probleme C.I.D [résolu]

Logfile of HijackThis v1.99.1
Scan saved at 15:36:12, on 18/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\vVX3000.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Documents and Settings\PROPRIETAIRE\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com//
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffe [...] ftPane.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] "C:\PROGRA~1\Wanadoo\GestMaj.exe" TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [{BD-D0-0A-AB-DW}] C:\windows\system32\rpwnw64k.exe DWbrk03
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\mcntotdl.exe DWbrk03
O4 - HKLM\..\Run: [Base frag grid bows] C:\Documents and Settings\All Users\Application Data\Cast ping base frag\Junk each.exe
O4 - HKCU\..\Run: [WOOKIT] "C:\PROGRA~1\Wanadoo\Shell.exe" appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [sarzrqoxe] c:\windows\system32\sarzrqoxe.exe sarzrqoxe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\World of Warcraft\Curse\CurseClient.exe
O4 - HKCU\..\Run: [Jugs skip] C:\DOCUME~1\PROPRI~1\APPLIC~1\DATEFL~1\software way amen.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\mcntotdl.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rpwnw64k.exe
O4 - Startup: IMVU.lnk = G:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: Registration Prince of Persia l'Ame du Guerrier.LNK = C:\Program Files\Ubisoft\Prince of Persia l'Ame du Guerrier\Support\Register\RegistrationReminder.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\PROPRIETAIRE\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-B [...] E_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 1176820046
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn. [...] tPkMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)

merci beaucoup de ta reponse voici le rapport de lopR.txt :

--------------------\\ Lop S&D 4.2.3-0 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : PROPRIETAIRE ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 18/08/2008 | 22:05:45 ] [ PC : TOOLS-728F16051 (Proc:x86) ]
[ MAJ : 17-08-2008 | 01:58 ]

--------------------\\ Listing des dossiers dans APPLIC~1

[16/04/2008|08:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[03/04/2007|11:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[06/05/2008|21:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[25/12/2007|13:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
[29/06/2008|20:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[05/08/2008|15:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag
[03/04/2007|12:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[16/06/2008|20:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Funcom
[19/11/2007|18:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[07/11/2007|22:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[22/06/2008|22:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[26/07/2008|20:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
[05/08/2008|17:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[05/09/2007|19:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[11/03/2008|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[04/07/2008|21:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
[15/07/2008|21:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Player Metaboli
[26/06/2008|23:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
[29/08/2007|22:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[23/12/2007|13:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[15/07/2008|21:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[07/07/2008|13:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TrackMania
[06/06/2007|20:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[08/06/2007|08:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[05/09/2007|19:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
[14/12/2007|20:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
[18/08/2008|19:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[08/03/2008|20:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[03/04/2007|12:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[03/04/2007|10:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[09/06/2007|16:28] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[03/04/2007|10:45] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[23/05/2008|18:26] C:\DOCUME~1\PROPRI~1\APPLIC~1\Adobe
[17/08/2007|11:42] C:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeUM
[08/06/2007|19:46] C:\DOCUME~1\PROPRI~1\APPLIC~1\Ahead
[06/05/2008|21:50] C:\DOCUME~1\PROPRI~1\APPLIC~1\Apple Computer
[23/12/2007|13:04] C:\DOCUME~1\PROPRI~1\APPLIC~1\BitDefender
[05/08/2008|17:00] C:\DOCUME~1\PROPRI~1\APPLIC~1\Dateflagsecond
[03/04/2007|12:34] C:\DOCUME~1\PROPRI~1\APPLIC~1\desktop.ini
[06/06/2008|13:14] C:\DOCUME~1\PROPRI~1\APPLIC~1\GetRightToGo
[23/06/2007|21:50] C:\DOCUME~1\PROPRI~1\APPLIC~1\Google
[08/03/2008|20:56] C:\DOCUME~1\PROPRI~1\APPLIC~1\Identities
[29/08/2007|22:49] C:\DOCUME~1\PROPRI~1\APPLIC~1\Lavasoft
[23/12/2007|12:45] C:\DOCUME~1\PROPRI~1\APPLIC~1\Leadertech
[30/04/2008|20:34] C:\DOCUME~1\PROPRI~1\APPLIC~1\Macromedia
[21/08/2007|23:31] C:\DOCUME~1\PROPRI~1\APPLIC~1\MessengerSkinner
[20/06/2008|21:11] C:\DOCUME~1\PROPRI~1\APPLIC~1\Microsoft
[21/06/2008|14:32] C:\DOCUME~1\PROPRI~1\APPLIC~1\Momindum Studio
[17/10/2007|19:25] C:\DOCUME~1\PROPRI~1\APPLIC~1\Samsung
[19/11/2007|18:29] C:\DOCUME~1\PROPRI~1\APPLIC~1\SecuROM
[08/11/2007|17:00] C:\DOCUME~1\PROPRI~1\APPLIC~1\Sun
[10/06/2007|07:52] C:\DOCUME~1\PROPRI~1\APPLIC~1\teamspeak2
[13/03/2008|17:41] C:\DOCUME~1\PROPRI~1\APPLIC~1\WinRAR
[08/03/2008|20:56] C:\DOCUME~1\PROPRI~1\APPLIC~1\Zylom

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[18/08/2008 22:00][--ah-----] C:\WINDOWS\tasks\BC82A34591C945F1.job
[03/06/2008 21:31][--ah-----] C:\WINDOWS\tasks\Microsoft_Hardware_Launch_setup_exe.job
[18/08/2008 14:18][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 14:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

( BC82A34591C945F1.job )=( c:\docume~1\propri~1\applic~1\datefl~1\magskeepweb.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[05/08/2008|15:14] C:\Program Files\3wPlayer
[23/12/2007|12:45] C:\Program Files\Adobe
[24/09/2007|14:27] C:\Program Files\Ahead
[07/11/2007|23:17] C:\Program Files\Alwil Software
[16/06/2007|12:57] C:\Program Files\Ascaron Entertainment
[19/08/2007|08:25] C:\Program Files\Bethesda Softworks
[23/12/2007|13:04] C:\Program Files\BitDefender
[05/08/2008|17:53] C:\Program Files\BitTorrent Fastest Tool
[29/06/2008|20:11] C:\Program Files\Boonty
[18/07/2008|16:11] C:\Program Files\BoontyGames
[18/06/2008|15:41] C:\Program Files\Common Files
[03/04/2007|10:42] C:\Program Files\ComPlus Applications
[05/08/2008|15:14] C:\Program Files\Conduit
[05/08/2008|15:14] C:\Program Files\Dateflagsecond
[16/12/2007|19:26] C:\Program Files\directx
[07/07/2008|19:22] C:\Program Files\DivX
[21/01/2008|16:03] C:\Program Files\Empire Interactive
[16/08/2008|18:29] C:\Program Files\eMule
[05/08/2008|18:49] C:\Program Files\Fichiers communs
[06/06/2007|16:51] C:\Program Files\Futuremark
[26/06/2008|23:03] C:\Program Files\GamesBar
[19/11/2007|18:26] C:\Program Files\Google
[31/07/2007|19:40] C:\Program Files\GUILD WARS
[29/08/2007|22:54] C:\Program Files\Hitman Pro
[19/07/2008|10:20] C:\Program Files\InstallShield Installation Information
[15/08/2008|01:02] C:\Program Files\Internet Explorer
[07/06/2007|01:40] C:\Program Files\Inventel
[07/05/2008|17:23] C:\Program Files\iPod
[07/05/2008|17:31] C:\Program Files\iTunes
[02/12/2007|08:50] C:\Program Files\Java
[07/11/2007|19:29] C:\Program Files\Maxis
[15/08/2008|01:05] C:\Program Files\Messenger
[16/08/2008|12:45] C:\Program Files\Messenger Plus! Live
[22/05/2008|21:29] C:\Program Files\Micro Application
[07/06/2007|02:25] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[03/04/2007|10:45] C:\Program Files\microsoft frontpage
[20/06/2008|21:22] C:\Program Files\Microsoft Games
[03/06/2008|21:34] C:\Program Files\Microsoft LifeCam
[23/05/2008|09:12] C:\Program Files\Microsoft Silverlight
[22/05/2008|21:20] C:\Program Files\Movie Maker
[06/06/2007|21:17] C:\Program Files\MSBuild
[07/11/2007|21:11] C:\Program Files\MSN
[03/04/2007|10:41] C:\Program Files\MSN Gaming Zone
[03/04/2007|11:36] C:\Program Files\MSXML 4.0
[06/06/2007|21:25] C:\Program Files\MSXML 6.0
[03/04/2007|10:43] C:\Program Files\NetMeeting
[03/04/2007|10:42] C:\Program Files\Online Services
[26/06/2008|23:03] C:\Program Files\orange
[14/06/2007|07:59] C:\Program Files\Outlook Express
[18/07/2008|16:09] C:\Program Files\Player Metaboli
[06/05/2008|21:49] C:\Program Files\QuickTime
[13/10/2007|19:44] C:\Program Files\Realtek
[06/06/2007|21:14] C:\Program Files\Reference Assemblies
[29/09/2007|16:50] C:\Program Files\Samsung
[03/04/2007|10:43] C:\Program Files\Services en ligne
[29/08/2007|22:56] C:\Program Files\Spybot - Search & Destroy
[20/06/2008|21:24] C:\Program Files\Sudden Strike II
[13/10/2007|18:36] C:\Program Files\SystemRequirementsLab
[10/06/2007|07:52] C:\Program Files\Teamspeak2_RC2
[23/12/2007|16:47] C:\Program Files\THQ
[13/07/2007|13:50] C:\Program Files\TLC-Edusoft
[06/08/2008|18:37] C:\Program Files\torrent_search
[05/07/2008|17:32] C:\Program Files\Trymedia
[18/08/2008|15:34] C:\Program Files\TUGZip
[21/06/2008|16:59] C:\Program Files\UbiSoft
[03/04/2007|10:50] C:\Program Files\Uninstall Information
[18/08/2008|14:19] C:\Program Files\Wanadoo
[07/06/2007|01:59] C:\Program Files\Wanadoo Messager
[27/10/2007|21:08] C:\Program Files\Warcraft III
[05/07/2007|23:56] C:\Program Files\Windows Journal Viewer
[05/09/2007|19:38] C:\Program Files\Windows Live
[02/12/2007|08:46] C:\Program Files\Windows Live Favorites
[02/12/2007|08:46] C:\Program Files\Windows Live Toolbar
[06/06/2007|21:13] C:\Program Files\Windows Media Connect 2
[06/06/2007|21:13] C:\Program Files\Windows Media Player
[03/04/2007|10:41] C:\Program Files\Windows NT
[03/04/2007|10:44] C:\Program Files\WindowsUpdate
[06/08/2008|18:36] C:\Program Files\WinRAR
[14/12/2007|20:19] C:\Program Files\WinZip
[23/07/2008|14:59] C:\Program Files\World of Warcraft
[03/04/2007|10:45] C:\Program Files\xerox
[16/04/2008|09:00] C:\Program Files\Zylom Games

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[23/12/2007|12:45] C:\Program Files\Fichiers communs\Adobe
[03/04/2007|11:23] C:\Program Files\Fichiers communs\Ahead
[23/12/2007|13:04] C:\Program Files\Fichiers communs\BitDefender
[02/06/2008|10:15] C:\Program Files\Fichiers communs\Blizzard Entertainment
[29/06/2008|20:12] C:\Program Files\Fichiers communs\BOONTY Shared
[07/06/2007|01:57] C:\Program Files\Fichiers communs\FDEUnInstaller.exe
[22/06/2008|22:42] C:\Program Files\Fichiers communs\InstallShield
[16/07/2007|15:41] C:\Program Files\Fichiers communs\Java
[20/06/2008|21:30] C:\Program Files\Fichiers communs\Microsoft Shared
[03/04/2007|10:43] C:\Program Files\Fichiers communs\MSSoap
[03/04/2007|11:32] C:\Program Files\Fichiers communs\Nero
[26/06/2008|23:03] C:\Program Files\Fichiers communs\Oberon Media
[03/04/2007|12:35] C:\Program Files\Fichiers communs\ODBC
[03/04/2007|10:43] C:\Program Files\Fichiers communs\Services
[03/04/2007|12:34] C:\Program Files\Fichiers communs\SpeechEngines
[20/06/2008|19:08] C:\Program Files\Fichiers communs\Symantec Shared
[14/06/2007|07:59] C:\Program Files\Fichiers communs\System
[05/03/2008|19:33] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 42 Processus )

iexplore.exe ~ [PID:2516] ~ [Threads:15]
iexplore.exe ~ [PID:3316] ~ [Threads:32]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cast ping base frag\Junk each.exe
C:\DOCUME~1\PROPRI~1\APPLIC~1\datefl~1
C:\DOCUME~1\PROPRI~1\APPLIC~1\datefl~1\fgpjlkzs.exe
C:\Program Files\datefl~1
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\3wPlayer.zip
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\HtmlControl.dll
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\msgpl_25c0.tmp
C:\Program Files\BitTorrent Fastest Tool
C:\Program Files\BitTorrent Fastest Tool\3wPlayer-2.0.0.0-setup.exe
C:\Program Files\BitTorrent Fastest Tool\BitP.exe
C:\Program Files\BitTorrent Fastest Tool\INSTALL.LOG
C:\Program Files\3wPlayer
C:\DOCUME~1\PROPRI~1\Cookies\proprietaire@advertstream[1].txt
C:\DOCUME~1\PROPRI~1\Cookies\proprietaire@adultfriendfinder[2].txt
C:\DOCUME~1\PROPRI~1\Cookies\proprietaire@adopt.euroclick[1].txt
C:\DOCUME~1\PROPRI~1\Cookies\proprietaire@pacificpoker[1].txt
C:\DOCUME~1\PROPRI~1\Cookies\proprietaire@partypoker[2].txt
C:\DOCUME~1\PROPRI~1\Cookies\proprietaire@32vegas[1].txt
C:\DOCUME~1\PROPRI~1\Cookies\proprietaire@banner.32vegas[2].txt
C:\WINDOWS\Tasks\BC82A34591C945F1.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jugs skip"="C:\\DOCUME~1\\PROPRI~1\\APPLIC~1\\DATEFL~1\\software way amen.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Base frag grid bows"="C:\\Documents and Settings\\All Users\\Application Data\\Cast ping base frag\\Junk each.exe"

--------------------\\ Verification du fichier Hosts

Fichier Hosts MODIFIE

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

-> 72 [ 70 ## added by CiD ]

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 22:06:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
C:\DOCUME~1\PROPRI~1\LOCALS~1\APPLIC~1\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 864 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden files: 1009

--------------------\\ Recherche d'autres infections

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sarzrqoxe"="c:\\windows\\system32\\sarzrqoxe.exe sarzrqoxe"

C:\DOCUME~1\PROPRI~1\APPLIC~1\MessengerSkinner
C:\DOCUME~1\PROPRI~1\APPLIC~1\MessengerSkinner\Userdata
C:\WINDOWS\System32\nvs2.inf
==> EGDACCESS <==



[F:8073][D:1319]-> C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
[F:236][D:0]-> C:\DOCUME~1\PROPRI~1\Cookies
[F:4227][D:219]-> C:\DOCUME~1\PROPRI~1\LOCALS~1\TEMPOR~1\content.IE5

--------------------\\ Fin du rapport a 22:10:27,84

re

1

Relance Lop S&D

• Choisis cette fois ci l'Option 2 ( Suppression )

• Ne ferme pas la fenêtre lors de la suppression !

• Poste le rapport généré ( C:\lopR.txt )

( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )

2

Double clique sur le raccourci de Navilog1 présent sur ton Bureau.
Suis les instructions. Choisis ensuite l'option 2 puis valide.
Laisse toi guider et réponds aux questions éventuelles.

L'utilitaire va t'informer qu'il va redémarrer l'ordinateur.
**Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts**
Appuie maintenant sur une touche, comme demandé.
(si ton PC ne redémarre pas automatiquement, fais-le manuellement)

Patiente jusqu'à l'apparition de ce message :
"*** Nettoyage Termine le ..... ***"

Le Bloc-notes va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver.
Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

Poste le rapport sauvegardé auparavant (C:\cleannavi.txt)
Ainsi qu'un nouveau rapport Hijackthis.

Ferme Internet Explorer puis Démarrer/Panneau de Configuration/Options Internet.
Choisis l'onglet Contenu puis onglet Certificats.
Si tu trouves les programmes suivant (en particulier dans Editeurs approuvés), Dis-le moi :

VIP


3

Rends toi sur ce lien : Virus Total

• Clique sur Parcourir
• Rends toi jusque sur ce fichier si tu le trouves :

c:\windows\system32\sarzrqoxe.exe

• Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
• Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
• Lorsque l'analyse est terminée ("Situation actuelle: terminé" ), clique sur Formaté
• Une nouvelle fenêtre de ton navigateur va apparaître
• Clique alors sur cette image :
• Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
• Enfin colle le résultat dans ta prochaine réponse.

Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.

voici le rapport de Navilog1 :

Clean Navipromo version 3.6.4 commencé le 19/08/2008 à 0:06:43,01

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "PROPRIETAIRE"

Mise à jour le 16.08.2008 à 22h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur


*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\PROPRIETAIRE\locals~1\applic~1" *



*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\PROPRIETAIRE\applic~1" ***

...\MessengerSkinner ...suppression...
...\MessengerSkinner supprimé !


*** Suppression dossiers dans "C:\Documents and Settings\PROPRIETAIRE\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\PROPRIETAIRE\menudm~1\progra~1" ***



*** Suppression fichiers ***

C:\WINDOWS\system32\nvs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\PROPRIETAIRE\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


* Dans "C:\Documents and Settings\PROPRIETAIRE\locals~1\applic~1" *


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Clés RUN orphelines Navipromo ***
!! Résultats temporairement non pris en charge !!
!! Les clés trouvées ne sont pas forcément infectées !!

Clés trouvés :

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sarzrqoxe"="c:\\windows\\system32\\sarzrqoxe.exe sarzrqoxe"


*** Nettoyage terminé le 19/08/2008 à 0:14:33,10 ***

désolé mais pour VIP je n'es pas trouvé le fichier c:\windows\system32\sarzrqoxe.exe. est-ce important ?? merci de ton aide jusque ici !!

boujour voici le rapport ComboFix :

ComboFix 08-08-18.04 - PROPRIETAIRE 2008-08-20 13:14:02.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.598 [GMT 2:00]
Endroit: C:\Documents and Settings\PROPRIETAIRE\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\PROPRIETAIRE\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
C:\Documents and Settings\PROPRIETAIRE\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
C:\Documents and Settings\PROPRIETAIRE\UserData
C:\Documents and Settings\PROPRIETAIRE\UserData\4G0I5C6E\historySearchPos[1].xml
C:\Documents and Settings\PROPRIETAIRE\UserData\4G0I5C6E\oWindowsUpdate[1].xml
C:\Documents and Settings\PROPRIETAIRE\UserData\7ALYYKPH\advstNetId[1].xml
C:\Documents and Settings\PROPRIETAIRE\UserData\7ALYYKPH\Tdy58[1].xml
C:\Documents and Settings\PROPRIETAIRE\UserData\A65J95WO\iconState[2].xml
C:\Documents and Settings\PROPRIETAIRE\UserData\index.dat
C:\Documents and Settings\PROPRIETAIRE\UserData\TJ9F97WM\historySitePos[1].xml
C:\Documents and Settings\PROPRIETAIRE\UserData\TJ9F97WM\showHideState[2].xml
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\zxdnt3d.cfg

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-20 to 2008-08-20 ))))))))))))))))))))))))))))))))))))
.

2008-08-18 22:13 . 2008-08-19 00:14 <REP> d-------- C:\Program Files\Navilog1
2008-08-18 22:05 . 2008-08-19 00:00 <REP> d-------- C:\Lop SD
2008-08-18 15:34 . 2008-08-18 15:34 <REP> d-------- C:\Program Files\TUGZip
2008-08-18 15:34 . 2007-03-12 23:34 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-08-18 15:34 . 2007-03-12 23:34 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-08-18 15:34 . 2007-03-12 23:34 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-08-15 00:08 . 2008-08-15 00:08 230,424 --a------ C:\img2-002.raw
2008-08-05 17:10 . 2008-08-05 17:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-05 16:14 . 2008-08-05 16:14 152,147 --a------ C:\WINDOWS\system32\g80.exe
2008-08-05 15:14 . 2008-08-06 18:37 <REP> d-------- C:\Program Files\torrent_search
2008-08-05 15:14 . 2008-08-05 15:14 <REP> d-------- C:\Program Files\Conduit

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-20 11:23 --------- d-----w C:\Program Files\Wanadoo
2008-08-20 11:22 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-08-20 00:15 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-18 17:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-16 16:29 --------- d-----w C:\Program Files\eMule
2008-08-16 10:45 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-07-23 12:59 --------- d-----w C:\Program Files\World of Warcraft
2008-07-19 08:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 14:11 --------- d-----w C:\Program Files\BoontyGames
2008-07-18 14:09 --------- d-----w C:\Program Files\Player Metaboli
2008-07-15 19:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Player Metaboli
2008-07-15 19:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-07 20:18 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 17:22 --------- d-----w C:\Program Files\DivX
2008-07-07 11:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-07-05 15:32 --------- d-----w C:\Program Files\Trymedia
2008-07-04 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-06-29 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOONTY
2008-06-29 18:12 --------- d-----w C:\Program Files\Fichiers communs\BOONTY Shared
2008-06-29 18:11 --------- d-----w C:\Program Files\Boonty
2008-06-26 21:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-06-26 21:03 --------- d-----w C:\Program Files\orange
2008-06-26 21:03 --------- d-----w C:\Program Files\GamesBar
2008-06-26 21:03 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2008-06-25 19:34 86,792 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-06-24 16:30 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-22 20:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-06-22 20:42 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-06-21 14:59 --------- d-----w C:\Program Files\UbiSoft
2008-06-21 12:32 --------- d-----w C:\Documents and Settings\PROPRIETAIRE\Application Data\Momindum Studio
2008-06-20 19:46 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-20 19:24 --------- d-----w C:\Program Files\Sudden Strike II
2008-06-20 19:22 --------- d-----w C:\Program Files\Microsoft Games
2008-06-20 17:37 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:08 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-06-20 10:44 360,960 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:32 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2007-06-06 23:57 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

------- Sigcheck -------

2008-04-14 04:34 14336 e4bdf223cd75478bf44567b4d5c2634d C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\svchost.exe
2004-08-05 14:00 14336 1bd6c2f707a275cb7c16fd99fe0f31ca C:\WINDOWS\system32\svchost.exe
2004-08-05 14:00 14336 1bd6c2f707a275cb7c16fd99fe0f31ca C:\WINDOWS\system32\dllcache\svchost.exe

2008-04-14 04:33 82432 fb836f9e62d82904c983ad21296a5d9c C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ws2_32.dll
2004-08-05 14:00 82944 bc41f51a39d3b255805fdb759b7814ae C:\WINDOWS\system32\ws2_32.dll
2004-08-05 14:00 82944 bc41f51a39d3b255805fdb759b7814ae C:\WINDOWS\system32\dllcache\ws2_32.dll

2008-04-14 04:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\winlogon.exe
2004-08-05 14:00 506368 d2de785aeab0bb8ca4c14a8a199dbe4e C:\WINDOWS\system32\winlogon.exe
2004-08-05 14:00 506368 d2de785aeab0bb8ca4c14a8a199dbe4e C:\WINDOWS\system32\dllcache\winlogon.exe

2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ndis.sys
2004-08-05 14:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
2004-08-05 14:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 20:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ip6fw.sys
2004-08-05 14:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
2004-08-05 14:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2008-04-14 04:34 109056 54cb50058851d95e56ec70d09f70857f C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\services.exe
2004-08-05 14:00 108544 732e0b1abaace15d80ec19056b0a2af9 C:\WINDOWS\system32\services.exe
2004-08-05 14:00 108544 732e0b1abaace15d80ec19056b0a2af9 C:\WINDOWS\system32\dllcache\services.exe

2008-04-14 04:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\lsass.exe
2004-08-05 14:00 13312 9f3744a5c6f49291a7a685040a013399 C:\WINDOWS\system32\lsass.exe
2004-08-05 14:00 13312 9f3744a5c6f49291a7a685040a013399 C:\WINDOWS\system32\dllcache\lsass.exe

2008-04-14 04:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ctfmon.exe
2004-08-05 14:00 15360 5584247b568c2e53934873f4b655fe6a C:\WINDOWS\system32\ctfmon.exe
2004-08-05 14:00 15360 5584247b568c2e53934873f4b655fe6a C:\WINDOWS\system32\dllcache\ctfmon.exe

2008-04-14 04:34 26624 e74ddb12188c2ff57a78624dbf7332fc C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\userinit.exe
2004-08-05 14:00 25088 d6d65ea32b190401b57edb6706f29669 C:\WINDOWS\system32\userinit.exe
2004-08-05 14:00 25088 d6d65ea32b190401b57edb6706f29669 C:\WINDOWS\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-21 18:55 68856]
"CurseClient"="C:\Program Files\World of Warcraft\Curse\CurseClient.exe" [2008-01-30 22:33 477696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07 81920]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-06-25 21:34 368640]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2007-04-10 23:46 709992]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 23:45 279912]
"nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"E:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"E:\\Program Files\\TmNationsForever\\TmForever.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"G:\\Program Files\\RelicCOH.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 SSHDRV85;SSHDRV85;C:\WINDOWS\system32\drivers\SSHDRV85.sys [2007-06-24 22:30]
R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 23:45]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-06-25 21:34]
S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2008-06-29 20:12]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 02:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4303726a-e1cd-11db-bb97-806d6172696f}]
\Shell\AutoRun\command - D:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{862c2392-1716-11dc-b7c8-0016178f0e99}]
\Shell\AutoRun\command - H:\setupSNK.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-{BD-D0-0A-AB-DW} - C:\windows\system32\rpwnw64k.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\PROPRIETAIRE\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-20 13:19:28
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\av32bitpatches.dat 14641 bytes
C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\av32bitversions.dat 30121 bytes
C:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 864 bytes hidden from API

Scan termin‚ avec succŠs
Les fichiers cach‚s: 3

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-20 13:29:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-20 11:29:33

Pre-Run: 11,209,437,184 octets libres
Post-Run: 11,337,211,904 octets libres

225 --- E O F --- 2008-08-20 00:15:05

merci pour ton toute les pubs c.i.d on disparu ! merci beaucoup !! (k)

bonsoir voici l'analyse de VirusTotal:

Fichier g80.exe reçu le 2008.08.20 00:18:31 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.19.0 2008.08.19 -
AntiVir 7.8.1.23 2008.08.19 -
Authentium 5.1.0.4 2008.08.19 -
Avast 4.8.1195.0 2008.08.19 Win32:BHO-SI
AVG 8.0.0.161 2008.08.19 Generic3.JXK
BitDefender 7.2 2008.08.19 -
CAT-QuickHeal 9.50 2008.08.19 -
ClamAV 0.93.1 2008.08.19 Trojan.BHO-3774
DrWeb 4.44.0.09170 2008.08.19 -
eSafe 7.0.17.0 2008.08.19 -
eTrust-Vet 31.6.6035 2008.08.15 Win32/Tantorb.BB
Ewido 4.0 2008.08.19 -
F-Prot 4.4.4.56 2008.08.19 -
F-Secure 7.60.13501.0 2008.08.19 -
Fortinet 3.14.0.0 2008.08.19 -
GData 2.0.7306.1023 2008.08.19 Win32:Trojan-gen
Ikarus T3.1.1.34.0 2008.08.19 Virus.Win32.Trojan
K7AntiVirus 7.10.421 2008.08.19 -
Kaspersky 7.0.0.125 2008.08.19 -
McAfee 5364 2008.08.19 -
Microsoft 1.3807 2008.08.20 -
NOD32v2 3369 2008.08.19 Win32/Adware.GooochiBiz
Norman 5.80.02 2008.08.19 -
Panda 9.0.0.4 2008.08.19 -
PCTools 4.4.2.0 2008.08.19 -
Prevx1 V2 2008.08.20 Cloaked Malware
Rising 20.58.12.00 2008.08.19 -
Sophos 4.32.0 2008.08.19 -
Sunbelt 3.1.1546.1 2008.08.15 -
Symantec 10 2008.08.19 -
TheHacker 6.3.0.5.054 2008.08.19 -
TrendMicro 8.700.0.1004 2008.08.19 -
VBA32 3.12.8.3 2008.08.19 Win32.Adware.GooochiBiz
ViRobot 2008.8.19.1341 2008.08.19 -
VirusBuster 4.5.11.0 2008.08.19 -
Webwasher-Gateway 6.6.2 2008.08.19 -

Information additionnelle
File size: 152147 bytes
MD5...: 25ad4cbb91b01c28b72d65f66e20ce5c
SHA1..: e6a36f26fda6e3ee92f17a47bf6a362af935f7d2
SHA256: 29cc1ee43b7843ce35294756d5b9816da82bec18b5aea69b8f20427772851ba9
SHA512: f1bd7a9d14815b88c25a2c271f429eaf17f696fd5d2eaa15f2e2a36d32d820c2<BR>35de9c74e2a0d6dbdbbdc613b296ac7f8062bdc6779e46a44fd30b4052562781
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x403225<BR>timedatestamp.....: 0x481c71ea (Sat May 03 14:08:42 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x5934 0x5a00 6.46 663546ac41801daf2dc51f560ec05a56<BR>.rdata 0x7000 0x1190 0x1200 5.18 db16645055619c0cc73276ff5c3adb75<BR>.data 0x9000 0x1af98 0x400 4.70 f0511f18783910813a0de0de02bc1206<BR>.ndata 0x24000 0xc000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rsrc 0x30000 0x6c8 0x800 2.91 45197172dd9457c3c73ddd577483e4cd<BR><BR>( 8 imports ) <BR>&gt; KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA<BR>&gt; USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow<BR>&gt; GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject<BR>&gt; SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation<BR>&gt; ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA<BR>&gt; COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create<BR>&gt; ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance<BR>&gt; VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA<BR><BR>( 0 exports ) <BR>
ThreatExpert info: http://www.threatexpert.com/report [...] f66e20ce5c
Prevx info: http://info.prevx.com/aboutprogram [...] 00D7AB8CA0

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.19.0 2008.08.19 -
AntiVir 7.8.1.23 2008.08.19 -
Authentium 5.1.0.4 2008.08.19 -
Avast 4.8.1195.0 2008.08.19 Win32:BHO-SI
AVG 8.0.0.161 2008.08.19 Generic3.JXK
BitDefender 7.2 2008.08.19 -
CAT-QuickHeal 9.50 2008.08.19 -
ClamAV 0.93.1 2008.08.19 Trojan.BHO-3774
DrWeb 4.44.0.09170 2008.08.19 -
eSafe 7.0.17.0 2008.08.19 -
eTrust-Vet 31.6.6035 2008.08.15 Win32/Tantorb.BB
Ewido 4.0 2008.08.19 -
F-Prot 4.4.4.56 2008.08.19 -
F-Secure 7.60.13501.0 2008.08.19 -
Fortinet 3.14.0.0 2008.08.19 -
GData 2.0.7306.1023 2008.08.19 Win32:Trojan-gen
Ikarus T3.1.1.34.0 2008.08.19 Virus.Win32.Trojan
K7AntiVirus 7.10.421 2008.08.19 -
Kaspersky 7.0.0.125 2008.08.19 -
McAfee 5364 2008.08.19 -
Microsoft 1.3807 2008.08.20 -
NOD32v2 3369 2008.08.19 Win32/Adware.GooochiBiz
Norman 5.80.02 2008.08.19 -
Panda 9.0.0.4 2008.08.19 -
PCTools 4.4.2.0 2008.08.19 -
Prevx1 V2 2008.08.20 Cloaked Malware
Rising 20.58.12.00 2008.08.19 -
Sophos 4.32.0 2008.08.19 -
Sunbelt 3.1.1546.1 2008.08.15 -
Symantec 10 2008.08.19 -
TheHacker 6.3.0.5.054 2008.08.19 -
TrendMicro 8.700.0.1004 2008.08.19 -
VBA32 3.12.8.3 2008.08.19 Win32.Adware.GooochiBiz
ViRobot 2008.8.19.1341 2008.08.19 -
VirusBuster 4.5.11.0 2008.08.19 -
Webwasher-Gateway 6.6.2 2008.08.19 -

Information additionnelle
File size: 152147 bytes
MD5...: 25ad4cbb91b01c28b72d65f66e20ce5c
SHA1..: e6a36f26fda6e3ee92f17a47bf6a362af935f7d2
SHA256: 29cc1ee43b7843ce35294756d5b9816da82bec18b5aea69b8f20427772851ba9
SHA512: f1bd7a9d14815b88c25a2c271f429eaf17f696fd5d2eaa15f2e2a36d32d820c2<BR>35de9c74e2a0d6dbdbbdc613b296ac7f8062bdc6779e46a44fd30b4052562781
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x403225<BR>timedatestamp.....: 0x481c71ea (Sat May 03 14:08:42 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x5934 0x5a00 6.46 663546ac41801daf2dc51f560ec05a56<BR>.rdata 0x7000 0x1190 0x1200 5.18 db16645055619c0cc73276ff5c3adb75<BR>.data 0x9000 0x1af98 0x400 4.70 f0511f18783910813a0de0de02bc1206<BR>.ndata 0x24000 0xc000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rsrc 0x30000 0x6c8 0x800 2.91 45197172dd9457c3c73ddd577483e4cd<BR><BR>( 8 imports ) <BR>&gt; KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA<BR>&gt; USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow<BR>&gt; GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject<BR>&gt; SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation<BR>&gt; ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA<BR>&gt; COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create<BR>&gt; ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance<BR>&gt; VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA<BR><BR>( 0 exports ) <BR>
ThreatExpert info: http://www.threatexpert.com/report [...] f66e20ce5c
Prevx info: http://info.prevx.com/aboutprogram [...] 00D7AB8CA0

bonsoir j'ai fais comme tu m'a dis tout a l'air de s'etre bien passer mais par contre il ne m'avais pas demander de [taper 1] jespere que se n'ai pas tres important. voici le rapport de CombotFix:

ComboFix 08-08-18.04 - PROPRIETAIRE 2008-08-21 21:52:30.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.642 [GMT 2:00]
Endroit: C:\Documents and Settings\PROPRIETAIRE\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\PROPRIETAIRE\Bureau\CFScript.txt.txt
* Création d'un nouveau point de restauration
* Resident AV is active


[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]

FILE ::
C:\WINDOWS\system32\g80.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\PROPRIETAIRE\UserData
C:\Documents and Settings\PROPRIETAIRE\UserData\1W7X2NKO\Tdy58[1].xml
C:\Documents and Settings\PROPRIETAIRE\UserData\FYZJWBWZ\advstNetId[1].xml
C:\Documents and Settings\PROPRIETAIRE\UserData\FYZJWBWZ\historySearchPos[1].xml
C:\Documents and Settings\PROPRIETAIRE\UserData\index.dat
C:\Documents and Settings\PROPRIETAIRE\UserData\NNT0LPHL\historySitePos[1].xml
C:\Program Files\Conduit
C:\Program Files\Conduit\Community Alerts\Alert.dll
C:\Program Files\torrent_search
C:\Program Files\torrent_search\UNWISE.EXE
C:\WINDOWS\system32\g80.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-21 to 2008-08-21 ))))))))))))))))))))))))))))))))))))
.

2008-08-18 22:13 . 2008-08-19 00:14 <REP> d-------- C:\Program Files\Navilog1
2008-08-18 22:05 . 2008-08-19 00:00 <REP> d-------- C:\Lop SD
2008-08-18 15:34 . 2008-08-18 15:34 <REP> d-------- C:\Program Files\TUGZip
2008-08-18 15:34 . 2007-03-12 23:34 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-08-18 15:34 . 2007-03-12 23:34 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-08-18 15:34 . 2007-03-12 23:34 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-08-15 00:08 . 2008-08-15 00:08 230,424 --a------ C:\img2-002.raw
2008-08-05 17:10 . 2008-08-05 17:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 19:58 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-08-21 15:23 --------- d-----w C:\Program Files\Wanadoo
2008-08-20 23:21 --------- d-----w C:\Program Files\eMule
2008-08-20 00:15 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-18 17:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-16 10:45 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-07-23 12:59 --------- d-----w C:\Program Files\World of Warcraft
2008-07-19 08:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 14:11 --------- d-----w C:\Program Files\BoontyGames
2008-07-18 14:09 --------- d-----w C:\Program Files\Player Metaboli
2008-07-15 19:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Player Metaboli
2008-07-15 19:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-07 20:18 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 17:22 --------- d-----w C:\Program Files\DivX
2008-07-07 11:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-07-05 15:32 --------- d-----w C:\Program Files\Trymedia
2008-07-04 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-06-29 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOONTY
2008-06-29 18:12 --------- d-----w C:\Program Files\Fichiers communs\BOONTY Shared
2008-06-29 18:11 --------- d-----w C:\Program Files\Boonty
2008-06-26 21:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-06-26 21:03 --------- d-----w C:\Program Files\orange
2008-06-26 21:03 --------- d-----w C:\Program Files\GamesBar
2008-06-26 21:03 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2008-06-25 19:34 86,792 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-06-24 16:30 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-22 20:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-06-22 20:42 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-06-21 14:59 --------- d-----w C:\Program Files\UbiSoft
2008-06-21 12:32 --------- d-----w C:\Documents and Settings\PROPRIETAIRE\Application Data\Momindum Studio
2008-06-20 19:46 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-20 17:37 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2007-06-06 23:57 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

------- Sigcheck -------

2008-04-14 04:34 14336 e4bdf223cd75478bf44567b4d5c2634d C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\svchost.exe
2004-08-05 14:00 14336 1bd6c2f707a275cb7c16fd99fe0f31ca C:\WINDOWS\system32\svchost.exe
2004-08-05 14:00 14336 1bd6c2f707a275cb7c16fd99fe0f31ca C:\WINDOWS\system32\dllcache\svchost.exe

2008-04-14 04:33 82432 fb836f9e62d82904c983ad21296a5d9c C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ws2_32.dll
2004-08-05 14:00 82944 bc41f51a39d3b255805fdb759b7814ae C:\WINDOWS\system32\ws2_32.dll
2004-08-05 14:00 82944 bc41f51a39d3b255805fdb759b7814ae C:\WINDOWS\system32\dllcache\ws2_32.dll

2008-04-14 04:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\winlogon.exe
2004-08-05 14:00 506368 d2de785aeab0bb8ca4c14a8a199dbe4e C:\WINDOWS\system32\winlogon.exe
2004-08-05 14:00 506368 d2de785aeab0bb8ca4c14a8a199dbe4e C:\WINDOWS\system32\dllcache\winlogon.exe

2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ndis.sys
2004-08-05 14:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
2004-08-05 14:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 20:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ip6fw.sys
2004-08-05 14:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
2004-08-05 14:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2008-04-14 04:34 109056 54cb50058851d95e56ec70d09f70857f C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\services.exe
2004-08-05 14:00 108544 732e0b1abaace15d80ec19056b0a2af9 C:\WINDOWS\system32\services.exe
2004-08-05 14:00 108544 732e0b1abaace15d80ec19056b0a2af9 C:\WINDOWS\system32\dllcache\services.exe

2008-04-14 04:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\lsass.exe
2004-08-05 14:00 13312 9f3744a5c6f49291a7a685040a013399 C:\WINDOWS\system32\lsass.exe
2004-08-05 14:00 13312 9f3744a5c6f49291a7a685040a013399 C:\WINDOWS\system32\dllcache\lsass.exe

2008-04-14 04:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ctfmon.exe
2004-08-05 14:00 15360 5584247b568c2e53934873f4b655fe6a C:\WINDOWS\system32\ctfmon.exe
2004-08-05 14:00 15360 5584247b568c2e53934873f4b655fe6a C:\WINDOWS\system32\dllcache\ctfmon.exe

2008-04-14 04:34 26624 e74ddb12188c2ff57a78624dbf7332fc C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\userinit.exe
2004-08-05 14:00 25088 d6d65ea32b190401b57edb6706f29669 C:\WINDOWS\system32\userinit.exe
2004-08-05 14:00 25088 d6d65ea32b190401b57edb6706f29669 C:\WINDOWS\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-21 18:55 68856]
"CurseClient"="C:\Program Files\World of Warcraft\Curse\CurseClient.exe" [2008-01-30 22:33 477696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07 81920]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-06-25 21:34 368640]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2007-04-10 23:46 709992]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 23:45 279912]
"nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-06-06 12:10:02 394856]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"E:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"E:\\Program Files\\TmNationsForever\\TmForever.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"G:\\Program Files\\RelicCOH.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 SSHDRV85;SSHDRV85;C:\WINDOWS\system32\drivers\SSHDRV85.sys [2007-06-24 22:30]
R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 23:45]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-06-25 21:34]
S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2008-06-29 20:12]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 02:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4303726a-e1cd-11db-bb97-806d6172696f}]
\Shell\AutoRun\command - D:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{862c2392-1716-11dc-b7c8-0016178f0e99}]
\Shell\AutoRun\command - H:\setupSNK.exe

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-21 21:58:18
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Temps d'accomplissement: 2008-08-21 22:03:51
ComboFix-quarantined-files.txt 2008-08-21 20:03:23
ComboFix2.txt 2008-08-20 11:29:43

Pre-Run: 11,276,075,008 octets libres
Post-Run: 11,284,639,744 octets libres

188 --- E O F --- 2008-08-20 00:15:05

bonsoir voici le rapport hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 22:08:22, on 22/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wisptis.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\PROPRIETAIRE\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com//
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] "C:\PROGRA~1\Wanadoo\GestMaj.exe" TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKCU\..\Run: [WOOKIT] "C:\PROGRA~1\Wanadoo\Shell.exe" appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\World of Warcraft\Curse\CurseClient.exe
O4 - Startup: IMVU.lnk = G:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: Registration Prince of Persia l'Ame du Guerrier.LNK = C:\Program Files\Ubisoft\Prince of Persia l'Ame du Guerrier\Support\Register\RegistrationReminder.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\PROPRIETAIRE\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-B [...] E_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 1176820046
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn. [...] tPkMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)

bonjour, voila j'ai fais le scan =)

bonjour désolé du retard ! mais je n'arrive pas a copier le rapport ! :s

bonjour =) !! voici le rapport panda :

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-09-02 13:28:09
PROTECTIONS: 1
MALWARE: 11
SUSPECTS: 3
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Bit-Defender Internet Security 2008 11.0.17 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\PROPRIETAIRE\Bureau\LopSD.exe[C:\Documents and Settings\PROPRIETAIRE\Bureau\LopSD.exe][Process.exe]
00139535 Application/Processor HackTools No 0 Yes No C:\Program Files\Navilog1\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Lop SD\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{D9F6E605-D508-4515-8EF2-60D3A6F30492}\RP421\A0624735.exe
00147814 Cookie/AspinallsOnlineCasino TrackingCookie No 0 Yes No C:\Lop SD\Backup-Lop\DOCUME~1\PROPRI~1\Cookies\proprietaire@pacificpoker[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\PROPRIETAIRE\Cookies\proprietaire@com[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\PROPRIETAIRE\Cookies\proprietaire@xiti[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\PROPRIETAIRE\Cookies\proprietaire@weborama[1].txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\PROPRIETAIRE\Cookies\proprietaire@bravenet[2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Lop SD\Backup-Lop\DOCUME~1\PROPRI~1\Cookies\proprietaire@adultfriendfinder[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\PROPRIETAIRE\Cookies\proprietaire@atwola[2].txt
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{D9F6E605-D508-4515-8EF2-60D3A6F30492}\RP424\A0625108.EXE
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes Yes C:\System Volume Information\_restore{D9F6E605-D508-4515-8EF2-60D3A6F30492}\RP424\A0625094.sys
02990320 Application/BoontyGames HackTools No 0 Yes No C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location |
;===================================================================================================================================================================================
No C:\Documents and Settings\PROPRIETAIRE\Bureau\ComboFix.exe |
No C:\Lop SD\Backup-Lop\Program Files\BitTorrent Fastest Tool\BitP.exe |
No F:\Warcraft III\worldedit.exe |
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description |
;===================================================================================================================================================================================
93454 MEDIUM MS05-049 |
;===================================================================================================================================================================================

bonsoir oki merci pour tout !!! (k) !