 . 2008-04-25 04:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-11 11:25 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 11:25 . 2008-04-25 06:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 11:25 . 2008-05-10 03:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-07 21:24 . 2008-06-07 21:24 0 --------- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-06-06 01:28 . 2008-06-08 14:50 <REP> d-------- C:\Users\kEvaR\AppData\Roaming\LimeWire
2008-06-05 23:05 . 2008-06-05 23:05 <REP> d-------- C:\Users\All Users\Codemasters
2008-06-05 23:05 . 2008-06-05 23:05 <REP> d-------- C:\ProgramData\Codemasters
2008-06-05 23:00 . 2008-03-05 15:56 3,786,760 --------- C:\Windows\System32\D3DX9_37.dll
2008-06-05 23:00 . 2008-03-05 15:56 1,420,824 --------- C:\Windows\System32\D3DCompiler_37.dll
2008-06-05 23:00 . 2008-04-28 15:53 805,400 --------- C:\Windows\System32\tmp4FE1.tmp
2008-06-05 23:00 . 2008-03-05 16:03 479,752 --------- C:\Windows\System32\XAudio2_0.dll
2008-06-05 23:00 . 2008-02-05 23:07 462,864 --------- C:\Windows\System32\d3dx10_37.dll
2008-06-05 23:00 . 2008-03-05 16:03 238,088 --------- C:\Windows\System32\xactengine3_0.dll
2008-06-05 23:00 . 2008-03-05 16:00 25,608 --------- C:\Windows\System32\X3DAudio1_3.dll
2008-06-05 22:59 . 2008-04-28 15:53 805,400 --------- C:\Windows\System32\tmp4FD0.tmp
2008-06-02 20:30 . 2008-06-20 20:46 <REP> d-------- C:\Users\kEvaR\Tracing
2008-05-27 22:45 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-27 22:45 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --------- C:\Windows\System32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --------- C:\Windows\System32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 19:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-19 19:35 --------- d-----w C:\ProgramData\ViaMichelin
2008-06-19 14:18 --------- d-----w C:\Users\kEvaR\AppData\Roaming\Skype
2008-06-19 14:02 --------- d-----w C:\Users\kEvaR\AppData\Roaming\skypePM
2008-06-19 13:38 --------- d-----w C:\Program Files\Everest Poker
2008-06-13 20:14 --------- d-----w C:\Program Files\Bonjour
2008-06-12 01:08 --------- d-----w C:\Program Files\Windows Mail
2008-06-09 17:22 --------- d-----w C:\Users\kEvaR\AppData\Roaming\FileZilla
2008-06-09 16:46 --------- d-----w C:\Program Files\FileZilla Client
2008-06-05 21:00 444,952 ------w C:\Windows\System32\wrap_oal.dll
2008-06-05 21:00 109,080 ------w C:\Windows\System32\OpenAL32.dll
2008-06-05 21:00 --------- d-----w C:\Program Files\OpenAL
2008-06-02 19:59 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-02 19:00 --------- d-----w C:\Program Files\Windows Live
2008-06-01 03:28 --------- d-----w C:\Program Files\Everest Casino
2008-05-19 18:44 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-17 12:30 22,328 ------w C:\Windows\system32\drivers\PnkBstrK.sys
2008-05-17 12:30 107,832 ------w C:\Windows\System32\PnkBstrB.exe
2008-05-16 07:55 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-15 23:18 50,768 ------w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-04 21:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-04 21:05 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-05-03 01:01 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-02 17:32 --------- d-----w C:\Users\kEvaR\AppData\Roaming\ScanSoft
2008-05-02 17:32 --------- d-----w C:\ProgramData\ScanSoft
2008-05-02 17:32 --------- d-----w C:\ProgramData\InstallShield
2008-05-02 17:31 --------- d-----w C:\Program Files\ScanSoft
2008-05-02 17:31 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-05-02 17:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-01 22:07 --------- d-----w C:\Program Files\adslTV
2008-04-23 02:49 --------- d-----w C:\Users\kEvaR\AppData\Roaming\GrabIt
2008-04-21 16:16 0 ------w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-21 11:00 174 --sha-w C:\Program Files\desktop.ini
2008-04-21 10:53 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-21 10:53 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-21 10:53 --------- d-----w C:\Program Files\Windows Journal
2008-04-21 10:53 --------- d-----w C:\Program Files\Windows Defender
2008-04-21 10:53 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-21 10:53 --------- d-----w C:\Program Files\Windows Calendar
2008-04-21 10:44 101,888 ------w C:\Windows\System32\ifxcardm.dll
2008-04-21 10:43 82,432 ------w C:\Windows\System32\axaltocm.dll
2008-04-21 10:23 47,560 ------w C:\Windows\System32\SPReview.exe
2008-04-21 10:23 152,576 ------w C:\Windows\System32\SPWizUI.dll
2008-04-11 15:23 38,400 ------w C:\Windows\System32\SoundSchemes.exe
2008-03-26 18:05 446,976 ------w C:\Windows\System32\ShellMPD.dll
2007-12-19 13:42 32 ----a-w C:\Users\All Users\ezsid.dat
2007-12-19 13:42 32 ----a-w C:\ProgramData\ezsid.dat
2007-11-13 16:32 22,328 ----a-w C:\Users\kEvaR\AppData\Roaming\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-06-03 22:15 3739672]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 05:28 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 21:34 868352]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 12:02 79400]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
"4271af06"="C:\Windows\system32\yobjrxvp.dll" [2008-06-19 21:18 86016]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdcBase.exe" [2007-05-31 10:21 648072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]

C:\Users\kEvaR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MSN Pictures Displayer.lnk - C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2008-03-26 20:05:33 4571136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-444878932-217695702-3584570681-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4593CA59-C2BC-46C6-9E39-DA221B6F2F2D}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{A0E282B4-1F94-41EC-8F28-F50E3E621989}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{E0A28576-9B2F-4F37-8C5C-B77062DF0204}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{CEBEE4A6-3A5F-42BB-A8EC-4315D3256CE2}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{60981EE3-F071-4E9C-A6A9-C092A3B322A4}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{7E2D338A-5FF9-48E4-8DAC-903036D9C157}E:\\emule\\emule.exe"= UDP:E:\emule\emule.exe:eMule
"UDP Query User{7A8162CA-2418-41CA-BE2C-4E647F9EBB8C}E:\\emule\\emule.exe"= TCP:E:\emule\emule.exe:eMule
"TCP Query User{D4755B87-0D5A-40CF-93AB-99246D368754}D:\\abc\\abc.exe"= UDP:\abc\abc.exe:abc
"UDP Query User{7062939E-F6F6-4E72-A212-B17617677BFF}D:\\abc\\abc.exe"= TCP:\abc\abc.exe:abc
"{A40E842C-D2DB-4EA7-91E6-BBC4E14D439D}"= UDP:\Games\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{C14F9D5C-CD6B-4695-BC59-439141A98DB7}"= TCP:\Games\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{6F16F40E-2BE1-4A24-85B7-B3779FA183E1}"= UDP:\Games\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{76FC3BBA-721B-49E5-9964-DF32C67AF0F7}"= TCP:\Games\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"TCP Query User{2F5B1C4C-CD2D-46D5-A506-09DD8DE53DE6}D:\\steam\\steamapps\\kevar_senik\\counter-strike\\hl.exe"= UDP:\steam\steamapps\kevar_senik\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{F44DB5B6-D590-47A0-AD28-E0D6F51EDC61}D:\\steam\\steamapps\\kevar_senik\\counter-strike\\hl.exe"= TCP:\steam\steamapps\kevar_senik\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{16FBC449-B6FD-4FD4-A9EC-01246C1F89EE}D:\\steam\\steam.exe"= UDP:\steam\steam.exe:Steam
"UDP Query User{8FE13A69-EE97-47C9-8C8E-85E1CB750C76}D:\\steam\\steam.exe"= TCP:\steam\steam.exe:Steam
"TCP Query User{BFB59F33-F370-4F09-BDA5-4D421C0A411A}D:\\games\\dirt\\dirt.exe"= UDP:\games\dirt\dirt.exeiRT Executable
"UDP Query User{C639E12C-F3EE-46CB-B976-AA358DE97A26}D:\\games\\dirt\\dirt.exe"= TCP:\games\dirt\dirt.exeiRT Executable
"TCP Query User{56C287C2-1663-41A5-84F4-4EB7B1614E94}D:\\steam\\steamapps\\kevar_senik\\condition zero\\hl.exe"= UDP:\steam\steamapps\kevar_senik\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{D0650B12-4BD0-4D80-9BD7-F579C9B08015}D:\\steam\\steamapps\\kevar_senik\\condition zero\\hl.exe"= TCP:\steam\steamapps\kevar_senik\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{53BD29FC-9B34-45AB-BFC6-FED9F766C456}C:\\program files\\abc\\abc.exe"= UDP:C:\program files\abc\abc.exe:abc
"UDP Query User{09171DE0-9DA7-4490-B634-1F147940C9DE}C:\\program files\\abc\\abc.exe"= TCP:C:\program files\abc\abc.exe:abc
"TCP Query User{7B438B6F-5434-4B76-BF70-6374E24112C6}D:\\games\\lost planet extreme condition\\lostplanetdx10.exe"= UDP:\games\lost planet extreme condition\lostplanetdx10.exe:LostPlanetDx10
"UDP Query User{D704AB03-A0DD-451F-BC0C-82EA0CEF3271}D:\\games\\lost planet extreme condition\\lostplanetdx10.exe"= TCP:\games\lost planet extreme condition\lostplanetdx10.exe:LostPlanetDx10
"TCP Query User{1FA75243-8D6A-4DCF-81AF-42BCFF3E6FE2}G:\\crack\\lostplanetdx9.exe"= UDP:G:\crack\lostplanetdx9.exe:LostPlanetDx9
"UDP Query User{7637F2BB-17EB-4AB2-8E52-E46FEFE5A35C}G:\\crack\\lostplanetdx9.exe"= TCP:G:\crack\lostplanetdx9.exe:LostPlanetDx9
"TCP Query User{D6D03439-E20E-486E-9964-7A904D115B66}G:\\crack\\lostplanetdx10.exe"= UDP:G:\crack\lostplanetdx10.exe:LostPlanetDx10
"UDP Query User{6EF641F8-53E1-4D2D-AF6B-6E6CEE9BD52E}G:\\crack\\lostplanetdx10.exe"= TCP:G:\crack\lostplanetdx10.exe:LostPlanetDx10
"TCP Query User{96913A94-CE4E-4B91-8E16-FAC74CD0E6E4}D:\\games\\lost planet extreme condition\\lostplanetdx9.exe"= UDP:\games\lost planet extreme condition\lostplanetdx9.exe:LostPlanetDx9
"UDP Query User{14723429-4755-4492-B032-B4B99B10BEC8}D:\\games\\lost planet extreme condition\\lostplanetdx9.exe"= TCP:\games\lost planet extreme condition\lostplanetdx9.exe:LostPlanetDx9
"{FDBC3791-218A-4DD7-9633-DC3DD0CA0804}"= UDP:\Games\Stranglehold\Binaries\Retail-Stranglehold.exe:Stranglehold
"{71DD5EB9-D9CD-473D-BC9F-3D4BF6513A20}"= TCP:\Games\Stranglehold\Binaries\Retail-Stranglehold.exe:Stranglehold
"TCP Query User{E3EF6C10-376A-411B-9A6E-19DC26A88806}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{A2655D22-8DDD-4777-8C4F-90DD5A629649}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{FCC4672A-89A0-42A9-956E-020700FDE958}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{D5822315-CC0A-48D0-983E-175E0E425CC0}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{7D509C50-B4C3-4270-A842-AA6919DB3B55}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{250E6FE9-A0C3-4BE3-A8EB-43570ECBD480}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{9CA77D64-7119-4732-809F-ACAC6583D43F}"= UDP:\Games\Crysis\Bin32\Crysis.exe:Crysis_32
"{ADF79E4B-6A06-49A5-87D7-5A369A6853E4}"= TCP:\Games\Crysis\Bin32\Crysis.exe:Crysis_32
"{4C4A34E2-8DBD-4EF6-A83B-ECC87A690CE1}"= UDP:\Games\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{5B834DE3-2775-4756-836C-F19A28B69A0E}"= TCP:\Games\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{808FFF8D-1C01-4127-9590-DB209D19B9F6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{29739777-0E86-418F-82C2-CAE2A8D5B528}"= UDP:\Games\Kane and Lynch Dead Men\kaneandlynch.exe:Kane & Lynch: Dead Men
"{5DC8560F-7631-4453-AD21-AC4E6B18F8E8}"= TCP:\Games\Kane and Lynch Dead Men\kaneandlynch.exe:Kane & Lynch: Dead Men
"{9C31C3BE-CF92-4968-8669-CB28EBC82542}"= UDP:\Games\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{23FFDC3C-C1FA-45C6-BA46-9E794F8DE460}"= TCP:\Games\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{8DFE96B1-FC69-40F4-A1C0-9C8C9D4752E0}"= UDP:D:\Games\Battlefield 2\BF2.exe:Battlefield 2
"{7AB049B2-C86C-4430-B087-9167E45E5CA9}"= TCP:D:\Games\Battlefield 2\BF2.exe:Battlefield 2
"{794CFD8C-BB21-4268-BF74-2716BBB7EAD4}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{0BAC581A-9D94-4BEE-BD9F-D140113C4022}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{DFEB9265-5375-4309-B272-D335F95310A9}C:\\program files\\adsltv\\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv
"UDP Query User{7F982220-7961-4B1A-8935-DC4C2EEDF0E8}C:\\program files\\adsltv\\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv
"TCP Query User{7D45042A-F582-45CF-8F7F-4FC336359E24}C:\\program files\\the all-seeing eye\\eye.exe"= UDP:C:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye
"UDP Query User{C159279E-3925-4ADC-BF01-89D9667FAC5B}C:\\program files\\the all-seeing eye\\eye.exe"= TCP:C:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye
"TCP Query User{144858AC-450F-4E38-B626-7EC38BA06765}C:\\users\\kevar\\desktop\\eye.exe"= UDP:C:\users\kevar\desktop\eye.exe:eye.exe
"UDP Query User{DD9EE265-E29D-4C8A-A792-EC900CACC894}C:\\users\\kevar\\desktop\\eye.exe"= TCP:C:\users\kevar\desktop\eye.exe:eye.exe
"TCP Query User{7C5D2324-48F0-4792-9CE1-7573E8662823}D:\\games\\call of duty 2\\cod2mp_s.exe"= UDP:D:\games\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{BFC9ACA4-1917-479A-9EA5-5CAF5E72CE2A}D:\\games\\call of duty 2\\cod2mp_s.exe"= TCP:D:\games\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{EDD25F34-AFF1-4682-BACF-E688E2F27B45}D:\\steam\\steamapps\\kevar_senik\\counter-strike\\hl.exe"= UDP:D:\steam\steamapps\kevar_senik\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{7F2D9E13-85CC-4143-8745-0945B0A3FA50}D:\\steam\\steamapps\\kevar_senik\\counter-strike\\hl.exe"= TCP:D:\steam\steamapps\kevar_senik\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{AF3D4D91-D89E-4867-B17F-4CA476EA0E5E}E:\\emule\\emule.exe"= UDP:E:\emule\emule.exe:eMule
"UDP Query User{9298F132-F39C-4F01-B27A-FC08D0901880}E:\\emule\\emule.exe"= TCP:E:\emule\emule.exe:eMule
"{45ECD757-44A9-40FB-ADD8-B2D62A8CEB47}"= UDP:D:\Games\LOST\Lost Via Domus\Yeti_Final_Win32.exe:Lost Via Domus Game
"{A8318DB4-4E4B-4136-9C80-0EE1C8CD1F25}"= TCP:D:\Games\LOST\Lost Via Domus\Yeti_Final_Win32.exe:Lost Via Domus Game
"{0EACB1FE-2A26-45A8-92B6-EBF652EB1E2D}"= UDP:D:\Games\LOST\Lost Via Domus\gu.exe:Lost Via Domus Updater
"{F96DF8F2-ADD9-45B7-964D-30EA70300C22}"= TCP:D:\Games\LOST\Lost Via Domus\gu.exe:Lost Via Domus Updater
"{3071754D-0EC0-4E22-BE70-6F3F94CD4F96}"= UDP:D:\Games\LOST\Lost Via Domus\detection\Launcher.exe:Lost Via Domus Requirements Tool
"{C96185F0-74D6-45F2-8FCA-1179B322D567}"= TCP:D:\Games\LOST\Lost Via Domus\detection\Launcher.exe:Lost Via Domus Requirements Tool
"{C7DAC412-96F2-49B5-AD59-D01729F8A1CF}"= UDP:D:\Games\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{A70CA707-6A7D-428D-A937-FA6F0DF687FE}"= TCP:D:\Games\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{088B075D-B0BE-45D2-A27E-68028C7C62A6}"= UDP:D:\Games\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{B6165AF2-D881-4D0A-864F-0EE3AD7971A7}"= TCP:D:\Games\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{DDF8CB46-42C3-41F6-8C25-E18BDEAF5B9B}"= UDP:D:\Games\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{7EDEFC3F-B2C8-4D12-9AE7-1606FEE9B177}"= TCP:D:\Games\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{3ED88077-9A70-4DAD-B0A2-50E75BE4AC26}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{E3BA35F6-2A52-4B23-8B42-B356C92F7357}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{A227EF08-3097-42A8-BF7D-566AFF20C7CF}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{70421EFF-B78C-4479-98C4-4B9699676166}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{D13AFC2F-2BB9-4B1E-B18D-DF4450C993B7}C:\\program files\\freeplayer\\vlc\\vlc.exe"= UDP:C:\program files\freeplayer\vlc\vlc.exe:VLC media player
"UDP Query User{15493773-B1A2-4A0A-AA64-5339A90A2723}C:\\program files\\freeplayer\\vlc\\vlc.exe"= TCP:C:\program files\freeplayer\vlc\vlc.exe:VLC media player
"TCP Query User{5DB95920-0EF8-4B3D-9265-20C4F15FD2B4}F:\\nettool 0.8.exe"= UDP:F:\nettool 0.8.exe:NetTool
"UDP Query User{DB2D50D3-3043-433F-9719-1605EF2EBA03}F:\\nettool 0.8.exe"= TCP:F:\nettool 0.8.exe:NetTool
"TCP Query User{BD4AD5FD-7938-491C-88F2-44A1BE1D1E4B}F:\\nettool 0.8.exe"= UDP:F:\nettool 0.8.exe:NetTool
"UDP Query User{CF029ADA-5A9B-4A4C-A30F-8CE20288EAB5}F:\\nettool 0.8.exe"= TCP:F:\nettool 0.8.exe:NetTool
"TCP Query User{E9D7B322-03D8-4C16-92AB-161EC6EAA440}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{EE76FED4-ED34-4994-A7CB-D4B890CACD58}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{C3108524-DD9D-4DBA-9D61-76887482EA2A}C:\\program files\\adsltv\\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv
"UDP Query User{4D0F8B03-7E14-4F2E-BC19-C227AC2E06C4}C:\\program files\\adsltv\\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv
"{277B92A1-79FD-4DEC-937F-8EAB330E13BF}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"{2DA904F0-D6FA-4007-8A1A-88AF34F47758}"= UDP:D:\Games\GRID\GRID.exe:GRID
"{5C35EF89-D93D-4F61-81EC-AD6A756E3BC8}"= TCP:D:\Games\GRID\GRID.exe:GRID
"{8BAC004D-A462-4445-8B71-641865A3D2E3}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{35527D0E-91EA-490B-9E0A-6900E9AD03C2}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{37FFD859-05C9-4CC5-8335-8CF495708B4B}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{361022B7-0BF8-4123-93CF-C3920F0C92CB}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9A8272DA-E51B-4E2C-9E6D-CD4F2AA5CC94}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{8F308FF5-17C0-469D-AA24-23668EA395C0}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{D4A3AB73-E9D6-4FEE-94EE-1A3320B1AF69}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{FDDFD9DB-4539-4C1A-A19A-5DFBC178F476}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype

R0 pe3ajbeb;L Ile Noyee Environment Driver (pe3ajbeb);C:\Windows\system32\drivers\pe3ajbeb.sys [2007-08-22 18:31]
R0 ps7ajbeb;L Ile Noyee Synchronization Driver (ps7ajbeb);C:\Windows\system32\drivers\ps7ajbeb.sys [2007-08-22 18:30]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-18 23:33]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-18 23:33]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\Windows\system32\drivers\libusb0.sys [2005-03-09 20:50]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2007-09-29 16:51]
S2 pr2ajbeb;L Ile Noyee Drivers Auto Removal (pr2ajbeb);C:\Windows\system32\pr2ajbeb.exe svc []
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2006-06-16 09:30]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-17 14:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
GPSvcGroup REG_MULTI_SZ GPSvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 00:35:28
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Windows\system32\yobjrxvp.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\libusbd-nt.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-21 0:39:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-20 22:39:04

Pre-Run: 50,007,191,552 octets libres
Post-Run: 57,351,192,576 octets libres

323 --- E O F --- 2008-06-18 11:00:06

Re,

Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.

et voila pour HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:11:24, on 21/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Everest Poker\Everest Poker.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\Explorer.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/ [...] rtdgi1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/control [...] der4_5.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: L Ile Noyee Drivers Auto Removal (pr2ajbeb) (pr2ajbeb) - Micro Application - C:\Windows\system32\pr2ajbeb.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7941 bytes

Voili voilou !!!



Avira AntiVir Personal
Report file date: samedi 21 juin 2008 14:51

Scanning for 1349608 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC-DE-KEVAR

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.4.195 2546176 Bytes 14/06/2008 12:49:42
ANTIVIR3.VDF : 7.0.4.232 250880 Bytes 20/06/2008 12:49:44
Engineversion : 8.1.0.59
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.44 278907 Bytes 21/06/2008 12:49:56
AESCN.DLL : 8.1.0.22 119157 Bytes 21/06/2008 12:49:55
AERDL.DLL : 8.1.0.20 418165 Bytes 21/06/2008 12:49:54
AEPACK.DLL : 8.1.1.6 364918 Bytes 21/06/2008 12:49:53
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 21/06/2008 12:49:52
AEHEUR.DLL : 8.1.0.32 1274231 Bytes 21/06/2008 12:49:51
AEHELP.DLL : 8.1.0.15 115063 Bytes 21/06/2008 12:49:48
AEGEN.DLL : 8.1.0.29 307573 Bytes 21/06/2008 12:49:47
AEEMU.DLL : 8.1.0.6 430451 Bytes 21/06/2008 12:49:46
AECORE.DLL : 8.1.0.31 168310 Bytes 21/06/2008 12:49:45
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 21 juin 2008 14:51

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VSSVC.exe' - '1' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'libusbd-nt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'wmdcBase.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'OpWareSE4.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
60 processes with 60 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '11' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\C\Windows\System32\jkkHYOEu.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48c7ff1c.qua'!
C:\QooBox\Quarantine\C\Windows\System32\yobjrxvp.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48beff26.qua'!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Mega>
Begin scan in 'E:\' <eMule>


End of the scan: samedi 21 juin 2008 15:57
Used time: 1:06:29 min

The scan has been done completely.

22327 Scanning directories
563103 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
563101 Files not concerned
2135 Archives were scanned
3 Warnings
2 Notes

Le voila !!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:37:36, on 21/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/ [...] rtdgi1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/control [...] der4_5.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: L Ile Noyee Drivers Auto Removal (pr2ajbeb) (pr2ajbeb) - Micro Application - C:\Windows\system32\pr2ajbeb.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8135 bytes

Ba l'anti virus a detecté 2 virus mis en quarantaine...
Le PC a l'air de tourner rond
que dois je faire de ces fichiers en quarantaine ?
Le log HijackThis est clean ?

Merci beaucoup pour ton aide !!!
Je vais tester ça un moment pour voir si tout tourne rond

Merci !!!