Se connecter / S'enregistrer
Votre question

[Résolu]startdrv et/ou Downloader.Obfuskated

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
3 Avril 2008 12:23:23

Bonjour ,

J'ai lus pas mal de sujet concernant ce virus , mais je n'arrive quand meme pas à le supprimé :s . J'ai téléchargé Hijackthis et j'ai fais un rapport :
Spoiler
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:37, on 03/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
C:\PROGRA~1\WANADOO\EspaceWanadoo.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\PROGRA~1\WANADOO\ComComp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\WANADOO\Toaster.exe
C:\PROGRA~1\WANADOO\Inactivity.exe
C:\PROGRA~1\WANADOO\PollingModule.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\PROGRA~1\WANADOO\Watch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\jean-marie\Bureau\Nouveau dossier\test.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isadd.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [Net4Switch] C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Object\isamntr.exe
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Object\pmsnrr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: MultiFrame.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O21 - SSODL: didymiums - {e6adaaf0-79b2-4cf1-a660-50a0b33991a1} - C:\WINDOWS\system32\vblhanf.dll (file missing)
O22 - SharedTaskScheduler: didymiums - {e6adaaf0-79b2-4cf1-a660-50a0b33991a1} - C:\WINDOWS\system32\vblhanf.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Performance Monitor - Unknown owner - C:\WINDOWS\perfmon.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Userinit Logon Application - Unknown owner - C:\WINDOWS\userinit.exe (file missing)
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

--
End of file - 11015 bytes



Merci de bien vouloir me répondre et de me dire quelles lignes cocher pour faire ensuite fix checked .

Autres pages sur : resolu startdrv downloader obfuskated

3 Avril 2008 17:07:00

:hello: 

On ne résout pas un problème viral juste en cochant des lignes via hijackthis. ;) 

Télécharge BTFix ([#ff0000]Bibi26[/#f]).
Dézippe l'archive sur ton Bureau.
  • Ouvre le dossier BTFix.
  • Double clique sur BTFix.exe.
  • Clique sur Rechercher.
  • Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
    3 Avril 2008 20:07:28

    Il me dit qu'il n'y a aucune infection , mais je sais dans quel dossier est le virus et il est toujours la :s
    Contenus similaires
    Pas de réponse à votre question ? Demandez !
    3 Avril 2008 20:12:52

    Re,

    Poste quand même le rapport demandé :) 

    Puis refais un nouveau rapport hijackthis sans le mettre entre balises.
    3 Avril 2008 20:35:46

    BTFix 1.093 (par bibi26) - 03/04/2008 20:33:58 - Analyse
    Lancé depuis C:\Documents and Settings\jean-marie\Bureau\BTFix\BTFix.exe

    ---> Fichiers/Dossiers trouvés


    ---> Analyse terminée le 03/04/2008 20:33:59

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:34:33, on 03/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Wireless Console 2\wcourier.exe
    C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\PROGRA~1\WANADOO\TaskBarIcon.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\program files\steam\steam.exe
    C:\PROGRA~1\WANADOO\EspaceWanadoo.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\PROGRA~1\WANADOO\ComComp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\PROGRA~1\WANADOO\Toaster.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\PROGRA~1\WANADOO\Inactivity.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\WANADOO\PollingModule.exe
    C:\PROGRA~1\WANADOO\Watch.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\jean-marie\Bureau\Nouveau dossier\test.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isadd.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
    O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [Net4Switch] C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Object\isamntr.exe
    O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Object\pmsnrr.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: MultiFrame.lnk = ?
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O21 - SSODL: didymiums - {e6adaaf0-79b2-4cf1-a660-50a0b33991a1} - C:\WINDOWS\system32\vblhanf.dll (file missing)
    O22 - SharedTaskScheduler: didymiums - {e6adaaf0-79b2-4cf1-a660-50a0b33991a1} - C:\WINDOWS\system32\vblhanf.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Performance Monitor - Unknown owner - C:\WINDOWS\perfmon.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Userinit Logon Application - Unknown owner - C:\WINDOWS\userinit.exe (file missing)
    O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

    --
    End of file - 10176 bytes



    3 Avril 2008 23:55:21

    Re,

    Télécharge Smitfraudfix (de S!ri).
    Enregistre-le sur ton bureau.
    Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
    Choisis l'Option 1 (Recherche)
    Poste le premier rapport ici.

    **Si le lien ne fonctionne pas, clique ici**

    ;) 
    4 Avril 2008 15:58:20

    Bonjour , voila le rappot que tu m'as demandé .

    SmitFraudFix v2.309

    Rapport fait à 15:56:50,82, 04/04/2008
    Executé à partir de C:\Documents and Settings\jean-marie\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est FAT32
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Wireless Console 2\wcourier.exe
    C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\PROGRA~1\WANADOO\TaskBarIcon.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\program files\steam\steam.exe
    C:\PROGRA~1\WANADOO\EspaceWanadoo.exe
    C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\PROGRA~1\WANADOO\ComComp.exe
    C:\PROGRA~1\WANADOO\Toaster.exe
    C:\PROGRA~1\WANADOO\Inactivity.exe
    C:\PROGRA~1\WANADOO\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\PROGRA~1\Grisoft\AVG7\avgw.exe
    C:\PROGRA~1\WANADOO\Watch.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jean-marie


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jean-marie\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JEAN-M~1\FAVORIS


    »»»»»»»»»»»»»»»»»»»»»»»» Bureau


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    C:\Program Files\AntiVermeans\ PRESENT !
    C:\Program Files\Video ActiveX Object\ PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"


    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{e6adaaf0-79b2-4cf1-a660-50a0b33991a1}"="didymiums"

    [HKEY_CLASSES_ROOT\CLSID\{e6adaaf0-79b2-4cf1-a660-50a0b33991a1}\InProcServer32]
    @="C:\WINDOWS\system32\vblhanf.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{e6adaaf0-79b2-4cf1-a660-50a0b33991a1}\InProcServer32]
    @="C:\WINDOWS\system32\vblhanf.dll"



    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{AF73CFDE-7902-45FB-A066-4A4132DBDB92}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{AF73CFDE-7902-45FB-A066-4A4132DBDB92}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    4 Avril 2008 17:30:14

    Re,

    Redémarre en mode sans échec

    Lance SmitfraudFix.exe et choisis cette fois l'Option 2 et réponds oui à la ou les questions.
    Sauvegarde le rapport sur ton Bureau.

    Redémarre normalement.

    Poste le rapport généré par SmitfraudFix ainsi qu’un nouveau hijackthis.

    ;) 
    4 Avril 2008 18:10:49

    Re,

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:09:14, on 04/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Wireless Console 2\wcourier.exe
    C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\PROGRA~1\WANADOO\TaskBarIcon.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\program files\steam\steam.exe
    C:\Program Files\eMule\emule.exe
    C:\PROGRA~1\WANADOO\EspaceWanadoo.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\PROGRA~1\WANADOO\ComComp.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\PROGRA~1\WANADOO\Toaster.exe
    C:\PROGRA~1\WANADOO\Inactivity.exe
    C:\PROGRA~1\WANADOO\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\PROGRA~1\WANADOO\Watch.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Documents and Settings\jean-marie\Bureau\Nouveau dossier\test.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Seekmo /fleok=1D8A83A5C2E713769FAF692A1FBB39BFE4976E26CAEDA120180A196D6093 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.406.0\HostIE.dll (file missing)
    O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.406.0\HostIE.dll (file missing)
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
    O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.406.0\OEAddOn.exe
    O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.406.0\SeekmoSA.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [Net4Switch] C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: MultiFrame.lnk = ?
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Performance Monitor - Unknown owner - C:\WINDOWS\perfmon.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Userinit Logon Application - Unknown owner - C:\WINDOWS\userinit.exe (file missing)
    O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

    --
    End of file - 10452 bytes



    SmitFraudFix v2.309

    Rapport fait à 18:09:48,45, 04/04/2008
    Executé à partir de C:\Documents and Settings\jean-marie\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est FAT32
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Wireless Console 2\wcourier.exe
    C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\PROGRA~1\WANADOO\TaskBarIcon.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\program files\steam\steam.exe
    C:\Program Files\eMule\emule.exe
    C:\PROGRA~1\WANADOO\EspaceWanadoo.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\PROGRA~1\WANADOO\ComComp.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\PROGRA~1\WANADOO\Toaster.exe
    C:\PROGRA~1\WANADOO\Inactivity.exe
    C:\PROGRA~1\WANADOO\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\PROGRA~1\WANADOO\Watch.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Documents and Settings\jean-marie\Bureau\Nouveau dossier\test.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jean-marie


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jean-marie\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JEAN-M~1\FAVORIS


    »»»»»»»»»»»»»»»»»»»»»»»» Bureau


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{AF73CFDE-7902-45FB-A066-4A4132DBDB92}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{AF73CFDE-7902-45FB-A066-4A4132DBDB92}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    4 Avril 2008 18:19:42

    Re,

    refais ça :

    Télécharge BTFix ([#ff0000]Bibi26[/#f]).
    Dézippe l'archive sur ton Bureau.
  • Ouvre le dossier BTFix.
  • Double clique sur BTFix.exe.
  • Clique sur Rechercher.
  • Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
    4 Avril 2008 18:42:44

    Re,

    BTFix 1.093 (par bibi26) - 04/04/2008 18:42:01 - Analyse
    Lancé depuis C:\Documents and Settings\jean-marie\Bureau\BTFix\BTFix.exe

    ---> Fichiers/Dossiers trouvés

    - C:\Program Files\ShoppingReport\
    - C:\Documents and Settings\jean-marie\Application Data\ShoppingReport\
    - C:\Documents and Settings\jean-marie\Application Data\Seekmo\
    - C:\Documents and Settings\All Users\Application Data\SeekmoSA\
    - C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65\
    - C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Seekmo\

    ---> Analyse terminée le 04/04/2008 18:42:09
    4 Avril 2008 19:15:59

    Re,

    Comment m'expliques-tu le fait qu'en une journée un rapport vierge devienne plein de bestioles ? Tu fais un peu attention à ce que tu fais sur le net ?

    Je t'invite dès à présent à lire le dossier dans ma signature et/ou à le faire lire aux autres utilisateurs du PC. Inutile de désinfecter un PC qui se fait infecter chaque jour :) 

    Ou alors tu as mal fait la manip' la première fois.

  • Ouvre à nouveau BTFix.
  • Clique sur Nettoyer.
  • Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
  • Poste un nouveau rapport hijackthis.

    ;) 
    4 Avril 2008 19:21:17

    Re,

    BTFix 1.093 (par bibi26) - 04/04/2008 19:19:23 - Nettoyage - Mode normal
    Lancé depuis C:\Documents and Settings\jean-marie\Bureau\BTFix\BTFix.exe

    ---> Fichiers/dossiers supprimés (Première passe)

    - Fichiers temporaires effacés
    - C:\Program Files\ShoppingReport\Bin\2.5.0\
    - C:\Program Files\ShoppingReport\Bin\
    - C:\Program Files\ShoppingReport\
    - C:\Documents and Settings\jean-marie\Application Data\ShoppingReport\cs\dwld\
    - C:\Documents and Settings\jean-marie\Application Data\ShoppingReport\cs\report\
    - C:\Documents and Settings\jean-marie\Application Data\ShoppingReport\cs\db\
    - C:\Documents and Settings\jean-marie\Application Data\ShoppingReport\cs\res1\
    - C:\Documents and Settings\jean-marie\Application Data\ShoppingReport\cs\
    - C:\Documents and Settings\jean-marie\Application Data\ShoppingReport\
    - C:\Documents and Settings\jean-marie\Application Data\Seekmo\IESkins\
    - C:\Documents and Settings\jean-marie\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\
    - C:\Documents and Settings\jean-marie\Application Data\Seekmo\v3.0\Seekmo\static\1\
    - C:\Documents and Settings\jean-marie\Application Data\Seekmo\v3.0\Seekmo\static\2\
    - C:\Documents and Settings\jean-marie\Application Data\Seekmo\v3.0\Seekmo\static\
    - C:\Documents and Settings\jean-marie\Application Data\Seekmo\v3.0\Seekmo\dynamic\
    - C:\Documents and Settings\jean-marie\Application Data\Seekmo\v3.0\Seekmo\
    - C:\Documents and Settings\jean-marie\Application Data\Seekmo\v3.0\HostOL\dynamic\
    - C:\Documents and Settings\jean-marie\Application Data\Seekmo\v3.0\HostOL\
    - C:\Documents and Settings\jean-marie\Application Data\Seekmo\v3.0\HostOI\dynamic\
    - C:\Documents and Settings\jean-marie\Application Data\Seekmo\v3.0\HostOI\
    - C:\Documents and Settings\jean-marie\Application Data\Seekmo\v3.0\
    - C:\Documents and Settings\jean-marie\Application Data\Seekmo\
    - C:\Documents and Settings\All Users\Application Data\SeekmoSA\
    - C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65\
    - C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Seekmo\

    ---> Nettoyage terminé le 04/04/2008 19:19:30


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:21:00, on 04/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Wireless Console 2\wcourier.exe
    C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\PROGRA~1\WANADOO\TaskBarIcon.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\program files\steam\steam.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Wanadoo\EspaceWanadoo.exe
    C:\Program Files\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Wanadoo\Watch.exe
    C:\Documents and Settings\jean-marie\Bureau\BTFix\BTFix.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\jean-marie\Bureau\Nouveau dossier\test.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
    O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [Net4Switch] C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: MultiFrame.lnk = ?
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Performance Monitor - Unknown owner - C:\WINDOWS\perfmon.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Userinit Logon Application - Unknown owner - C:\WINDOWS\userinit.exe (file missing)
    O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

    --
    End of file - 9472 bytes
    4 Avril 2008 19:48:49

    J'ai fais le screen , j'ai enregistrer l'image , mais je ne sais pas comment la mettre sur internet . Le fichier de ta signature et celui qui explique pour la capture d'écran , je ne peux pas les lires car je n'ai pas le logiciel pour :s .

    Si sa peut aidé le virus j'arrive a le faire disparaitre , mais il se recré lors du redémarage .
    4 Avril 2008 20:11:18

    Re j'ai réussi a trouvé un site pour mettre le screen sur le web ,



    4 Avril 2008 20:15:40

    Oula pas tés belle l'image , les noms des fichiers sont :
    1er fichier : startdrv.exe
    2eme fichier : WGAErrLog.txt
    3eme fichier : WGANotify.settings
    4 Avril 2008 23:08:57

    Re,

    1) Relance HijackThis, clique sur "do a system scan only", coche ces lignes puis clique sur "Fix Checked" et referme HijackThis :

    O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe


    2) Télécharger OTMoveIt2 par OldTimer.

  • Enregistrer ce fichier sur le Bureau.
  • Faire un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si vous utilisez Vista, faire un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
  • Copier les lignes de la zone "Code" ci-dessous en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
    C:\WINDOWS\Temp\startdrv.exe

  • Retourner dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone "Paste Standard List of Files/Folders to Move" (sous la barre bleu clair) puis choisir Coller.
  • Cliquer sur le bouton rouge Moveit!.
  • Copier tout ce qui se trouve dans la zone Results (sous la barre verte) en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.
  • Fermer OTMoveIt2

    Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes. Dans ce cas, après le redémarrage, ouvrir le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), cliquer sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuyer sur la touche Entrée, naviguer jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvrir le fichier .log le plus récent; ensuite faire un copier/coller du contenu de ce document en réponse sur le forum.

    Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.

    ;) 

    N.B : Tu tiens à AVG7 antivirus ?
    4 Avril 2008 23:55:04

    Re, pour l'antivirus je n'y tiens pas non .

    File move failed. C:\WINDOWS\Temp\startdrv.exe scheduled to be moved on reboot.

    OTMoveIt2 by OldTimer - Version 1.0.4.0 log created on 04042008_234846

    Files moved on Reboot...


    4 Avril 2008 23:58:16

    :hello: 

    1) Affiche les fichiers et dossiers cachés …
    Pour ce faire, tu vas dans un dossier, par ex. "Mes Images".
    Ensuite, clique sur > Outils > Options des dossiers ...
    clique sur l' onglet « Affichage » et ...
    coche ---> Afficher les fichiers et dossiers cachés
    décoche > Masquer les extensions des fichiers dont le type est connu
    décoche > Masquer les fichiers protégés du système d' exploitation (recommandé).
    « Appliquer » et « OK ».

    2) Désactive toute protection résidente ( antivirus…) !
    Déconnecte-toi d’internet, ferme tous les programmes en cours et laisse combofix travailler : ne fais donc pas autre chose en même temps !


    Télécharge Combofix de sUBs
    Sauvegarde le sur ton bureau et pas ailleurs !
    Redémarre en mode sans échecs : aide ici >>>
    http://forum.telecharger.01net.com/telecharger/virus_et...
    /!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport. Il se trouve ici : C:\Combofix.txt

    3) Copie/colle un nouveau rapport HiJackThis avec.

    Bonne nuit, à demain :hello: 
    5 Avril 2008 13:20:43

    Bonjour,

    ComboFix 08-04-04.1 - jean-marie 2008-04-05 13:08:10.1 - FAT32x86 MINIMAL
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1778 [GMT 2:00]
    Endroit: C:\Documents and Settings\jean-marie\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\guillaume\Application Data\ShoppingReport
    C:\Documents and Settings\guillaume\Application Data\ShoppingReport\cs\Config.xml
    C:\Documents and Settings\guillaume\Application Data\ShoppingReport\cs\db\Aliases.dbs
    C:\Documents and Settings\guillaume\Application Data\ShoppingReport\cs\db\Sites.dbs
    C:\Documents and Settings\guillaume\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
    C:\Documents and Settings\guillaume\Application Data\ShoppingReport\cs\report\aggr_storage.xml
    C:\Documents and Settings\guillaume\Application Data\ShoppingReport\cs\report\send_storage.xml
    C:\Documents and Settings\guillaume\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
    C:\Documents and Settings\jean-marie\Application Data\SystemDoctor 2006 Free
    C:\Documents and Settings\jean-marie\Application Data\SystemDoctor 2006 Free\Logs\update.log
    C:\Program Files\Fichiers communs\Delsim
    C:\WINDOWS\system32\6_exception.nls

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_PERFORMANCE_MONITOR
    -------\Legacy_RUNTIME
    -------\Legacy_RUNTIME2
    -------\Service_Performance Monitor
    -------\Service_runtime


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-05 to 2008-04-05 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-04 21:33 . 2008-04-04 21:33 <REP> d-------- C:\Program Files\Microsoft Games
    2008-04-04 21:09 . 2008-04-04 21:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
    2008-04-04 20:54 . 2008-04-04 20:54 <REP> d-------- C:\Program Files\Ubisoft
    2008-04-04 17:54 . 2006-03-24 20:00 29,056 --a------ C:\WINDOWS\system32\dllcache\ip6fw.sys
    2008-04-04 15:56 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-04-04 15:56 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-04-04 15:56 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-04-04 15:56 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-04-04 15:56 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-04-04 15:56 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-04-04 15:56 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-04-04 15:56 . 2008-04-04 18:09 3,238 --a------ C:\WINDOWS\system32\tmp.reg
    2008-04-03 11:32 . 2008-04-03 11:32 13,146,966 --a------ C:\upload_moi_NOM-8F372C92E8F.tar.gz
    2008-04-03 10:38 . 2008-04-03 10:38 <REP> d-------- C:\Program Files\Navilog1
    2008-04-03 09:39 . 2008-04-03 09:39 <REP> d-------- C:\WINDOWS\ERUNT
    2008-04-03 09:19 . 2008-04-01 10:57 <REP> d-------- C:\SDFix
    2008-04-03 09:06 . 2008-04-03 09:06 <REP> d-------- C:\_OTMoveIt
    2008-04-02 21:13 . 2008-04-02 21:13 <REP> d--h----- C:\WINDOWS\PIF
    2008-04-01 10:47 . 2006-12-07 06:14 2,330,624 --------- C:\WINDOWS\system32\dllcache\wmvcore.dll
    2008-03-26 13:48 . 2008-03-26 13:48 <REP> d-------- C:\EH_Soft
    2008-03-20 19:36 . 2008-03-20 19:36 <REP> d-------- C:\Fraps
    2008-03-20 19:36 . 2008-03-20 19:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-16 16:35 . 2008-03-16 16:35 <REP> d-------- C:\Documents and Settings\jean-marie\Application Data\Uniblue

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-20 17:30 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
    2008-03-04 12:50 --------- d-----w C:\Program Files\SAGEM Wi-Fi USB 802.11g
    2008-02-25 15:11 --------- d-----w C:\Documents and Settings\jean-marie\Application Data\Ahead
    2008-02-18 18:43 --------- d-----w C:\Program Files\devolo
    2008-02-06 14:05 --------- d-----w C:\Documents and Settings\jean-marie\Application Data\OpenOffice.org2
    2008-02-06 14:02 --------- d-----w C:\Program Files\OpenOffice.org 2.3
    2007-09-26 08:28 0 ----a-w C:\Documents and Settings\jean-marie\Application Data\wklnhst.dat
    2007-01-23 16:14 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 20:00 15360]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
    "WOOKIT"="C:\PROGRA~1\WANADOO\Shell.exe" [2004-08-23 14:50 122880]
    "Net4Switch"="C:\Program Files\ASUS\Net4Switch\Net4Switch.exe" [ ]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [ ]
    "msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
    "Steam"="c:\program files\steam\steam.exe" [2008-03-28 15:59 1271032]
    "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
    "eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 16:57 5308416]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-04-17 02:24 110592]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 05:58 7581696]
    "nwiz"="nwiz.exe" [2006-07-20 05:58 1519616 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 05:58 86016]
    "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 01:56 16261632 C:\WINDOWS\RTHDCPL.EXE]
    "SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]
    "Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136]
    "ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 20:33 53248]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 05:02 786521]
    "ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-02 19:14 61440]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38 802816]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32 696320]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-03-28 17:38 94208 C:\WINDOWS\KHALMNPR.Exe]
    "WOOWATCH"="C:\PROGRA~1\WANADOO\Watch.exe" [2004-08-23 14:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\WANADOO\GestMaj.exe" [2004-10-14 16:55 32768]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 20:19 579072]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 20:00 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 11:31 219136]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "MSVideo8"= VfWWDM32.dll
    "VIDC.FPS1"= frapsvid.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Valve\\Condition Zero\\czero.exe"=
    "C:\\WINDOWS\\System32\\dpvsetup.exe"=
    "C:\\WINDOWS\\System32\\RUNDLL32.EXE"=
    "C:\\Program Files\\Fichiers communs\\i4j_jres\\1.6.0\\bin\\java.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

    R3 SynMini;USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\SynMini.sys [2006-08-08 23:15]
    R3 SynScan;USB2.0 1.3M WebCam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2006-08-08 23:15]
    S2 Userinit Logon Application;Userinit Logon Application;C:\WINDOWS\userinit.exe []
    S3 aaudstum;aaudstum;C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\aaudstum.sys []
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bac407c6-a4df-11dc-958c-0018f38d6029}]
    \Shell\AutoRun\command - G:\start.exe
    \Shell\iledefrance\command - G:\start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c10a68ce-d87d-11dc-95fc-0018f38d6029}]
    \Shell\AutoRun\command - F:\start.exe
    \Shell\iledefrance\command - F:\start.exe

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-05 13:13:11
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\PROGRA~1\WANADOO\TaskBarIcon.exe
    C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-05 13:14:44 - machine was rebooted [jean-marie]
    ComboFix-quarantined-files.txt 2008-04-05 11:14:42
    Pre-Run: 15,978,856,448 octets libres
    Post-Run: 17,564,205,056 octets libres
    .
    2008-04-05 10:43:25 --- E O F ---



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:20:22, on 05/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Wireless Console 2\wcourier.exe
    C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\WANADOO\TaskBarIcon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Wanadoo\EspaceWanadoo.exe
    C:\Program Files\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Wanadoo\Watch.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\jean-marie\Bureau\Nouveau dossier\test.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
    O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [Net4Switch] C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: MultiFrame.lnk = ?
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Userinit Logon Application - Unknown owner - C:\WINDOWS\userinit.exe (file missing)
    O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

    --
    End of file - 9356 bytes

    5 Avril 2008 13:24:31

    Je crois que je n'ai plus le virus , mais j'attend ta confrimation .
    5 Avril 2008 14:32:28

    Re,

    Toujours infecté(e) ;) 

    Rends toi sur ce lien : Virus Total
  • Clique sur Parcourir
  • Rends toi jusque sur ce fichier si tu le trouves :

    C:\WINDOWS\system32\dllcache\ip6fw.sys

  • Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image :
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
    Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.
    5 Avril 2008 16:24:55

    Re, dommage qu'il soit toujours la , et merci de ton aide =)

    Fichier ip6fw.sys reçu le 2008.04.03 22:51:35 (CET)Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.4.3.3 2008.04.03 -
    AntiVir 7.6.0.80 2008.04.03 -
    Authentium 4.93.8 2008.04.03 -
    Avast 4.7.1098.0 2008.04.02 -
    AVG 7.5.0.516 2008.04.03 -
    BitDefender 7.2 2008.04.03 -
    CAT-QuickHeal 9.50 2008.04.02 -
    ClamAV 0.92.1 2008.04.03 -
    DrWeb 4.44.0.09170 2008.04.03 -
    eSafe 7.0.15.0 2008.04.01 -
    eTrust-Vet 31.3.5667 2008.04.03 -
    Ewido 4.0 2008.04.03 -
    F-Prot 4.4.2.54 2008.04.03 -
    F-Secure 6.70.13260.0 2008.04.03 -
    FileAdvisor 1 2008.04.03 -
    Fortinet 3.14.0.0 2008.04.03 -
    Ikarus T3.1.1.20 2008.04.03 -
    Kaspersky 7.0.0.125 2008.04.03 -
    McAfee 5266 2008.04.03 -
    Microsoft 1.3408 2008.04.03 -
    NOD32v2 3000 2008.04.03 -
    Norman 5.80.02 2008.04.03 -
    Panda 9.0.0.4 2008.04.03 -
    Prevx1 V2 2008.04.03 -
    Rising 20.38.60.00 2008.04.03 -
    Sophos 4.28.0 2008.04.03 -
    Sunbelt 3.0.978.0 2008.03.18 -
    Symantec 10 2008.04.03 -
    TheHacker 6.2.92.263 2008.04.03 -
    VBA32 3.12.6.3 2008.03.25 -
    VirusBuster 4.3.26:9 2008.04.03 -
    Webwasher-Gateway 6.6.2 2008.04.03 -

    Information additionnelle
    File size: 29056 bytes
    MD5: 4448006b6bc60e6c027932cfc38d6855
    SHA1: 677304e575660642bced544266126131ff6ed75f
    PEiD: -

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.4.3.3 2008.04.03 -
    AntiVir 7.6.0.80 2008.04.03 -
    Authentium 4.93.8 2008.04.03 -
    Avast 4.7.1098.0 2008.04.02 -
    AVG 7.5.0.516 2008.04.03 -
    BitDefender 7.2 2008.04.03 -
    CAT-QuickHeal 9.50 2008.04.02 -
    ClamAV 0.92.1 2008.04.03 -
    DrWeb 4.44.0.09170 2008.04.03 -
    eSafe 7.0.15.0 2008.04.01 -
    eTrust-Vet 31.3.5667 2008.04.03 -
    Ewido 4.0 2008.04.03 -
    F-Prot 4.4.2.54 2008.04.03 -
    F-Secure 6.70.13260.0 2008.04.03 -
    FileAdvisor 1 2008.04.03 -
    Fortinet 3.14.0.0 2008.04.03 -
    Ikarus T3.1.1.20 2008.04.03 -
    Kaspersky 7.0.0.125 2008.04.03 -
    McAfee 5266 2008.04.03 -
    Microsoft 1.3408 2008.04.03 -
    NOD32v2 3000 2008.04.03 -
    Norman 5.80.02 2008.04.03 -
    Panda 9.0.0.4 2008.04.03 -
    Prevx1 V2 2008.04.03 -
    Rising 20.38.60.00 2008.04.03 -
    Sophos 4.28.0 2008.04.03 -
    Sunbelt 3.0.978.0 2008.03.18 -
    Symantec 10 2008.04.03 -
    TheHacker 6.2.92.263 2008.04.03 -
    VBA32 3.12.6.3 2008.03.25 -
    VirusBuster 4.3.26:9 2008.04.03 -
    Webwasher-Gateway 6.6.2 2008.04.03 -

    Information additionnelle
    File size: 29056 bytes
    MD5: 4448006b6bc60e6c027932cfc38d6855
    SHA1: 677304e575660642bced544266126131ff6ed75f
    PEiD: -

    5 Avril 2008 19:51:41

    Re,

    Bon ça me semble bon.

    Maintenant désinstalle AVG7 pour installer un antivirus gratuit plus performants qui rivalise avec les meilleurs payants ;) 

    Télécharge et installe Antivir. (tuto)
    Vérifie qu’il soit bien à jour ! Fais une analyse complète en mode sans échec, sauvegarde le rapport et poste le moi.

    ;) 
    6 Avril 2008 20:21:53

    Bonjour ,



    AntiVir PersonalEdition Classic
    Report file date: dimanche 6 avril 2008 19:16

    Scanning for 835736 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: jean-marie
    Computer name: NOM-8F372C92E8F

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:30
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:52
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:48
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:22
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:16
    ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:56
    ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 13:27:04
    ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 13:27:14
    AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 16:43:56
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:28
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:18
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:02
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:08
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:34
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:20
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:44
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:14
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:38
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:22

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: dimanche 6 avril 2008 19:16

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    12 processes with 12 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '49' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <DATA>


    End of the scan: dimanche 6 avril 2008 20:17
    Used time: 1:01:05 min

    The scan has been done completely.

    5505 Scanning directories
    211802 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    211802 Files not concerned
    7446 Archives were scanned
    1 Warnings
    0 Notes

    6 Avril 2008 21:14:07

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    ;) 
    7 Avril 2008 21:20:03

    Bonjour ,

    Malwarebytes' Anti-Malware 1.10
    Version de la base de données: 581

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 99782
    Temps écoulé: 2 hour(s), 10 minute(s), 59 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 6
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 3

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{bf1bf02c-5a86-4ecf-adac-472c54c4d21e} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Carlson (Dialer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Carlson (Dialer) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Delsim (Dialer) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\Fichiers communs\Carlson (Dialer) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Documents and Settings\All Users\Menu Démarrer\carlton (Dialer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Menu Démarrer\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully.
    7 Avril 2008 23:21:27

    Re,

    Poste un nouveau rapport hijackthis et dis-moi comment va le PC.

    ;) 
    8 Avril 2008 08:20:41

    Bonjour ,



    AntiVir PersonalEdition Classic
    Report file date: mardi 8 avril 2008 07:57

    Scanning for 1184663 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: NOM-8F372C92E8F

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:30
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:52
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:48
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:22
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:16
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 10:18:28
    ANTIVIR2.VDF : 7.0.3.85 434176 Bytes 27/03/2008 10:18:28
    ANTIVIR3.VDF : 7.0.3.126 232960 Bytes 07/04/2008 10:18:28
    AVEWIN32.DLL : 7.6.0.81 3424768 Bytes 07/04/2008 10:18:28
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:28
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:18
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 07/04/2008 10:18:28
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:08
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:34
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:20
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:44
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:14
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:38
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:22

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mardi 8 avril 2008 07:57

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'iexplore.exe' - '1' Module(s) have been scanned
    Scan process 'Watch.exe' - '1' Module(s) have been scanned
    Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned
    Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
    Scan process 'Inactivity.exe' - '1' Module(s) have been scanned
    Scan process 'Toaster.exe' - '1' Module(s) have been scanned
    Scan process 'ComComp.exe' - '1' Module(s) have been scanned
    Scan process 'EspaceWanadoo.exe' - '1' Module(s) have been scanned
    Scan process 'WUAUCLT.EXE' - '1' Module(s) have been scanned
    Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'TosBtHSP.exe' - '1' Module(s) have been scanned
    Scan process 'TosBtHid.exe' - '1' Module(s) have been scanned
    Scan process 'TosA2dp.exe' - '1' Module(s) have been scanned
    Scan process 'WLANUTL.EXE' - '1' Module(s) have been scanned
    Scan process 'TosBtMng.exe' - '1' Module(s) have been scanned
    Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned
    Scan process 'MultiFrame.exe' - '1' Module(s) have been scanned
    Scan process 'Steam.exe' - '1' Module(s) have been scanned
    Scan process 'MSNMSGR.EXE' - '1' Module(s) have been scanned
    Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
    Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
    Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned
    Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
    Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
    Scan process 'DMedia.exe' - '1' Module(s) have been scanned
    Scan process 'WCOURIER.EXE' - '1' Module(s) have been scanned
    Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
    Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
    Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
    Scan process 'EHMSAS.EXE' - '1' Module(s) have been scanned
    Scan process 'EHTRAY.EXE' - '1' Module(s) have been scanned
    Scan process 'ALG.EXE' - '1' Module(s) have been scanned
    Scan process 'MCRDSVC.EXE' - '1' Module(s) have been scanned
    Scan process 'WLANCFG.EXE' - '1' Module(s) have been scanned
    Scan process 'WDFMGR.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'NVSVC32.EXE' - '1' Module(s) have been scanned
    Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'FTRTSVC.EXE' - '1' Module(s) have been scanned
    Scan process 'SCHED.EXE' - '1' Module(s) have been scanned
    Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned
    Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
    Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
    Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
    Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
    Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
    Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
    60 processes with 60 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '46' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <DATA>


    End of the scan: mardi 8 avril 2008 08:19
    Used time: 22:28 min

    The scan has been done completely.

    5558 Scanning directories
    235343 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    235343 Files not concerned
    7736 Archives were scanned
    2 Warnings
    0 Notes

    8 Avril 2008 16:21:33

    Re,

    D'une je t'ai demandé un nouveau rapport HIJACKTHIS et non antivir :D  et de deux tu n'as pas répondu à ma question, à savoir : comment va le PC, toujours des problèmes ? :D 

    :p 
    8 Avril 2008 17:51:41

    a lol dsl , le pc je ne sais pas trop encore je le serais ce soir je pense .

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:51:14, on 08/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Wireless Console 2\wcourier.exe
    C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\WANADOO\TaskBarIcon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\program files\steam\steam.exe
    C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Wanadoo\EspaceWanadoo.exe
    C:\Program Files\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Wanadoo\Watch.exe
    C:\Documents and Settings\jean-marie\Bureau\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
    O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [Net4Switch] C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: MultiFrame.lnk = ?
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Userinit Logon Application - Unknown owner - C:\WINDOWS\userinit.exe (file missing)
    O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

    --
    End of file - 9236 bytes
    8 Avril 2008 17:57:01

    Re,

    Tu peux refaire un scan avec combofix ?

    ;) 
    8 Avril 2008 20:16:40

    Re ,


    ComboFix 08-04-08.4 - jean-marie 2008-04-08 20:14:14.2 - FAT32x86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1411 [GMT 2:00]
    Endroit: C:\Documents and Settings\jean-marie\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-08 to 2008-04-08 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-07 18:59 . 2008-04-07 18:59 <REP> d-------- C:\Documents and Settings\jean-marie\Application Data\Malwarebytes
    2008-04-07 18:58 . 2008-04-07 18:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-07 18:58 . 2008-04-07 18:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-07 18:25 . 2008-04-07 18:25 <REP> d-------- C:\Program Files\My Company Name
    2008-04-07 12:13 . 2008-04-07 12:13 <REP> d-------- C:\Program Files\SystemRequirementsLab
    2008-04-07 11:36 . 2008-04-07 11:36 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
    2008-04-06 14:02 . 2008-04-06 14:02 <REP> d-------- C:\Program Files\Teamspeak2_RC2
    2008-04-06 14:02 . 2008-04-06 14:02 <REP> d-------- C:\Documents and Settings\jean-marie\Application Data\teamspeak2
    2008-04-06 14:02 . 2008-04-06 14:02 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
    2008-04-06 12:17 . 2008-04-06 12:17 <REP> d-------- C:\Program Files\Avira
    2008-04-06 12:17 . 2008-04-06 12:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-04-05 23:40 . 2008-04-05 23:40 13,497,704 --a------ C:\upload_moi_NOM-8F372C92E8F.tar.gz
    2008-04-04 21:33 . 2008-04-04 21:33 <REP> d-------- C:\Program Files\Microsoft Games
    2008-04-04 15:56 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-04-04 15:56 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-04-04 15:56 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-04-04 15:56 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-04-04 15:56 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-04-04 15:56 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-04-04 15:56 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-04-04 15:56 . 2008-04-04 18:09 3,238 --a------ C:\WINDOWS\system32\tmp.reg
    2008-04-03 10:38 . 2008-04-03 10:38 <REP> d-------- C:\Program Files\Navilog1
    2008-04-03 09:39 . 2008-04-03 09:39 <REP> d-------- C:\WINDOWS\ERUNT
    2008-04-03 09:19 . 2008-04-01 10:57 <REP> d-------- C:\SDFix
    2008-04-03 09:06 . 2008-04-03 09:06 <REP> d-------- C:\_OTMoveIt
    2008-04-02 21:13 . 2008-04-02 21:13 <REP> d--h----- C:\WINDOWS\PIF
    2008-04-01 10:47 . 2006-12-07 06:14 2,330,624 --------- C:\WINDOWS\system32\dllcache\wmvcore.dll
    2008-03-26 13:48 . 2008-03-26 13:48 <REP> d-------- C:\EH_Soft
    2008-03-20 19:36 . 2008-03-20 19:36 <REP> d-------- C:\Fraps
    2008-03-20 19:36 . 2008-03-20 19:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-16 16:35 . 2008-03-16 16:35 <REP> d-------- C:\Documents and Settings\jean-marie\Application Data\Uniblue

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-20 17:30 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
    2008-03-04 12:50 --------- d-----w C:\Program Files\SAGEM Wi-Fi USB 802.11g
    2008-02-25 15:11 --------- d-----w C:\Documents and Settings\jean-marie\Application Data\Ahead
    2008-02-18 18:43 --------- d-----w C:\Program Files\devolo
    2007-09-26 08:28 0 ----a-w C:\Documents and Settings\jean-marie\Application Data\wklnhst.dat
    2007-01-23 16:14 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-05_13.14.30.07 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-03-29 09:07:12 206,384 ----a-w C:\WINDOWS\Downloaded Program Files\sysreqlab2.dll
    + 2008-04-07 09:36:14 23,600 ----a-w C:\WINDOWS\Downloaded Program Files\tvichw32.sys
    + 2008-04-07 16:25:34 10,134 ----a-r C:\WINDOWS\Installer\{29C22873-B939-4EF9-B6E3-1EFE7FA391D1}\ARPPRODUCTICON.exe
    + 2004-07-14 23:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1928\_aspnet_isapi.dll
    + 2004-07-14 22:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1928\_CORPerfMonExt.dll
    + 2004-07-14 22:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1928\_FUSION.DLL
    + 2004-07-14 22:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1928\_MSCORJIT.DLL
    + 2004-07-15 12:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1928\_MSCORLIB.DLL
    + 2003-02-20 17:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1928\_MSCORSN.DLL
    + 2004-07-14 22:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1928\_MSCORSVR.DLL
    + 2004-07-14 22:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1928\_mscorwks.dll
    + 2003-02-21 02:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1928\_MSVCR71.dll
    + 2004-07-14 22:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1928\_PerfCounter.dll
    + 2004-07-14 23:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3428\_aspnet_isapi.dll
    + 2004-07-14 22:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3428\_CORPerfMonExt.dll
    + 2004-07-14 22:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3428\_FUSION.DLL
    + 2004-07-14 22:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3428\_MSCORJIT.DLL
    + 2004-07-15 12:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3428\_MSCORLIB.DLL
    + 2003-02-20 17:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3428\_MSCORSN.DLL
    + 2004-07-14 22:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3428\_MSCORSVR.DLL
    + 2004-07-14 22:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3428\_mscorwks.dll
    + 2003-02-21 02:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3428\_MSVCR71.dll
    + 2004-07-14 22:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3428\_PerfCounter.dll
    + 2006-09-06 17:08:00 3,694,208 ----a-w C:\WINDOWS\system32\dllcache\nv4_mini.sys
    + 2007-08-09 11:04:12 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
    + 2007-07-18 12:22:20 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
    + 2008-04-07 10:18:28 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    - 2006-07-20 03:58:00 3,685,152 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
    + 2006-09-06 17:08:00 3,694,208 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
    + 2007-03-01 08:34:38 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
    - 2006-07-20 03:58:00 3,989,504 ----a-w C:\WINDOWS\system32\nv4_disp.dll
    + 2006-09-06 17:08:00 3,989,504 ----a-w C:\WINDOWS\system32\nv4_disp.dll
    - 2006-07-20 03:58:00 98,304 ----a-w C:\WINDOWS\system32\nvapi.dll
    + 2006-09-06 17:08:00 98,304 ----a-w C:\WINDOWS\system32\nvapi.dll
    - 2006-07-20 03:58:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
    + 2006-09-06 17:08:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
    - 2006-07-20 03:58:00 35,840 ----a-w C:\WINDOWS\system32\nvcod.dll
    + 2006-09-06 17:08:00 35,840 ----a-w C:\WINDOWS\system32\nvcod.dll
    - 2006-07-20 03:58:00 35,840 ----a-w C:\WINDOWS\system32\nvcodins.dll
    + 2006-09-06 17:08:00 35,840 ----a-w C:\WINDOWS\system32\nvcodins.dll
    - 2006-07-20 03:58:00 7,581,696 ----a-w C:\WINDOWS\system32\nvcpl.dll
    + 2006-09-06 17:08:00 7,585,792 ----a-w C:\WINDOWS\system32\nvcpl.dll
    - 2006-07-20 03:58:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
    + 2006-09-06 17:08:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
    - 2006-07-20 03:58:00 1,470,464 ----a-w C:\WINDOWS\system32\nview.dll
    + 2006-09-06 17:08:00 1,470,464 ----a-w C:\WINDOWS\system32\nview.dll
    - 2006-07-20 03:58:00 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
    + 2006-09-06 17:08:00 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
    - 2006-07-20 03:58:00 5,419,008 ----a-w C:\WINDOWS\system32\nvoglnt.dll
    + 2006-09-06 17:08:00 5,419,008 ----a-w C:\WINDOWS\system32\nvoglnt.dll
    - 2006-07-20 03:58:00 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
    + 2006-09-06 17:08:00 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
    - 2006-07-20 03:58:00 245,760 ----a-w C:\WINDOWS\system32\nvrscs.dll
    + 2006-09-06 17:08:00 245,760 ----a-w C:\WINDOWS\system32\nvrscs.dll
    - 2006-07-20 03:58:00 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
    + 2006-09-06 17:08:00 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
    - 2006-07-20 03:58:00 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
    + 2006-09-06 17:08:00 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
    - 2006-07-20 03:58:00 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
    + 2006-09-06 17:08:00 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
    - 2006-07-20 03:58:00 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
    + 2006-09-06 17:08:00 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
    - 2006-07-20 03:58:00 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
    + 2006-09-06 17:08:00 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
    - 2006-07-20 03:58:00 245,760 ----a-w C:\WINDOWS\system32\nvrsfi.dll
    + 2006-09-06 17:08:00 245,760 ----a-w C:\WINDOWS\system32\nvrsfi.dll
    - 2006-07-20 03:58:00 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
    + 2006-09-06 17:08:00 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
    - 2006-07-20 03:58:00 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
    + 2006-09-06 17:08:00 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
    - 2006-07-20 03:58:00 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
    + 2006-09-06 17:08:00 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
    - 2006-07-20 03:58:00 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
    + 2006-09-06 17:08:00 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
    - 2006-07-20 03:58:00 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
    + 2006-09-06 17:08:00 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
    - 2006-07-20 03:58:00 262,144 ----a-w C:\WINDOWS\system32\nvrsko.dll
    + 2006-09-06 17:08:00 262,144 ----a-w C:\WINDOWS\system32\nvrsko.dll
    - 2006-07-20 03:58:00 270,336 ----a-w C:\WINDOWS\system32\nvrsnl.dll
    + 2006-09-06 17:08:00 270,336 ----a-w C:\WINDOWS\system32\nvrsnl.dll
    - 2006-07-20 03:58:00 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
    + 2006-09-06 17:08:00 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
    - 2006-07-20 03:58:00 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
    + 2006-09-06 17:08:00 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
    - 2006-07-20 03:58:00 270,336 ----a-w C:\WINDOWS\system32\nvrspt.dll
    + 2006-09-06 17:08:00 270,336 ----a-w C:\WINDOWS\system32\nvrspt.dll
    - 2006-07-20 03:58:00 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
    + 2006-09-06 17:08:00 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
    - 2006-07-20 03:58:00 266,240 ----a-w C:\WINDOWS\system32\nvrsru.dll
    + 2006-09-06 17:08:00 266,240 ----a-w C:\WINDOWS\system32\nvrsru.dll
    - 2006-07-20 03:58:00 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
    + 2006-09-06 17:08:00 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
    - 2006-07-20 03:58:00 253,952 ----a-w C:\WINDOWS\system32\nvrssl.dll
    + 2006-09-06 17:08:00 253,952 ----a-w C:\WINDOWS\system32\nvrssl.dll
    - 2006-07-20 03:58:00 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
    + 2006-09-06 17:08:00 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
    - 2006-07-20 03:58:00 253,952 ----a-w C:\WINDOWS\system32\nvrstr.dll
    + 2006-09-06 17:08:00 253,952 ----a-w C:\WINDOWS\system32\nvrstr.dll
    - 2006-07-20 03:58:00 221,184 ----a-w C:\WINDOWS\system32\nvrszhc.dll
    + 2006-09-06 17:08:00 221,184 ----a-w C:\WINDOWS\system32\nvrszhc.dll
    - 2006-07-20 03:58:00 122,880 ----a-w C:\WINDOWS\system32\nvrszht.dll
    + 2006-09-06 17:08:00 122,880 ----a-w C:\WINDOWS\system32\nvrszht.dll
    - 2006-07-20 03:58:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
    + 2006-09-06 17:08:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
    - 2006-07-20 03:58:00 143,426 ----a-w C:\WINDOWS\system32\nvsvc32.exe
    + 2006-09-06 17:08:00 143,426 ----a-w C:\WINDOWS\system32\nvsvc32.exe
    - 2006-07-20 03:58:00 208,896 ----a-w C:\WINDOWS\system32\nvudisp.exe
    + 2006-06-01 17:09:24 208,896 ----a-w C:\WINDOWS\system32\nvudisp.exe
    - 2006-07-20 03:58:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
    + 2006-09-06 17:08:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
    - 2006-07-20 03:58:00 1,662,976 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
    + 2006-09-06 17:08:00 1,662,976 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
    - 2006-07-20 03:58:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
    + 2006-09-06 17:08:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
    - 2006-07-20 03:58:00 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
    + 2006-09-06 17:08:00 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
    - 2006-07-20 03:58:00 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
    + 2006-09-06 17:08:00 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
    - 2006-07-20 03:58:00 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
    + 2006-09-06 17:08:00 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
    - 2006-07-20 03:58:00 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
    + 2006-09-06 17:08:00 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
    - 2006-07-20 03:58:00 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
    + 2006-09-06 17:08:00 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
    - 2006-07-20 03:58:00 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
    + 2006-09-06 17:08:00 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
    - 2006-07-20 03:58:00 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
    + 2006-09-06 17:08:00 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
    - 2006-07-20 03:58:00 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
    + 2006-09-06 17:08:00 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
    - 2006-07-20 03:58:00 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
    + 2006-09-06 17:08:00 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
    - 2006-07-20 03:58:00 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
    + 2006-09-06 17:08:00 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
    - 2006-07-20 03:58:00 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
    + 2006-09-06 17:08:00 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
    - 2006-07-20 03:58:00 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
    + 2006-09-06 17:08:00 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
    - 2006-07-20 03:58:00 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
    + 2006-09-06 17:08:00 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
    - 2006-07-20 03:58:00 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
    + 2006-09-06 17:08:00 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
    - 2006-07-20 03:58:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
    + 2006-09-06 17:08:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
    - 2006-07-20 03:58:00 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
    + 2006-09-06 17:08:00 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
    - 2006-07-20 03:58:00 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
    + 2006-09-06 17:08:00 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
    - 2006-07-20 03:58:00 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
    + 2006-09-06 17:08:00 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
    - 2006-07-20 03:58:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
    + 2006-09-06 17:08:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
    - 2006-07-20 03:58:00 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
    + 2006-09-06 17:08:00 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
    - 2006-07-20 03:58:00 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
    + 2006-09-06 17:08:00 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
    - 2006-07-20 03:58:00 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
    + 2006-09-06 17:08:00 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
    - 2006-07-20 03:58:00 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
    + 2006-09-06 17:08:00 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
    - 2006-07-20 03:58:00 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
    + 2006-09-06 17:08:00 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
    - 2006-07-20 03:58:00 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
    + 2006-09-06 17:08:00 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
    - 2006-07-20 03:58:00 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
    + 2006-09-06 17:08:00 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
    - 2006-07-20 03:58:00 1,519,616 ----a-w C:\WINDOWS\system32\nwiz.exe
    + 2006-09-06 17:08:00 1,617,920 ----a-w C:\WINDOWS\system32\nwiz.exe
    + 2006-07-20 03:58:00 3,989,504 ----a-w C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\nv4_disp.dll
    + 2006-07-20 03:58:00 3,685,152 ----a-w C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\nv4_mini.sys
    + 2006-07-20 03:58:00 98,304 ----a-w C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\nvapi.dll
    + 2006-07-20 03:58:00 35,840 ----a-w C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\nvcod.dll
    + 2006-07-20 03:58:00 7,581,696 ----a-w C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\nvcpl.dll
    + 2006-07-20 03:58:00 86,016 ----a-w C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\nvmctray.dll
    + 2006-07-20 03:58:00 5,419,008 ----a-w C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\nvoglnt.dll
    + 2006-07-20 03:58:00 143,426 ----a-w C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\nvsvc32.exe
    + 2006-07-20 03:58:00 81,920 ----a-w C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\nvwddi.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 20:00 15360]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
    "WOOKIT"="C:\PROGRA~1\WANADOO\Shell.exe" [2004-08-23 14:50 122880]
    "Net4Switch"="C:\Program Files\ASUS\Net4Switch\Net4Switch.exe" [ ]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [ ]
    "msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
    "Steam"="c:\program files\steam\steam.exe" [2008-03-28 15:59 1271032]
    "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-04-17 02:24 110592]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-09-06 19:08 7585792]
    "nwiz"="nwiz.exe" [2006-09-06 19:08 1617920 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-09-06 19:08 86016]
    "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 01:56 16261632 C:\WINDOWS\RTHDCPL.EXE]
    "SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]
    "Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136]
    "ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 20:33 53248]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 05:02 786521]
    "ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-02 19:14 61440]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38 802816]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32 696320]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-03-28 17:38 94208 C:\WINDOWS\KHALMNPR.Exe]
    "WOOWATCH"="C:\PROGRA~1\WANADOO\Watch.exe" [2004-08-23 14:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\WANADOO\GestMaj.exe" [2004-10-14 16:55 32768]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-07 12:18 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 20:00 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    MultiFrame.lnk - C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe [2006-10-22 08:27:58 491520]
    Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-05-16 11:42:52 1777664]
    Sagem - Utilitaire r‚seau pour Cl‚ USB Wi-Fi 802.11g.lnk - C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2008-03-04 14:49:59 667648]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\WINDOWS\\System32\\dpvsetup.exe"=
    "C:\\WINDOWS\\System32\\RUNDLL32.EXE"=
    "C:\\Program Files\\Fichiers communs\\i4j_jres\\1.6.0\\bin\\java.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\barzuln\\counter-strike source\\hl2.exe"=

    R3 SynMini;USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\SynMini.sys [2006-08-08 23:15]
    R3 SynScan;USB2.0 1.3M WebCam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2006-08-08 23:15]
    S2 Userinit Logon Application;Userinit Logon Application;C:\WINDOWS\userinit.exe []
    S3 aaudstum;aaudstum;C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\aaudstum.sys []
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bac407c6-a4df-11dc-958c-0018f38d6029}]
    \Shell\AutoRun\command - G:\start.exe
    \Shell\iledefrance\command - G:\start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c10a68ce-d87d-11dc-95fc-0018f38d6029}]
    \Shell\AutoRun\command - F:\start.exe
    \Shell\iledefrance\command - F:\start.exe

    .
    **************************************************************************

    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-08 20:15:34
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-08 20:15:46
    ComboFix-quarantined-files.txt 2008-04-08 18:15:46
    ComboFix2.txt 2008-04-05 11:14:46
    Pre-Run: 25,514,475,520 octets libres
    Post-Run: 25,500,024,832 octets libres
    .
    2008-04-08 11:28:50 --- E O F ---
    9 Avril 2008 13:41:07

    Bonjour , mon pc rame moin :)  merci de m'avoir aidé =)
    9 Avril 2008 18:15:38

    Re,

    Tu peux poster un nouveau rapport hijackthis ?

    Estimes-tu toujours avoir des problèmes ?

    ;) 
    9 Avril 2008 19:15:15

    Re , j'ai demandé de l'aide pou enlever les virus sur mon pc parceque je croyait que sa me faisait laguer sur un jeu , la je crois qu'il n'y a plus de virus , le jeu lag moin dnc j'ai toujours un petit probleme de lag mais je ne pense aps que sa viennent de virus ^^ . Merci encore .



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:13:11, on 09/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\WANADOO\TaskBarIcon.exe
    C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Wanadoo\EspaceWanadoo.exe
    C:\Program Files\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Wanadoo\Watch.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\jean-marie\Bureau\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
    O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [Net4Switch] C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: MultiFrame.lnk = ?
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Userinit Logon Application - Unknown owner - C:\WINDOWS\userinit.exe (file missing)
    O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

    --
    End of file - 9430 bytes
    10 Avril 2008 19:01:28

    :hello: 

    Dernière vérif :) 

    Fais analyser ce fichier sur virus total.

    C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

    ;) 
    10 Avril 2008 21:02:34

    Re , je ne trouve pas ce fichier , je ne trouve pas le dossier Uniblue .
    10 Avril 2008 23:43:29

    Re,

    As-tu affiché les dossiers cachés ?

    Si tu ne le trouves pas, même en ayant affiché les dossiers cachés, alors poste-moi un nouveau rapport hijackthis qu'on finisse la désinfection :super:

    Bonne nuit, à demain :hello: 
    11 Avril 2008 15:54:21

    Re , oui j'ai affiché les dossiers cachés ,



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:51:57, on 11/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Wireless Console 2\wcourier.exe
    C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\PROGRA~1\WANADOO\TaskBarIcon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\program files\steam\steam.exe
    C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
    C:\PROGRA~1\WANADOO\EspaceWanadoo.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\PROGRA~1\WANADOO\ComComp.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\PROGRA~1\WANADOO\Toaster.exe
    C:\PROGRA~1\WANADOO\Inactivity.exe
    C:\PROGRA~1\WANADOO\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\WANADOO\Watch.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Documents and Settings\jean-marie\Bureau\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
    O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [Net4Switch] C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: MultiFrame.lnk = ?
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Userinit Logon Application - Unknown owner - C:\WINDOWS\userinit.exe (file missing)
    O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

    --
    End of file - 9194 bytes
    11 Avril 2008 16:33:21

    C’est OK, tu n’es plus infecté(e) :p 

    1) Télécharge ToolsCleaner sur ton bureau.
    http://www.commentcamarche.net/telecharger/toolscleaner...

    Ce programme va te faire désinstaller tous les outils que je t’ai faits utiliser.

  • Clique sur Recherche et laisse le scan agir ...
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    2) Télécharge et installe Ccleaner :
    http://www.01net.com/telecharger/windows/Utilitaire/net...
  • Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Clique sur l'onglet "Nettoyeur" puis sur "Lancer le Nettoyage".
  • Ensuite clique sur l'onglet Registre, clique sur "Chercher des erreurs" puis sur "Réparer les erreurs sélectionnées". Il est inutile de faire des sauvegardes des clés. Répète l'opération autant de fois qu'il le faut jusqu'à qu'il ne trouve plus d'erreurs.
  • Tutorial ici : http://www.infos-du-net.com/forum/272336-7-ccleaner-und...
    3)
  • Désactive ta restauration systeme

  • Réactive ta restauration systeme

  • Tutorial ici : http://www.infos-du-net.com/forum/272480-11-desactiver-...
    ********************************************************************************

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Ce serait sympa de rapporter ton infection sur > Malware-Complaints < pour faire condamner ses auteurs

    - Règles du forum <- ici
    - Poster un message <- ici ( par Malekal )

    Pour t'enregistrer clique sur le bouton register ( en haut )
    Si tu as plus de 13 ans choisis " I Agree to these terms and am over or exactly 13 years of age "
    Si tu as moins de 13 ans choisis " I Agree to these terms and am under 13 years of age "

    Tu auras une liste par type d'infection
    Si ton infection n'est pas dans la liste crée un message dans Autres infections

    a+ et bon surf :hello: 


    Quelques liens intéressants :

    http://mickael.barroux.free.fr/securite/
    http://www.malekal.com/
    http://www.infos-du-net.com/forum/275481-11-dossier-pre...
    11 Avril 2008 20:42:48

    Re merci beaucoup =) , voici le dernier rapport :


    -->- Recherche:

    C:\SDFIX: trouvé !
    C:\Qoobox: trouvé !
    C:\_OtMoveIt: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
    C:\Documents and Settings\jean-marie\Recent\HijackThis.lnk: trouvé !
    C:\Documents and Settings\jean-marie\Bureau\BtFix.zip: trouvé !
    C:\Documents and Settings\jean-marie\Bureau\ComboFix.exe: trouvé !
    C:\Documents and Settings\jean-marie\Bureau\HijackThis.exe: trouvé !
    C:\Documents and Settings\jean-marie\Bureau\Btfix: trouvé !
    C:\Documents and Settings\jean-marie\Bureau\BTFix\Btfix: trouvé !
    C:\Documents and Settings\guillaume\Mes documents\Jean Marie BOURDERYE\BtFix.zip: trouvé !
    C:\Documents and Settings\guillaume\Mes documents\Jean Marie BOURDERYE\OtMoveIt2.exe: trouvé !
    C:\Documents and Settings\guillaume\Mes documents\Jean Marie BOURDERYE\Navilog1.exe: trouvé !
    C:\Documents and Settings\guillaume\Mes documents\Jean Marie BOURDERYE\Btfix: trouvé !
    C:\Program Files\Navilog1: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
    C:\Documents and Settings\jean-marie\Recent\HijackThis.lnk: supprimé !
    C:\Documents and Settings\jean-marie\Bureau\BtFix.zip: supprimé !
    C:\Documents and Settings\jean-marie\Bureau\ComboFix.exe: supprimé !
    C:\Documents and Settings\jean-marie\Bureau\HijackThis.exe: supprimé !
    C:\Documents and Settings\guillaume\Mes documents\Jean Marie BOURDERYE\BtFix.zip: supprimé !
    C:\Documents and Settings\guillaume\Mes documents\Jean Marie BOURDERYE\OtMoveIt2.exe: supprimé !
    C:\Documents and Settings\guillaume\Mes documents\Jean Marie BOURDERYE\Navilog1.exe: supprimé !
    C:\SDFIX: supprimé !
    C:\Qoobox: supprimé !
    C:\_OtMoveIt: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
    C:\Documents and Settings\jean-marie\Bureau\Btfix: supprimé !
    C:\Documents and Settings\guillaume\Mes documents\Jean Marie BOURDERYE\Btfix: supprimé !
    C:\Program Files\Navilog1: supprimé !
    11 Avril 2008 22:38:55

    Re,

    De rien ce fut un plaisir !

    Rapporte ton infection sur malware complain si ce n'est pas fait, c'est important ;) 

    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Bonne continuation :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS