Se connecter / S'enregistrer
Votre question

Bonjour. Problème fenêtres intempestives Antivirus type orange

Tags :
  • Fenêtre intempestive
  • Sécurité
Dernière réponse : dans Sécurité et virus
17 Février 2008 19:10:44

Bonjour.
Je suis désemparé :

Depuis trois jours, et après plusieurs passage de spybot, avast... j'ai toujours un gros ralentissement ordi et internet avec pleins de fenetres intempestives me précisant que mon système est en danger (ces fenetres s'ouvrent de type Orange)

Config :
Xp familiale
Live box orange

voici le rapport hijackthis ( systématiquement demandé donc déja fait !!!lol)
merci de m'aider par avance.

Alexbobol

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:58:31, on 17/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\explorer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.neuf.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [68963a3b] rundll32.exe "C:\WINDOWS\system32\xngugukc.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/Obe...
O17 - HKLM\System\CCS\Services\Tcpip\..\{E64FC957-1F40-4AC8-AF60-A2F0DF520E69}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: C:\WINDOWS\system32\mmmdnbdn.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 9342 bytes

Autres pages sur : bonjour probleme fenetres intempestives antivirus type orange

17 Février 2008 19:32:00

Salut,

Télécharge Combofix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt
17 Février 2008 20:45:54


Re et merci encore de me donner un coup de main.
Voici le résultat : de combofix

ComboFix 08-02-17.2 - nad et alex 2008-02-17 19:35:28.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.569 [GMT 1:00]
Endroit: C:\Documents and Settings\nad et alex\Local Settings\Temporary Internet Files\Content.IE5\33ZEBZEJ\ComboFix[1].exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\vtstr.dll
C:\WINDOWS\system32\wvuroop.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ckugugnx.ini
C:\WINDOWS\system32\drivers\PMH36.sys
C:\WINDOWS\system32\drivers\symavc32.sys . . . . Echec de suppression
C:\WINDOWS\system32\gndndqnw.dll
C:\WINDOWS\system32\koleplml.dll
C:\WINDOWS\system32\lt.res
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\njoahang.dllbox
C:\WINDOWS\system32\nmxwvwdz.dllbox
C:\WINDOWS\system32\nrynpats.ini
C:\WINDOWS\system32\rqrstts.dll
C:\WINDOWS\system32\rtstv.ini
C:\WINDOWS\system32\rtstv.ini2
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\vtstr.dll
C:\WINDOWS\system32\wvuroop.dll
C:\WINDOWS\system32\xngugukc.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_MSUPDATE
-------\LEGACY_NTMLSVC
-------\LEGACY_PMH36
-------\LEGACY_RUNTIME


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))))))))
.

2008-02-17 18:57 . 2008-02-17 18:57 <REP> d-------- C:\Program Files\Trend Micro
2008-02-17 17:11 . 2008-02-17 17:11 674,600 --a------ C:\WINDOWS\system32\pbsvc[1].exe
2008-02-17 17:11 . 2008-02-17 17:11 22,328 --a------ C:\Documents and Settings\nad et alex\Application Data\PnkBstrK.sys
2008-02-17 16:49 . 2008-02-17 20:21 <REP> d-------- C:\Program Files\Steam
2008-02-17 16:18 . 2007-12-07 03:08 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-17 16:18 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-17 16:18 . 2007-07-01 04:36 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-17 16:18 . 2007-12-07 03:08 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-17 16:18 . 2007-12-07 03:08 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-17 16:18 . 2007-12-07 03:08 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-17 16:18 . 2007-12-07 03:08 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-17 16:18 . 2007-12-07 03:08 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-17 16:18 . 2007-12-06 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-17 16:17 . 2008-02-17 16:18 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-02-17 15:39 . 2008-02-17 15:39 <REP> d-------- C:\WINDOWS\report
2008-02-17 15:39 . 2008-02-17 15:38 36,273,305 --a------ C:\WINDOWS\LPT$VPN.107
2008-02-17 15:38 . 2008-02-17 15:38 <REP> d-------- C:\WINDOWS\AU_Backup
2008-02-17 15:38 . 2008-02-17 15:38 36,273,305 --a------ C:\WINDOWS\VPTNFILE.107
2008-02-17 15:38 . 2008-02-17 15:38 1,922,158 --a------ C:\WINDOWS\tsc.ptn
2008-02-17 15:38 . 2008-02-17 15:38 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-02-17 15:38 . 2008-02-17 15:38 267,845 --a------ C:\WINDOWS\tsc.exe
2008-02-17 15:38 . 2008-02-17 15:38 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-02-17 15:38 . 2008-02-17 15:38 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-02-17 15:38 . 2008-02-17 16:03 823 --a------ C:\WINDOWS\tsc.ini
2008-02-17 15:37 . 2008-02-17 15:38 <REP> d-------- C:\WINDOWS\AU_Temp
2008-02-17 15:37 . 2008-02-17 15:37 <REP> d-------- C:\WINDOWS\AU_Log
2008-02-17 15:37 . 2008-02-17 15:37 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-02-17 15:37 . 2008-02-17 15:37 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-02-17 15:37 . 2008-02-17 15:37 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-02-17 15:37 . 2008-02-17 15:37 170 --a------ C:\WINDOWS\GetServer.ini
2008-02-17 15:20 . 2008-02-17 15:20 29 --a------ C:\WINDOWS\system32\wgygstht.tmp
2008-02-17 14:44 . 2008-02-17 14:43 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-17 14:44 . 2008-02-17 14:44 3,451 --a------ C:\WINDOWS\unins000.dat
2008-02-17 14:41 . 2008-02-17 14:47 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-17 14:41 . 2008-02-17 14:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-17 14:10 . 2008-02-17 17:27 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-02-17 10:02 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-17 10:02 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-17 10:02 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-17 10:02 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-17 10:02 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-17 10:02 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-17 10:02 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-17 10:02 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-17 10:01 . 2008-02-17 10:01 <REP> d-------- C:\Program Files\Alwil Software
2008-02-16 17:40 . 2008-02-16 17:40 6,656 --a------ C:\WINDOWS\system32\create.exe
2008-02-16 17:39 . 2008-02-16 17:39 16,384 --a------ C:\WINDOWS\system32\mmmdnbdn.dll
2008-02-16 17:30 . 2008-02-16 17:30 25,600 --a------ C:\WINDOWS\system32\socksys.dll
2008-02-16 17:30 . 2008-02-17 20:19 21,120 --a------ C:\WINDOWS\system32\drivers\Hhw41.sys
2008-02-16 17:30 . 2008-02-16 17:30 16,384 --a------ C:\WINDOWS\system32\mmmctrct.dll
2008-02-16 17:30 . 2008-02-17 19:41 6,656 --a------ C:\WINDOWS\system32\WLCtrl32.dll
2008-02-16 15:25 . 2008-02-17 17:11 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-02-16 14:30 . 2008-02-16 17:30 3,584 --a------ C:\qrwkjyd.exe
2008-02-16 14:28 . 2008-02-16 17:30 167,936 --a------ C:\WINDOWS\system32\drivers\symavc32.sys
2008-02-16 14:27 . 2008-02-16 17:30 2 --a------ C:\1754675860
2008-02-16 14:26 . 2008-02-16 14:27 151,552 --a------ C:\wpohl.exe~
2008-02-11 14:16 . 2008-02-17 11:17 <REP> d-------- C:\SIERRA
2008-02-11 14:16 . 1998-10-30 22:21 1,022,976 --------- C:\WINDOWS\system32\SierraNW.dll
2008-02-11 14:16 . 1998-10-30 22:21 231,936 --------- C:\WINDOWS\system32\SNWValid.dll
2008-02-11 14:15 . 2008-02-11 14:17 342 --a------ C:\WINDOWS\SIERRA.INI
2008-02-05 21:31 . 2008-02-05 21:31 <REP> d-------- C:\Documents and Settings\Charlotte\Application Data\Corel Photo Album
2008-02-02 14:30 . 2008-02-17 10:50 <REP> d-------- C:\Program Files\MultiMedia France Toolbar
2008-02-02 14:30 . 2008-02-02 14:30 <REP> d-------- C:\Program Files\Multi_Media_France
2008-02-02 12:25 . 2008-02-16 15:25 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe~
2008-02-02 12:25 . 2008-02-02 12:25 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe~
2008-02-02 12:25 . 2008-02-17 17:27 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-02 11:40 . 2008-02-02 11:40 <REP> d---s---- C:\Documents and Settings\Charlotte\UserData
2008-02-02 09:49 . 2008-02-02 09:49 <REP> d-------- C:\WINDOWS\system32\AlertModule
2008-02-02 09:49 . 2003-08-04 13:22 94,208 --a------ C:\WINDOWS\system32\W32n50.dll
2008-02-02 09:49 . 2004-08-23 13:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2008-02-02 09:49 . 2005-10-06 13:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2008-02-02 09:49 . 2004-08-23 13:50 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2008-02-02 09:49 . 2003-08-04 13:22 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS
2008-02-02 09:47 . 2008-02-17 20:21 <REP> d-------- C:\Program Files\Wanadoo
2008-02-02 09:45 . 2008-02-02 09:45 <REP> d-------- C:\Program Files\Securitoo
2008-02-02 09:42 . 2007-07-09 14:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-31 17:31 . 2008-01-31 17:31 <REP> d-------- C:\Documents and Settings\nad et alex\Application Data\InterTrust

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 14:17 --------- d-----w C:\Program Files\eMule
2008-02-14 16:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-01-31 16:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-31 16:30 --------- d-----w C:\Program Files\Micro Application
2008-01-28 20:27 --------- d-----w C:\Program Files\GV AbsoluCasino
2008-01-13 15:48 --------- d-----w C:\Program Files\Inventel
2008-01-12 15:48 --------- d-----w C:\Program Files\McAfee
2008-01-12 15:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-12 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-12 15:08 --------- d-----w C:\Program Files\EA GAMES
2008-01-12 15:06 --------- d-----w C:\Program Files\Corel
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2004-08-05 12:00 65,024 --sha-w C:\WINDOWS\system32\asycfilt.dll
2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll
2004-08-05 12:00 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2004-08-05 12:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll
2004-08-05 12:00 413,696 --sha-w C:\WINDOWS\system32\MSVCP60.dll
2004-08-05 12:00 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2004-08-05 12:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll
2004-08-05 12:00 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll
2004-08-05 12:00 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07C7156E-D651-4ACC-9AD3-498C916E9651}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4aab26fd-19ee-43ba-8951-500ba8cb480c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8BF744D6-38BB-4336-A90C-5ECA9DC12B14}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5CE82CA-CEB9-4E3C-844B-A87D4A9A9D98}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-03 18:48 68856]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-02-17 16:51 1266936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [ ]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 08:56 139264]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-01 23:40 98304]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-02-12 19:40 190024]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\njoahang]
njoahang.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nmxwvwdz]
nmxwvwdz.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll 2008-02-17 19:41 6656 C:\WINDOWS\system32\WLCtrl32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuroop]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\mmmdnbdn.dll

R0 Hhw41;Hhw41;C:\WINDOWS\system32\Drivers\Hhw41.sys [2008-02-17 20:19]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-05 13:00]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys []

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2006-03-07 22:45:00 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"


en vous remerciant
alexbobol
Contenus similaires
17 Février 2008 21:11:36

Re,

Copie le texte se situant dans le cadre ci-dessous :

File::
C:\WINDOWS\system32\mmmdnbdn.dll
C:\WINDOWS\system32\WLCtrl32.dll
C:\WINDOWS\system32\njoahang.dll
C:\WINDOWS\system32\nmxwvwdz.dll
C:\wpohl.exe~
C:\qrwkjyd.exe
C:\WINDOWS\system32\mmmctrct.dll
C:\WINDOWS\system32\socksys.dll
C:\WINDOWS\system32\create.exe
C:\WINDOWS\system32\wgygstht.tmp
C:\WINDOWS\system32\drivers\symavc32.sys

Folder::
C:\Program Files\MultiMedia France Toolbar
C:\Program Files\Multi_Media_France

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuroop]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\njoahang]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nmxwvwdz]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]


Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.


Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

************
Clique sur démarrer --> exécuter, tape CMD puis valide par ok.
Colle ligne par ligne en validant entre deux (par entrée) les lignes suivantes dans la fenêtre noire qui apparaît.
dir C:\1754675860

Copie/colle moi ce qui apparaît.

*********

Fais analyser ces fichier sur ce site >> Virustotal <<

Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier : C:\WINDOWS\GetServer.ini
Clique maintenant sur envoyer le fichier.
Poste le rapport (De Fichier *** reçu le *** jusqu%u2019à SHA1 : ***)
Fais la même chose avec ces fichiers : C:\WINDOWS\system32\drivers\Hhw41.sys



17 Février 2008 21:44:13

voila le rapport combofix :

ComboFix 08-02-17.2 - nad et alex 2008-02-17 21:25:44.2 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.801 [GMT 1:00]
Endroit: C:\Documents and Settings\nad et alex\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\nad et alex\Bureau\CFScript.txt

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\qrwkjyd.exe
C:\WINDOWS\system32\create.exe
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\mmmctrct.dll
C:\WINDOWS\system32\mmmdnbdn.dll
C:\WINDOWS\system32\njoahang.dll
C:\WINDOWS\system32\nmxwvwdz.dll
C:\WINDOWS\system32\socksys.dll
C:\WINDOWS\system32\wgygstht.tmp
C:\WINDOWS\system32\WLCtrl32.dll
C:\wpohl.exe~
.

et le HIjackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:42, on 2008-02-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {07C7156E-D651-4ACC-9AD3-498C916E9651} - (no file)
O2 - BHO: (no name) - {4aab26fd-19ee-43ba-8951-500ba8cb480c} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8BF744D6-38BB-4336-A90C-5ECA9DC12B14} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {D5CE82CA-CEB9-4E3C-844B-A87D4A9A9D98} - (no file)
O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socksys.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/Obe...
O17 - HKLM\System\CCS\Services\Tcpip\..\{E64FC957-1F40-4AC8-AF60-A2F0DF520E69}: NameServer = 192.168.1.1
O20 - Winlogon Notify: njoahang - C:\WINDOWS\
O20 - Winlogon Notify: nmxwvwdz - C:\WINDOWS\
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O20 - Winlogon Notify: wvuroop - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 9977 bytes


je continue la manip...
17 Février 2008 21:48:46

Rapport COmbofix incomplet !
Refais le script combofix, car apparemment rien n'a été fait (visible dans Hijackthis)
17 Février 2008 22:05:42

refait a l'instant ::


ComboFix 08-02-17.2 - nad et alex 2008-02-17 21:54:58.3 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.808 [GMT 1:00]
Endroit: C:\Documents and Settings\nad et alex\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\nad et alex\Bureau\CFScript.txt

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\qrwkjyd.exe
C:\WINDOWS\system32\create.exe
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\mmmctrct.dll
C:\WINDOWS\system32\mmmdnbdn.dll
C:\WINDOWS\system32\njoahang.dll
C:\WINDOWS\system32\nmxwvwdz.dll
C:\WINDOWS\system32\socksys.dll
C:\WINDOWS\system32\wgygstht.tmp
C:\WINDOWS\system32\WLCtrl32.dll
C:\wpohl.exe~
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\WLCtrl32.dll
.
---- Previous Run -------
.
C:\WINDOWS\system32\vtstr.dll
C:\WINDOWS\system32\wvuroop.dll
C:\Program Files\Multi_Media_France
C:\Program Files\Multi_Media_France\INSTALL.LOG
C:\Program Files\Multi_Media_France\tbMul1.dll
C:\Program Files\Multi_Media_France\tbMult.dll
C:\Program Files\Multi_Media_France\toolbar.cfg
C:\Program Files\Multi_Media_France\UNWISE.EXE
C:\Program Files\Multi_Media_France\UNWISE.INI
C:\Program Files\MultiMedia France Toolbar
C:\Program Files\MultiMedia France Toolbar\INSTALL.LOG
C:\Program Files\MultiMedia France Toolbar\Multi_Media_France.exe
C:\Program Files\MultiMedia France Toolbar\Multi_Media_France.xpi
C:\Program Files\MultiMedia France Toolbar\UNWISE.EXE
C:\qrwkjyd.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ckugugnx.ini
C:\WINDOWS\system32\create.exe
C:\WINDOWS\system32\drivers\PMH36.sys
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\drivers\symavc32.sys . . . . Echec de suppression
C:\WINDOWS\system32\gndndqnw.dll
C:\WINDOWS\system32\koleplml.dll
C:\WINDOWS\system32\lanmandrv.sys
C:\WINDOWS\system32\lanmanwrk.exe
C:\WINDOWS\system32\lt.res
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mmmctrct.dll
C:\WINDOWS\system32\mmmdnbdn.dll
C:\WINDOWS\system32\njoahang.dllbox
C:\WINDOWS\system32\nmxwvwdz.dllbox
C:\WINDOWS\system32\nrynpats.ini
C:\WINDOWS\system32\qmopt.dll
C:\WINDOWS\system32\rqrstts.dll
C:\WINDOWS\system32\rtstv.ini
C:\WINDOWS\system32\rtstv.ini2
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\socksys.dll
C:\WINDOWS\system32\vtstr.dll
C:\WINDOWS\system32\wgygstht.tmp
C:\WINDOWS\system32\WLCtrl32.dll
C:\WINDOWS\system32\wvuroop.dll
C:\WINDOWS\system32\xngugukc.dll
C:\wpohl.exe~

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_MSUPDATE
-------\LEGACY_NTMLSVC
-------\LEGACY_PMH36
-------\LEGACY_RUNTIME


-------\LEGACY_LANMANDRV
-------\lanmandrv




((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))))))))
.

2008-02-17 21:33 . 2008-02-17 21:33 51,968 --a------ C:\WINDOWS\system32\drivers\nkv2.sys
2008-02-17 19:33 . 2008-02-17 20:24 <REP> d-------- C:\ComboFix[1]
2008-02-17 18:57 . 2008-02-17 18:57 <REP> d-------- C:\Program Files\Trend Micro
2008-02-17 17:11 . 2008-02-17 17:11 674,600 --a------ C:\WINDOWS\system32\pbsvc[1].exe
2008-02-17 17:11 . 2008-02-17 17:11 22,328 --a------ C:\Documents and Settings\nad et alex\Application Data\PnkBstrK.sys
2008-02-17 16:49 . 2008-02-17 21:30 <REP> d-------- C:\Program Files\Steam
2008-02-17 16:18 . 2007-12-07 03:08 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-17 16:18 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-17 16:18 . 2007-07-01 04:36 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-17 16:18 . 2007-12-07 03:08 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-17 16:18 . 2007-12-07 03:08 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-17 16:18 . 2007-12-07 03:08 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-17 16:18 . 2007-12-07 03:08 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-17 16:18 . 2007-12-07 03:08 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-17 16:18 . 2007-12-06 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-17 16:17 . 2008-02-17 16:18 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-02-17 15:39 . 2008-02-17 15:39 <REP> d-------- C:\WINDOWS\report
2008-02-17 15:39 . 2008-02-17 15:38 36,273,305 --a------ C:\WINDOWS\LPT$VPN.107
2008-02-17 15:38 . 2008-02-17 15:38 <REP> d-------- C:\WINDOWS\AU_Backup
2008-02-17 15:38 . 2008-02-17 15:38 36,273,305 --a------ C:\WINDOWS\VPTNFILE.107
2008-02-17 15:38 . 2008-02-17 15:38 1,922,158 --a------ C:\WINDOWS\tsc.ptn
2008-02-17 15:38 . 2008-02-17 15:38 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-02-17 15:38 . 2008-02-17 15:38 267,845 --a------ C:\WINDOWS\tsc.exe
2008-02-17 15:38 . 2008-02-17 15:38 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-02-17 15:38 . 2008-02-17 15:38 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-02-17 15:38 . 2008-02-17 16:03 823 --a------ C:\WINDOWS\tsc.ini
2008-02-17 15:37 . 2008-02-17 15:38 <REP> d-------- C:\WINDOWS\AU_Temp
2008-02-17 15:37 . 2008-02-17 15:37 <REP> d-------- C:\WINDOWS\AU_Log
2008-02-17 15:37 . 2008-02-17 15:37 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-02-17 15:37 . 2008-02-17 15:37 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-02-17 15:37 . 2008-02-17 15:37 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-02-17 15:37 . 2008-02-17 15:37 170 --a------ C:\WINDOWS\GetServer.ini
2008-02-17 14:44 . 2008-02-17 14:43 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-17 14:44 . 2008-02-17 14:44 3,451 --a------ C:\WINDOWS\unins000.dat
2008-02-17 14:41 . 2008-02-17 14:47 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-17 14:41 . 2008-02-17 14:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-17 14:10 . 2008-02-17 20:48 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-02-17 10:02 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-17 10:02 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-17 10:02 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-17 10:02 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-17 10:02 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-17 10:02 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-17 10:02 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-17 10:02 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-17 10:01 . 2008-02-17 10:01 <REP> d-------- C:\Program Files\Alwil Software
2008-02-16 17:30 . 2008-02-17 21:28 21,120 --a------ C:\WINDOWS\system32\drivers\Hhw41.sys
2008-02-16 15:25 . 2008-02-17 17:11 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-02-16 14:27 . 2008-02-16 17:30 2 --a------ C:\1754675860
2008-02-11 14:16 . 2008-02-17 11:17 <REP> d-------- C:\SIERRA
2008-02-11 14:16 . 1998-10-30 22:21 1,022,976 --------- C:\WINDOWS\system32\SierraNW.dll
2008-02-11 14:16 . 1998-10-30 22:21 231,936 --------- C:\WINDOWS\system32\SNWValid.dll
2008-02-11 14:15 . 2008-02-11 14:17 342 --a------ C:\WINDOWS\SIERRA.INI
2008-02-05 21:31 . 2008-02-05 21:31 <REP> d-------- C:\Documents and Settings\Charlotte\Application Data\Corel Photo Album
2008-02-02 12:25 . 2008-02-16 15:25 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe~
2008-02-02 12:25 . 2008-02-02 12:25 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe~
2008-02-02 12:25 . 2008-02-17 20:48 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-02 11:40 . 2008-02-02 11:40 <REP> d---s---- C:\Documents and Settings\Charlotte\UserData
2008-02-02 09:49 . 2008-02-02 09:49 <REP> d-------- C:\WINDOWS\system32\AlertModule
2008-02-02 09:49 . 2003-08-04 13:22 94,208 --a------ C:\WINDOWS\system32\W32n50.dll
2008-02-02 09:49 . 2004-08-23 13:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2008-02-02 09:49 . 2005-10-06 13:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2008-02-02 09:49 . 2004-08-23 13:50 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2008-02-02 09:49 . 2003-08-04 13:22 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS
2008-02-02 09:47 . 2008-02-17 21:31 <REP> d-------- C:\Program Files\Wanadoo
2008-02-02 09:45 . 2008-02-02 09:45 <REP> d-------- C:\Program Files\Securitoo
2008-02-02 09:42 . 2007-07-09 14:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-31 17:31 . 2008-01-31 17:31 <REP> d-------- C:\Documents and Settings\nad et alex\Application Data\InterTrust

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 14:17 --------- d-----w C:\Program Files\eMule
2008-02-14 16:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-01-31 16:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-31 16:30 --------- d-----w C:\Program Files\Micro Application
2008-01-28 20:27 --------- d-----w C:\Program Files\GV AbsoluCasino
2008-01-13 15:48 --------- d-----w C:\Program Files\Inventel
2008-01-12 15:48 --------- d-----w C:\Program Files\McAfee
2008-01-12 15:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-12 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-12 15:08 --------- d-----w C:\Program Files\EA GAMES
2008-01-12 15:06 --------- d-----w C:\Program Files\Corel
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2004-08-05 12:00 65,024 --sha-w C:\WINDOWS\system32\asycfilt.dll
2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll
2004-08-05 12:00 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2004-08-05 12:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll
2004-08-05 12:00 413,696 --sha-w C:\WINDOWS\system32\MSVCP60.dll
2004-08-05 12:00 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2004-08-05 12:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll
2004-08-05 12:00 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll
2004-08-05 12:00 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll
.
17 Février 2008 22:10:45

et pour la commande cmd :

C:\Documents and Settings\nad et alex>dir C:\1754675860
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 6896-3A94

Répertoire de C:\

2008-02-16 17:30 2 1754675860
1 fichier(s) 2 octets
0 Rép(s) 19,343,069,184 octets libres

C:\Documents and Settings\nad et alex>
17 Février 2008 22:24:04

et voila les resultats pour analyse virus total :

pour Getserver.ini :

Fichier GetServer.ini reçu le 2008.02.17 22:13:15 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE


Résultat: 0/32 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 6.
L'heure estimée de démarrage est entre 54 et 77 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:


Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.2.16.10 2008.02.15 -
AntiVir 7.6.0.67 2008.02.15 -
Authentium 4.93.8 2008.02.17 -
Avast 4.7.1098.0 2008.02.17 -
AVG 7.5.0.516 2008.02.17 -
BitDefender 7.2 2008.02.17 -
CAT-QuickHeal None 2008.02.16 -
ClamAV 0.92.1 2008.02.17 -
DrWeb 4.44.0.09170 2008.02.17 -
eSafe 7.0.15.0 2008.02.17 -
eTrust-Vet 31.3.5541 2008.02.15 -
Ewido 4.0 2008.02.17 -
FileAdvisor 1 2008.02.17 -
Fortinet 3.14.0.0 2008.02.17 -
F-Prot 4.4.2.54 2008.02.17 -
F-Secure 6.70.13260.0 2008.02.17 -
Ikarus T3.1.1.20 2008.02.17 -
Kaspersky 7.0.0.125 2008.02.17 -
McAfee 5231 2008.02.15 -
Microsoft 1.3204 2008.02.17 -
NOD32v2 2881 2008.02.17 -
Norman 5.80.02 2008.02.15 -
Panda 9.0.0.4 2008.02.17 -
Prevx1 V2 2008.02.17 -
Rising 20.31.50.00 2008.02.16 -
Sophos 4.26.0 2008.02.17 -
Sunbelt 2.2.907.0 2008.02.16 -
Symantec 10 2008.02.17 -
TheHacker 6.2.9.222 2008.02.16 -
VBA32 3.12.6.1 2008.02.17 -
VirusBuster 4.3.26:9 2008.02.17 -
Webwasher-Gateway 6.6.2 2008.02.15 -
Information additionnelle
File size: 170 bytes
MD5: 49b8f0c82aeb8140e53f2caf11816284
SHA1: e198ebe73b6caa82bc525169b1bb4893b30fdd9e
PEiD: -
17 Février 2008 22:24:27

Re,

Fais la suite, puis essaie de supprimer manuellement ce fichier en mode sans échec :
  • C:\WINDOWS\system32\drivers\symavc32.sys
    17 Février 2008 22:26:59

    et pour le deuxieme il me dit ça :


    0 bytes size received / Se ha recibido un archivo vacio



    voila. merci d'avance.
    alexbobol
    17 Février 2008 22:38:13


    le fichier dans le driver du system32 n'existe pas. pas trouvé !!??

    alexbobol
    17 Février 2008 22:39:01

    par contre plus de fenetres intempestives , et net augmentation vitesse pc !!!!
    17 Février 2008 22:40:20

    Re,

    Et après avoir fait ça tu vois le fichier ?

    Aller dans poste de travail>outils>option des dossiers>affichage>afficher les fichiers et dossiers cachés. - - > Appliquer - - > OK

    Aller dans poste de travail>outils>option des dossiers>affichage>décocher masquer les fichiers protégés du système d’exploitation. - - > Appliquer - - > OK
    (Tu recoches après)
    17 Février 2008 22:47:26

    non toujours pas ...........
    17 Février 2008 22:55:46

    Repasse COmbofix sans script, poste le rapport .
    18 Février 2008 13:43:23

    bonjour
    Désolé pour hier soir, mais cette fois ci c'est le bonhomme qui a buggé.....

    donc voici le combofix :sans script :

    ComboFix 08-02-17.2 - nad et alex 2008-02-18 13:11:32.5 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.624 [GMT 1:00]
    Endroit: C:\Documents and Settings\nad et alex\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-18 13:11 . 2008-02-18 13:11 <REP> d-------- C:\WINDOWS\LastGood
    2008-02-17 22:02 . 2008-02-18 13:08 6,656 --a------ C:\WINDOWS\system32\WLCtrl32.dll
    2008-02-17 21:33 . 2008-02-17 23:10 51,968 --a------ C:\WINDOWS\system32\drivers\nkv2.sys
    2008-02-17 19:33 . 2008-02-17 20:24 <REP> d-------- C:\ComboFix[1]
    2008-02-17 18:57 . 2008-02-17 18:57 <REP> d-------- C:\Program Files\Trend Micro
    2008-02-17 17:11 . 2008-02-17 17:11 674,600 --a------ C:\WINDOWS\system32\pbsvc[1].exe
    2008-02-17 17:11 . 2008-02-17 17:11 22,328 --a------ C:\Documents and Settings\nad et alex\Application Data\PnkBstrK.sys
    2008-02-17 16:49 . 2008-02-18 13:09 <REP> d-------- C:\Program Files\Steam
    2008-02-17 16:18 . 2007-12-07 03:08 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-02-17 16:18 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-02-17 16:18 . 2007-07-01 04:36 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-02-17 16:18 . 2007-12-07 03:08 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-02-17 16:18 . 2007-12-07 03:08 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-02-17 16:18 . 2007-12-07 03:08 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-02-17 16:18 . 2007-12-07 03:08 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-02-17 16:18 . 2007-12-07 03:08 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-02-17 16:18 . 2007-12-06 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-02-17 16:17 . 2008-02-17 16:18 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-02-17 15:39 . 2008-02-17 15:39 <REP> d-------- C:\WINDOWS\report
    2008-02-17 15:39 . 2008-02-17 15:38 36,273,305 --a------ C:\WINDOWS\LPT$VPN.107
    2008-02-17 15:38 . 2008-02-17 15:38 <REP> d-------- C:\WINDOWS\AU_Backup
    2008-02-17 15:38 . 2008-02-17 15:38 36,273,305 --a------ C:\WINDOWS\VPTNFILE.107
    2008-02-17 15:38 . 2008-02-17 15:38 1,922,158 --a------ C:\WINDOWS\tsc.ptn
    2008-02-17 15:38 . 2008-02-17 15:38 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
    2008-02-17 15:38 . 2008-02-17 15:38 267,845 --a------ C:\WINDOWS\tsc.exe
    2008-02-17 15:38 . 2008-02-17 15:38 86,094 --a------ C:\WINDOWS\BPMNT.dll
    2008-02-17 15:38 . 2008-02-17 15:38 71,749 --a------ C:\WINDOWS\hcextoutput.dll
    2008-02-17 15:38 . 2008-02-17 16:03 823 --a------ C:\WINDOWS\tsc.ini
    2008-02-17 15:37 . 2008-02-17 15:38 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-02-17 15:37 . 2008-02-17 15:37 <REP> d-------- C:\WINDOWS\AU_Log
    2008-02-17 15:37 . 2008-02-17 15:37 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
    2008-02-17 15:37 . 2008-02-17 15:37 286,720 --a------ C:\WINDOWS\PATCH.EXE
    2008-02-17 15:37 . 2008-02-17 15:37 69,689 --a------ C:\WINDOWS\UNZIP.DLL
    2008-02-17 15:37 . 2008-02-17 15:37 170 --a------ C:\WINDOWS\GetServer.ini
    2008-02-17 14:44 . 2008-02-17 14:43 691,545 --a------ C:\WINDOWS\unins000.exe
    2008-02-17 14:44 . 2008-02-17 14:44 3,451 --a------ C:\WINDOWS\unins000.dat
    2008-02-17 14:41 . 2008-02-17 14:47 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-02-17 14:41 . 2008-02-17 14:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-17 14:10 . 2008-02-17 20:48 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
    2008-02-17 10:02 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-02-17 10:02 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-02-17 10:02 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-02-17 10:02 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-02-17 10:02 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-02-17 10:02 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-02-17 10:02 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-02-17 10:02 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-02-17 10:01 . 2008-02-17 10:01 <REP> d-------- C:\Program Files\Alwil Software
    2008-02-16 17:30 . 2008-02-18 13:09 21,632 --a------ C:\WINDOWS\system32\drivers\Hhw41.sys
    2008-02-16 15:25 . 2008-02-17 17:11 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
    2008-02-16 14:27 . 2008-02-16 17:30 2 --a------ C:\1754675860
    2008-02-11 14:16 . 2008-02-17 11:17 <REP> d-------- C:\SIERRA
    2008-02-11 14:16 . 1998-10-30 22:21 1,022,976 --------- C:\WINDOWS\system32\SierraNW.dll
    2008-02-11 14:16 . 1998-10-30 22:21 231,936 --------- C:\WINDOWS\system32\SNWValid.dll
    2008-02-11 14:15 . 2008-02-11 14:17 342 --a------ C:\WINDOWS\SIERRA.INI
    2008-02-05 21:31 . 2008-02-05 21:31 <REP> d-------- C:\Documents and Settings\Charlotte\Application Data\Corel Photo Album
    2008-02-02 12:25 . 2008-02-16 15:25 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe~
    2008-02-02 12:25 . 2008-02-02 12:25 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe~
    2008-02-02 12:25 . 2008-02-17 20:48 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-02-02 11:40 . 2008-02-02 11:40 <REP> d---s---- C:\Documents and Settings\Charlotte\UserData
    2008-02-02 09:49 . 2008-02-02 09:49 <REP> d-------- C:\WINDOWS\system32\AlertModule
    2008-02-02 09:49 . 2003-08-04 13:22 94,208 --a------ C:\WINDOWS\system32\W32n50.dll
    2008-02-02 09:49 . 2004-08-23 13:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
    2008-02-02 09:49 . 2005-10-06 13:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
    2008-02-02 09:49 . 2004-08-23 13:50 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
    2008-02-02 09:49 . 2003-08-04 13:22 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS
    2008-02-02 09:47 . 2008-02-18 13:10 <REP> d-------- C:\Program Files\Wanadoo
    2008-02-02 09:45 . 2008-02-02 09:45 <REP> d-------- C:\Program Files\Securitoo
    2008-02-02 09:42 . 2007-07-09 14:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2008-01-31 17:31 . 2008-01-31 17:31 <REP> d-------- C:\Documents and Settings\nad et alex\Application Data\InterTrust

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-16 16:38 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2008-02-16 14:17 --------- d-----w C:\Program Files\eMule
    2008-02-14 16:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
    2008-01-31 16:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-31 16:30 --------- d-----w C:\Program Files\Micro Application
    2008-01-28 20:27 --------- d-----w C:\Program Files\GV AbsoluCasino
    2008-01-13 15:48 --------- d-----w C:\Program Files\Inventel
    2008-01-12 15:48 --------- d-----w C:\Program Files\McAfee
    2008-01-12 15:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
    2008-01-12 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
    2008-01-12 15:08 --------- d-----w C:\Program Files\EA GAMES
    2008-01-12 15:06 --------- d-----w C:\Program Files\Corel
    2008-01-11 05:36 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2007-12-19 22:53 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
    2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
    2007-12-08 09:38 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-12-07 00:47 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
    2007-12-07 00:47 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
    2007-12-07 00:47 1,499,648 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
    2007-12-07 00:47 1,056,768 ------w C:\WINDOWS\system32\dllcache\danim.dll
    2007-12-07 00:47 1,024,512 ------w C:\WINDOWS\system32\dllcache\browseui.dll
    2007-12-06 11:03 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-12-06 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    2007-12-04 18:41 550,912 --sha-w C:\WINDOWS\system32\oleaut32.dll
    2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
    2004-08-05 12:00 65,024 --sha-w C:\WINDOWS\system32\asycfilt.dll
    2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll
    2004-08-05 12:00 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
    2004-08-05 12:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll
    2004-08-05 12:00 413,696 --sha-w C:\WINDOWS\system32\MSVCP60.dll
    2004-08-05 12:00 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
    2004-08-05 12:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll
    2004-08-05 12:00 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll
    2004-08-05 12:00 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07C7156E-D651-4ACC-9AD3-498C916E9651}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4aab26fd-19ee-43ba-8951-500ba8cb480c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8BF744D6-38BB-4336-A90C-5ECA9DC12B14}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5CE82CA-CEB9-4E3C-844B-A87D4A9A9D98}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-03 18:48 68856]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
    "Steam"="C:\Program Files\Steam\Steam.exe" [2008-02-17 16:51 1266936]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [ ]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 08:56 139264]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
    "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [ ]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-01 23:40 98304]
    "ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-02-12 19:40 190024]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\njoahang]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nmxwvwdz]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
    WLCtrl32.dll 2008-02-18 13:08 6656 C:\WINDOWS\system32\WLCtrl32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuroop]

    R0 Hhw41;Hhw41;C:\WINDOWS\system32\Drivers\Hhw41.sys [2008-02-18 13:09]
    R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-05 13:00]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
    S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys [2008-02-17 23:10]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2006-03-07 22:45:00 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-18 13:14:06
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\WLCtrl32.dll
    .
    Temps d'accomplissement: 2008-02-18 13:14:29
    ComboFix-quarantined-files.txt 2008-02-18 12:14:27
    ComboFix2.txt 2008-02-17 22:02:49
    .
    2008-02-13 19:13:15 --- E O F ---


    merci d'avance

    alexbobol
    18 Février 2008 13:46:58

    Re,

    Fais analyser ces fichier sur ce site >> Virustotal <<

    Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier : C:\WINDOWS\system32\drivers\nkv2.sys
    Clique maintenant sur envoyer le fichier.
    Poste le rapport (De Fichier *** reçu le *** jusqu’à SHA1 : ***)

    Reposte un Hijackthis
    18 Février 2008 14:02:55

    re, voici le rapport :

    Fichier nkv2.sys reçu le 2008.02.18 13:54:04 (CET)Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.2.18.0 2008.02.18 -
    AntiVir 7.6.0.67 2008.02.18 -
    Authentium 4.93.8 2008.02.17 -
    Avast 4.7.1098.0 2008.02.18 Win32:Agent-QOV
    AVG 7.5.0.516 2008.02.18 Generic9.BBIQ
    BitDefender 7.2 2008.02.18 -
    CAT-QuickHeal 9.50 2008.02.16 -
    ClamAV None 2008.02.18 -
    DrWeb 4.44.0.09170 2008.02.18 -
    eSafe 7.0.15.0 2008.02.17 -
    eTrust-Vet 31.3.5546 2008.02.18 -
    Ewido 4.0 2008.02.18 -
    FileAdvisor 1 2008.02.18 -
    Fortinet 3.14.0.0 2008.02.18 -
    F-Prot 4.4.2.54 2008.02.17 -
    F-Secure 6.70.13260.0 2008.02.18 -
    Ikarus T3.1.1.20 2008.02.18 Virus.Win32.Agent.QOV
    Kaspersky 7.0.0.125 2008.02.18 -
    McAfee 5231 2008.02.15 -
    Microsoft 1.3204 2008.02.18 -
    NOD32v2 2882 2008.02.18 -
    Norman 5.80.02 2008.02.15 -
    Panda 9.0.0.4 2008.02.17 Trj/Spammer.ADX
    Prevx1 V2 2008.02.18 -
    Rising 20.32.02.00 2008.02.18 -
    Sophos 4.26.0 2008.02.18 -
    Sunbelt 3.0.884.0 2008.02.18 -
    Symantec 10 2008.02.18 -
    TheHacker 6.2.9.222 2008.02.16 -
    VBA32 3.12.6.1 2008.02.17 -
    VirusBuster 4.3.26:9 2008.02.17 -
    Webwasher-Gateway 6.6.2 2008.02.18 -

    Information additionnelle
    File size: 51968 bytes
    MD5: a4bd49332caa193fd07c5c1bfc4dc530
    SHA1: 197b3b88822b91d6fd802da016e29fc3adef3f4f
    PEiD: -


    et le hijackthis qui va avec :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:00:55, on 18/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.neuf.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {07C7156E-D651-4ACC-9AD3-498C916E9651} - (no file)
    O2 - BHO: (no name) - {4aab26fd-19ee-43ba-8951-500ba8cb480c} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8BF744D6-38BB-4336-A90C-5ECA9DC12B14} - (no file)
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {D5CE82CA-CEB9-4E3C-844B-A87D4A9A9D98} - (no file)
    O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socksys.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/Obe...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E64FC957-1F40-4AC8-AF60-A2F0DF520E69}: NameServer = 192.168.1.1
    O20 - Winlogon Notify: njoahang - C:\WINDOWS\
    O20 - Winlogon Notify: nmxwvwdz - C:\WINDOWS\
    O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
    O20 - Winlogon Notify: wvuroop - C:\WINDOWS\
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    --
    End of file - 9789 bytes


    alexbobol
    18 Février 2008 14:09:31

    Re,

    Télécharge SDFix (d’Andy Manchesta)

    Enregistre le sur ton le bureau.

    Lance le.
    Fais install afin qu’il puisse s’extraire.

    Redémarre en mode sans échec
    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

    Lance SDFix.
    Double clique sur RunThis.bat . (L’extension bat peut ne pas apparaître)
    Appuie sur Y pour le lancer.

    Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
    Il est probable que le redémarrage soit un peu plus long que d’habitude.
    Une fois l’apparition de ton Bureau, il affichera Finished

    Appuie sur une touche.

    Un rapport est généré , poste le dans ta réponse.
    Il se trouve également. dans le dossier SDFix >Report.txt<
    18 Février 2008 14:51:52

    re,

    et voila le rapport :


    SDFix: Version 1.143

    Run by nad et alex on 18/02/2008 at 14:34

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    Checking Services:

    Name:
    USB2_04
    HHW41

    Path:
    \??\C:\WINDOWS\system32\drivers\nkv2.sys
    System32\Drivers\Hhw41.sys

    USB2_04 - Deleted
    HHW41 - Deleted



    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...

    Service HHW41 - Deleted after Reboot

    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\system32\drivers\HHW41.sys - Deleted
    C:\175467~1 - Deleted
    C:\WINDOWS\system32\WLCtrl32.dll - Deleted
    C:\WINDOWS\System32\drivers\nkv2.sys - Deleted





    Removing Temp Files...

    ADS Check:



    Final Check:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-18 14:47:27
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s0"=dword:8de21d72
    "s1"=dword:18317f75
    "s2"=dword:0dbd311a
    "h0"=dword:00000002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
    "h0"=dword:00000001
    "ujdew"=hex:D 7,ba,09,1c,58,14,89,91,65,4f,5c,f6,b3,aa,c6,bb,13,d4,15,2c,84,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:6e,c5,52,4b,9c,53,1b,d1,70,be,5e,aa,73,ed,18,ab,47,0a,22,24,91,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,e6,d3,a2,51,bf,cd,0c,36,42,c6,c3,45,76,c9,16,79,88,..
    "khjeh"=hex:ff,3b,1d,c9,7a,53,50,54,df,75,9c,43,44,dd,56,54,46,21,16,25,e5,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:93,e0,9d,49,9a,97,74,e4,be,97,52,bb,0d,ba,ce,a5,20,12,67,06,8c,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:fa,2c,93,0f,66,f9,7c,07,6c,87,d4,aa,69,0d,f0,e0,16,7f,d9,80,ef,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
    "khjeh"=hex:84,18,61,07,f3,a2,1a,10,42,a2,90,93,3d,46,69,e1,9c,55,d4,d9,13,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
    "khjeh"=hex:84,18,61,07,f3,a2,1a,10,42,a2,90,93,3d,46,69,e1,9c,55,d4,d9,13,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
    "h0"=dword:00000001
    "ujdew"=hex:D 7,ba,09,1c,58,14,89,91,65,4f,5c,f6,b3,aa,c6,bb,13,d4,15,2c,84,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:6e,c5,52,4b,9c,53,1b,d1,70,be,5e,aa,73,ed,18,ab,47,0a,22,24,91,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,e6,d3,a2,51,bf,cd,0c,36,42,c6,c3,45,76,c9,16,79,88,..
    "khjeh"=hex:ff,3b,1d,c9,7a,53,50,54,df,75,9c,43,44,dd,56,54,46,21,16,25,e5,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:93,e0,9d,49,9a,97,74,e4,be,97,52,bb,0d,ba,ce,a5,20,12,67,06,8c,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:fa,2c,93,0f,66,f9,7c,07,6c,87,d4,aa,69,0d,f0,e0,16,7f,d9,80,ef,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
    "khjeh"=hex:84,18,61,07,f3,a2,1a,10,42,a2,90,93,3d,46,69,e1,9c,55,d4,d9,13,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
    "khjeh"=hex:84,18,61,07,f3,a2,1a,10,42,a2,90,93,3d,46,69,e1,9c,55,d4,d9,13,..

    scanning hidden registry entries ...

    scanning hidden files ...


    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 1


    Remaining Services:



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    Remaining Files:


    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Mon 6 Mar 2006 56 A.SHR --- "C:\i386\110F656167.sys"
    Mon 6 Mar 2006 3,350 A.SH. --- "C:\i386\KGyGaAvL.sys"
    Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
    Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    Sat 16 Feb 2008 104 ..SHR --- "C:\WINDOWS\system32\110F656167.sys"
    Thu 5 Aug 2004 65,024 A.SH. --- "C:\WINDOWS\system32\asycfilt.dll"
    Fri 25 Aug 2006 617,472 A.SH. --- "C:\WINDOWS\system32\comctl32.dll"
    Sat 16 Feb 2008 5,852 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
    Thu 5 Aug 2004 1,028,096 A.SH. --- "C:\WINDOWS\system32\mfc42.dll"
    Thu 5 Aug 2004 57,344 A.SH. --- "C:\WINDOWS\system32\mfc42loc.dll"
    Thu 5 Aug 2004 413,696 A.SH. --- "C:\WINDOWS\system32\MSVCP60.dll"
    Thu 5 Aug 2004 343,040 A.SH. --- "C:\WINDOWS\system32\msvcrt.dll"
    Thu 5 Aug 2004 253,952 A.SH. --- "C:\WINDOWS\system32\msvcrt20.dll"
    Tue 4 Dec 2007 550,912 A.SH. --- "C:\WINDOWS\system32\oleaut32.dll"
    Thu 5 Aug 2004 83,456 A.SH. --- "C:\WINDOWS\system32\olepro32.dll"
    Thu 5 Aug 2004 30,749 A.SH. --- "C:\WINDOWS\system32\vbajet32.dll"
    Fri 11 May 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Thu 14 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

    Finished!


    alexbobol
    18 Février 2008 15:06:57

    Bien,

    Reposte un Hijackthis maintenant.
    18 Février 2008 15:08:05

    hop la


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:07:37, on 18/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.neuf.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {07C7156E-D651-4ACC-9AD3-498C916E9651} - (no file)
    O2 - BHO: (no name) - {4aab26fd-19ee-43ba-8951-500ba8cb480c} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8BF744D6-38BB-4336-A90C-5ECA9DC12B14} - (no file)
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {D5CE82CA-CEB9-4E3C-844B-A87D4A9A9D98} - (no file)
    O2 - BHO: (no name) - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/Obe...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E64FC957-1F40-4AC8-AF60-A2F0DF520E69}: NameServer = 192.168.1.1
    O20 - Winlogon Notify: njoahang - C:\WINDOWS\
    O20 - Winlogon Notify: nmxwvwdz - C:\WINDOWS\
    O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\
    O20 - Winlogon Notify: wvuroop - C:\WINDOWS\
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    --
    End of file - 10112 bytes

    ;-)
    18 Février 2008 15:10:22

    Bizarre ...

    Refais un rapport Combofix.
    18 Février 2008 15:38:53

    et voila :

    ComboFix 08-02-17.2 - nad et alex 2008-02-18 15:27:26.6 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.624 [GMT 1:00]
    Endroit: C:\Documents and Settings\nad et alex\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-18 14:24 . 2008-02-18 14:24 <REP> d-------- C:\WINDOWS\ERUNT
    2008-02-18 14:21 . 2008-02-18 14:49 <REP> d-------- C:\SDFix
    2008-02-17 19:33 . 2008-02-17 20:24 <REP> d-------- C:\ComboFix[1]
    2008-02-17 18:57 . 2008-02-17 18:57 <REP> d-------- C:\Program Files\Trend Micro
    2008-02-17 17:11 . 2008-02-17 17:11 674,600 --a------ C:\WINDOWS\system32\pbsvc[1].exe
    2008-02-17 17:11 . 2008-02-17 17:11 22,328 --a------ C:\Documents and Settings\nad et alex\Application Data\PnkBstrK.sys
    2008-02-17 16:49 . 2008-02-18 13:38 <REP> d-------- C:\Program Files\Steam
    2008-02-17 16:18 . 2007-12-07 03:08 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-02-17 16:18 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-02-17 16:18 . 2007-07-01 04:36 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-02-17 16:18 . 2007-12-07 03:08 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-02-17 16:18 . 2007-12-07 03:08 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-02-17 16:18 . 2007-12-07 03:08 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-02-17 16:18 . 2007-12-07 03:08 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-02-17 16:18 . 2007-12-07 03:08 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-02-17 16:18 . 2007-12-06 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-02-17 16:17 . 2008-02-17 16:18 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-02-17 15:39 . 2008-02-17 15:39 <REP> d-------- C:\WINDOWS\report
    2008-02-17 15:39 . 2008-02-17 15:38 36,273,305 --a------ C:\WINDOWS\LPT$VPN.107
    2008-02-17 15:38 . 2008-02-17 15:38 <REP> d-------- C:\WINDOWS\AU_Backup
    2008-02-17 15:38 . 2008-02-17 15:38 36,273,305 --a------ C:\WINDOWS\VPTNFILE.107
    2008-02-17 15:38 . 2008-02-17 15:38 1,922,158 --a------ C:\WINDOWS\tsc.ptn
    2008-02-17 15:38 . 2008-02-17 15:38 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
    2008-02-17 15:38 . 2008-02-17 15:38 267,845 --a------ C:\WINDOWS\tsc.exe
    2008-02-17 15:38 . 2008-02-17 15:38 86,094 --a------ C:\WINDOWS\BPMNT.dll
    2008-02-17 15:38 . 2008-02-17 15:38 71,749 --a------ C:\WINDOWS\hcextoutput.dll
    2008-02-17 15:38 . 2008-02-17 16:03 823 --a------ C:\WINDOWS\tsc.ini
    2008-02-17 15:37 . 2008-02-17 15:38 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-02-17 15:37 . 2008-02-17 15:37 <REP> d-------- C:\WINDOWS\AU_Log
    2008-02-17 15:37 . 2008-02-17 15:37 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
    2008-02-17 15:37 . 2008-02-17 15:37 286,720 --a------ C:\WINDOWS\PATCH.EXE
    2008-02-17 15:37 . 2008-02-17 15:37 69,689 --a------ C:\WINDOWS\UNZIP.DLL
    2008-02-17 15:37 . 2008-02-17 15:37 170 --a------ C:\WINDOWS\GetServer.ini
    2008-02-17 14:44 . 2008-02-17 14:43 691,545 --a------ C:\WINDOWS\unins000.exe
    2008-02-17 14:44 . 2008-02-17 14:44 3,451 --a------ C:\WINDOWS\unins000.dat
    2008-02-17 14:41 . 2008-02-17 14:47 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-02-17 14:41 . 2008-02-17 14:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-17 14:10 . 2008-02-17 20:48 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
    2008-02-17 10:02 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-02-17 10:02 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-02-17 10:02 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-02-17 10:02 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-02-17 10:02 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-02-17 10:02 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-02-17 10:02 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-02-17 10:02 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-02-17 10:01 . 2008-02-17 10:01 <REP> d-------- C:\Program Files\Alwil Software
    2008-02-16 15:25 . 2008-02-17 17:11 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
    2008-02-11 14:16 . 2008-02-17 11:17 <REP> d-------- C:\SIERRA
    2008-02-11 14:16 . 1998-10-30 22:21 1,022,976 --------- C:\WINDOWS\system32\SierraNW.dll
    2008-02-11 14:16 . 1998-10-30 22:21 231,936 --------- C:\WINDOWS\system32\SNWValid.dll
    2008-02-11 14:15 . 2008-02-11 14:17 342 --a------ C:\WINDOWS\SIERRA.INI
    2008-02-05 21:31 . 2008-02-05 21:31 <REP> d-------- C:\Documents and Settings\Charlotte\Application Data\Corel Photo Album
    2008-02-02 12:25 . 2008-02-16 15:25 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe~
    2008-02-02 12:25 . 2008-02-02 12:25 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe~
    2008-02-02 12:25 . 2008-02-17 20:48 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-02-02 11:40 . 2008-02-02 11:40 <REP> d---s---- C:\Documents and Settings\Charlotte\UserData
    2008-02-02 09:49 . 2008-02-02 09:49 <REP> d-------- C:\WINDOWS\system32\AlertModule
    2008-02-02 09:49 . 2003-08-04 13:22 94,208 --a------ C:\WINDOWS\system32\W32n50.dll
    2008-02-02 09:49 . 2004-08-23 13:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
    2008-02-02 09:49 . 2005-10-06 13:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
    2008-02-02 09:49 . 2004-08-23 13:50 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
    2008-02-02 09:49 . 2003-08-04 13:22 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS
    2008-02-02 09:47 . 2008-02-18 15:27 <REP> d-------- C:\Program Files\Wanadoo
    2008-02-02 09:45 . 2008-02-02 09:45 <REP> d-------- C:\Program Files\Securitoo
    2008-02-02 09:42 . 2007-07-09 14:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2008-01-31 17:31 . 2008-01-31 17:31 <REP> d-------- C:\Documents and Settings\nad et alex\Application Data\InterTrust

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-16 16:38 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2008-02-16 14:17 --------- d-----w C:\Program Files\eMule
    2008-02-14 16:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
    2008-01-31 16:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-31 16:30 --------- d-----w C:\Program Files\Micro Application
    2008-01-28 20:27 --------- d-----w C:\Program Files\GV AbsoluCasino
    2008-01-13 15:48 --------- d-----w C:\Program Files\Inventel
    2008-01-12 15:48 --------- d-----w C:\Program Files\McAfee
    2008-01-12 15:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
    2008-01-12 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
    2008-01-12 15:08 --------- d-----w C:\Program Files\EA GAMES
    2008-01-12 15:06 --------- d-----w C:\Program Files\Corel
    2008-01-11 05:36 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2007-12-19 22:53 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
    2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
    2007-12-08 09:38 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-12-07 00:47 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
    2007-12-07 00:47 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
    2007-12-07 00:47 1,499,648 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
    2007-12-07 00:47 1,056,768 ------w C:\WINDOWS\system32\dllcache\danim.dll
    2007-12-07 00:47 1,024,512 ------w C:\WINDOWS\system32\dllcache\browseui.dll
    2007-12-06 11:03 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-12-06 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    2007-12-04 18:41 550,912 --sha-w C:\WINDOWS\system32\oleaut32.dll
    2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
    2004-08-05 12:00 65,024 --sha-w C:\WINDOWS\system32\asycfilt.dll
    2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll
    2004-08-05 12:00 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
    2004-08-05 12:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll
    2004-08-05 12:00 413,696 --sha-w C:\WINDOWS\system32\MSVCP60.dll
    2004-08-05 12:00 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
    2004-08-05 12:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll
    2004-08-05 12:00 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll
    2004-08-05 12:00 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07C7156E-D651-4ACC-9AD3-498C916E9651}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4aab26fd-19ee-43ba-8951-500ba8cb480c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8BF744D6-38BB-4336-A90C-5ECA9DC12B14}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5CE82CA-CEB9-4E3C-844B-A87D4A9A9D98}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-03 18:48 68856]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
    "Steam"="C:\Program Files\Steam\Steam.exe" [2008-02-17 16:51 1266936]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [ ]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 08:56 139264]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
    "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [ ]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-01 23:40 98304]
    "ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-02-12 19:40 190024]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\njoahang]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nmxwvwdz]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuroop]

    R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-05 13:00]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2006-03-07 22:45:00 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-18 15:28:55
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-18 15:29:26
    ComboFix-quarantined-files.txt 2008-02-18 14:29:17
    ComboFix2.txt 2008-02-18 12:14:30
    ComboFix3.txt 2008-02-17 22:02:49
    .
    2008-02-13 19:13:15 --- E O F ---
    18 Février 2008 15:59:47

    Refais ce script là stp :

    File::
    C:\WINDOWS\system32\mmmdnbdn.dll
    C:\WINDOWS\system32\WLCtrl32.dll
    C:\WINDOWS\system32\njoahang.dll
    C:\WINDOWS\system32\nmxwvwdz.dll
    C:\wpohl.exe~
    C:\qrwkjyd.exe
    C:\WINDOWS\system32\mmmctrct.dll
    C:\WINDOWS\system32\socksys.dll
    C:\WINDOWS\system32\create.exe
    C:\WINDOWS\system32\wgygstht.tmp
    C:\WINDOWS\system32\drivers\symavc32.sys

    Folder::
    C:\Program Files\MultiMedia France Toolbar
    C:\Program Files\Multi_Media_France

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuroop]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\njoahang]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nmxwvwdz]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
    18 Février 2008 17:05:09

    hop hop hop

    ComboFix 08-02-17.2 - nad et alex 2008-02-18 16:50:46.7 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.636 [GMT 1:00]
    Endroit: C:\Documents and Settings\nad et alex\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\nad et alex\Bureau\CFScript.txt.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\qrwkjyd.exe
    C:\WINDOWS\system32\create.exe
    C:\WINDOWS\system32\drivers\symavc32.sys
    C:\WINDOWS\system32\mmmctrct.dll
    C:\WINDOWS\system32\mmmdnbdn.dll
    C:\WINDOWS\system32\njoahang.dll
    C:\WINDOWS\system32\nmxwvwdz.dll
    C:\WINDOWS\system32\socksys.dll
    C:\WINDOWS\system32\wgygstht.tmp
    C:\WINDOWS\system32\WLCtrl32.dll
    C:\wpohl.exe~
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-18 14:24 . 2008-02-18 14:24 <REP> d-------- C:\WINDOWS\ERUNT
    2008-02-18 14:21 . 2008-02-18 14:49 <REP> d-------- C:\SDFix
    2008-02-17 19:33 . 2008-02-17 20:24 <REP> d-------- C:\ComboFix[1]
    2008-02-17 18:57 . 2008-02-17 18:57 <REP> d-------- C:\Program Files\Trend Micro
    2008-02-17 17:11 . 2008-02-17 17:11 674,600 --a------ C:\WINDOWS\system32\pbsvc[1].exe
    2008-02-17 17:11 . 2008-02-17 17:11 22,328 --a------ C:\Documents and Settings\nad et alex\Application Data\PnkBstrK.sys
    2008-02-17 16:49 . 2008-02-18 15:36 <REP> d-------- C:\Program Files\Steam
    2008-02-17 16:18 . 2007-12-07 03:08 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-02-17 16:18 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-02-17 16:18 . 2007-07-01 04:36 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-02-17 16:18 . 2007-12-07 03:08 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-02-17 16:18 . 2007-12-07 03:08 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-02-17 16:18 . 2007-12-07 03:08 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-02-17 16:18 . 2007-12-07 03:08 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-02-17 16:18 . 2007-12-07 03:08 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-02-17 16:18 . 2007-12-06 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-02-17 16:17 . 2008-02-17 16:18 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-02-17 15:39 . 2008-02-17 15:39 <REP> d-------- C:\WINDOWS\report
    2008-02-17 15:39 . 2008-02-17 15:38 36,273,305 --a------ C:\WINDOWS\LPT$VPN.107
    2008-02-17 15:38 . 2008-02-17 15:38 <REP> d-------- C:\WINDOWS\AU_Backup
    2008-02-17 15:38 . 2008-02-17 15:38 36,273,305 --a------ C:\WINDOWS\VPTNFILE.107
    2008-02-17 15:38 . 2008-02-17 15:38 1,922,158 --a------ C:\WINDOWS\tsc.ptn
    2008-02-17 15:38 . 2008-02-17 15:38 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
    2008-02-17 15:38 . 2008-02-17 15:38 267,845 --a------ C:\WINDOWS\tsc.exe
    2008-02-17 15:38 . 2008-02-17 15:38 86,094 --a------ C:\WINDOWS\BPMNT.dll
    2008-02-17 15:38 . 2008-02-17 15:38 71,749 --a------ C:\WINDOWS\hcextoutput.dll
    2008-02-17 15:38 . 2008-02-17 16:03 823 --a------ C:\WINDOWS\tsc.ini
    2008-02-17 15:37 . 2008-02-17 15:38 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-02-17 15:37 . 2008-02-17 15:37 <REP> d-------- C:\WINDOWS\AU_Log
    2008-02-17 15:37 . 2008-02-17 15:37 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
    2008-02-17 15:37 . 2008-02-17 15:37 286,720 --a------ C:\WINDOWS\PATCH.EXE
    2008-02-17 15:37 . 2008-02-17 15:37 69,689 --a------ C:\WINDOWS\UNZIP.DLL
    2008-02-17 15:37 . 2008-02-17 15:37 170 --a------ C:\WINDOWS\GetServer.ini
    2008-02-17 14:44 . 2008-02-17 14:43 691,545 --a------ C:\WINDOWS\unins000.exe
    2008-02-17 14:44 . 2008-02-17 14:44 3,451 --a------ C:\WINDOWS\unins000.dat
    2008-02-17 14:41 . 2008-02-17 14:47 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-02-17 14:41 . 2008-02-17 14:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-17 14:10 . 2008-02-18 15:49 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
    2008-02-17 10:02 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-02-17 10:02 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-02-17 10:02 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-02-17 10:02 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-02-17 10:02 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-02-17 10:02 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-02-17 10:02 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-02-17 10:02 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-02-17 10:01 . 2008-02-17 10:01 <REP> d-------- C:\Program Files\Alwil Software
    2008-02-16 15:25 . 2008-02-17 17:11 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
    2008-02-11 14:16 . 2008-02-17 11:17 <REP> d-------- C:\SIERRA
    2008-02-11 14:16 . 1998-10-30 22:21 1,022,976 --------- C:\WINDOWS\system32\SierraNW.dll
    2008-02-11 14:16 . 1998-10-30 22:21 231,936 --------- C:\WINDOWS\system32\SNWValid.dll
    2008-02-11 14:15 . 2008-02-11 14:17 342 --a------ C:\WINDOWS\SIERRA.INI
    2008-02-05 21:31 . 2008-02-05 21:31 <REP> d-------- C:\Documents and Settings\Charlotte\Application Data\Corel Photo Album
    2008-02-02 12:25 . 2008-02-16 15:25 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe~
    2008-02-02 12:25 . 2008-02-02 12:25 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe~
    2008-02-02 12:25 . 2008-02-18 15:49 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-02-02 11:40 . 2008-02-02 11:40 <REP> d---s---- C:\Documents and Settings\Charlotte\UserData
    2008-02-02 09:49 . 2008-02-02 09:49 <REP> d-------- C:\WINDOWS\system32\AlertModule
    2008-02-02 09:49 . 2003-08-04 13:22 94,208 --a------ C:\WINDOWS\system32\W32n50.dll
    2008-02-02 09:49 . 2004-08-23 13:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
    2008-02-02 09:49 . 2005-10-06 13:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
    2008-02-02 09:49 . 2004-08-23 13:50 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
    2008-02-02 09:49 . 2003-08-04 13:22 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS
    2008-02-02 09:47 . 2008-02-18 16:48 <REP> d-------- C:\Program Files\Wanadoo
    2008-02-02 09:45 . 2008-02-02 09:45 <REP> d-------- C:\Program Files\Securitoo
    2008-02-02 09:42 . 2007-07-09 14:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2008-01-31 17:31 . 2008-01-31 17:31 <REP> d-------- C:\Documents and Settings\nad et alex\Application Data\InterTrust

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-16 16:38 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2008-02-16 14:17 --------- d-----w C:\Program Files\eMule
    2008-02-14 16:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
    2008-01-31 16:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-31 16:30 --------- d-----w C:\Program Files\Micro Application
    2008-01-28 20:27 --------- d-----w C:\Program Files\GV AbsoluCasino
    2008-01-13 15:48 --------- d-----w C:\Program Files\Inventel
    2008-01-12 15:48 --------- d-----w C:\Program Files\McAfee
    2008-01-12 15:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
    2008-01-12 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
    2008-01-12 15:08 --------- d-----w C:\Program Files\EA GAMES
    2008-01-12 15:06 --------- d-----w C:\Program Files\Corel
    2008-01-11 05:36 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2007-12-19 22:53 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
    2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
    2007-12-08 09:38 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-12-07 00:47 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
    2007-12-07 00:47 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
    2007-12-07 00:47 1,499,648 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
    2007-12-07 00:47 1,056,768 ------w C:\WINDOWS\system32\dllcache\danim.dll
    2007-12-07 00:47 1,024,512 ------w C:\WINDOWS\system32\dllcache\browseui.dll
    2007-12-06 11:03 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-12-06 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    2007-12-04 18:41 550,912 --sha-w C:\WINDOWS\system32\oleaut32.dll
    2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
    2004-08-05 12:00 65,024 --sha-w C:\WINDOWS\system32\asycfilt.dll
    2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll
    2004-08-05 12:00 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
    2004-08-05 12:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll
    2004-08-05 12:00 413,696 --sha-w C:\WINDOWS\system32\MSVCP60.dll
    2004-08-05 12:00 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
    2004-08-05 12:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll
    2004-08-05 12:00 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll
    2004-08-05 12:00 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07C7156E-D651-4ACC-9AD3-498C916E9651}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4aab26fd-19ee-43ba-8951-500ba8cb480c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8BF744D6-38BB-4336-A90C-5ECA9DC12B14}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5CE82CA-CEB9-4E3C-844B-A87D4A9A9D98}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-03 18:48 68856]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
    "Steam"="C:\Program Files\Steam\Steam.exe" [2008-02-17 16:51 1266936]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [ ]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 08:56 139264]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
    "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [ ]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-01 23:40 98304]
    "ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-02-12 19:40 190024]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-05 13:00]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

    *Newly Created Service* - PNKBSTRK
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2006-03-07 22:45:00 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-18 16:53:55
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-18 16:54:25
    ComboFix-quarantined-files.txt 2008-02-18 15:54:17
    ComboFix2.txt 2008-02-18 14:29:26
    ComboFix3.txt 2008-02-18 12:14:30
    ComboFix4.txt 2008-02-17 22:02:49
    .
    2008-02-13 19:13:15 --- E O F ---


    encore merci alexbobol
    18 Février 2008 17:06:44

    Cette fois, c'est bon.
    reposte un Hijackthis.
    18 Février 2008 17:08:08

    hop hop hop

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:07:28, on 18/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.neuf.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {07C7156E-D651-4ACC-9AD3-498C916E9651} - (no file)
    O2 - BHO: (no name) - {4aab26fd-19ee-43ba-8951-500ba8cb480c} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8BF744D6-38BB-4336-A90C-5ECA9DC12B14} - (no file)
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {D5CE82CA-CEB9-4E3C-844B-A87D4A9A9D98} - (no file)
    O2 - BHO: (no name) - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/Obe...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E64FC957-1F40-4AC8-AF60-A2F0DF520E69}: NameServer = 192.168.1.1
    O20 - Winlogon Notify: njoahang - C:\WINDOWS\
    O20 - Winlogon Notify: nmxwvwdz - C:\WINDOWS\
    O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\
    O20 - Winlogon Notify: wvuroop - C:\WINDOWS\
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    --
    End of file - 10145 bytes

    docteur, le verdict ????
    18 Février 2008 17:22:27

    Relance HiJackThis, do a system scan only, coche ces lignes (si toujours présentes) :
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: (no name) - {07C7156E-D651-4ACC-9AD3-498C916E9651} - (no file)
    O2 - BHO: (no name) - {4aab26fd-19ee-43ba-8951-500ba8cb480c} - (no file)
    O2 - BHO: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8BF744D6-38BB-4336-A90C-5ECA9DC12B14} - (no file)
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
    O2 - BHO: (no name) - {D5CE82CA-CEB9-4E3C-844B-A87D4A9A9D98} - (no file)
    O2 - BHO: (no name) - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - (no file)
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O20 - Winlogon Notify: njoahang - C:\WINDOWS\
    O20 - Winlogon Notify: nmxwvwdz - C:\WINDOWS\
    O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\
    O20 - Winlogon Notify: wvuroop - C:\WINDOWS\

    Puis Fix Checked !

    ********

    Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
    Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
    Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
    Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé et poste le rapport ici.
    Le rapport se trouve ici : C:\rapport_clean.txt

    Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.

    ********

    Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

    Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
    Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

    Télécharge et installe Antivir. (tuto)
    Pourquoi changer ? Avast vs Antivir
    Vérifie qu’il soit bien à jour ! Fais une analyse complète, poste le rapport.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS