Votre question

besoin d'aide pour se débarrasser de trojan win 32

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
14 Février 2008 10:38:58

bonjour,
En cherchant sur le net comment éradiquer le trojan que j'ai choppé il y a plusieurs jours, j'suis tombé ici et j'ai constaté que vous traitez chaque cas personnellement et je préfére ne rien tenter toute seule vu que je suis pas du tout doué en informatique
Je crée donc ce sujet afin d'obtenir de l'aide pour supprimer l'infection Win32 tratbho apparament qu'avast a identifié mais y en a peut etre d'autres...
merci de m'expliquer pas a pas ce que je dois faire et tres clairement.
je remercie d'avance la personne qui va m'aider

Autres pages sur : besoin aide debarrasser trojan win

14 Février 2008 10:44:46

Salut,

Télécharge Hijackthis (de Trend Micro)
Poste un rapport en suivant ce tuto.
14 Février 2008 10:58:47

et voila:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:41, on 14/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\slrundll.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\M6Video\M6video.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aliceadsl.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.aliceadsl.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Barre &Magique - {01A7812B-59E8-4A4F-BFD6-EEE6D4CB6BA2} - C:\Program Files\Telecom Italia France\Barre Magique 1.05.08.22\Tiscali BBar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PlayerKiosquePlus] C:\Program Files\Lecteur CANALPLAY\PlayerKiosquePlus.exe /iconic
O4 - HKLM\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe /iconic
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [m6] C:\Program Files\M6Video\M6video.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BoontyBox] "C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" /boot
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=zuzeb004YY...
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O16 - DPF: {041816FE-7869-4B5F-9BE4-FFF3B7368727} (IsHere Class) - http://barremagique.aliceadsl.fr/download/BarreMagique....
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.c...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x40...
O16 - DPF: {5DDCC37F-7C6B-48B8-9664-97C537920CA0} (aecviz Class) - http://www.maisonfamiliale.com/AECVIZ/npaecviz.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/w...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/Nvi...
O16 - DPF: {74F6B963-B89B-44D4-AAD0-8EEDC4973314} (IsHere Class) - http://barremagique.tiscali.fr/download/TiscaliBarreMag...
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega.DMFacade.Interface) - https://www.virginmega.fr/DownloadManager/Release/Prod/...
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurateur/AccountHel...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.fr/net/import/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game17.zylom.tiscali.fr/activex/zylomgamesplayer...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} (Canal+ Active MSWAY) - http://www.canalplay.com/cabs/msway44.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Services en ligne\vikozizi.html

--
End of file - 12565 bytes
Contenus similaires
14 Février 2008 18:44:49

Télécharge Combofix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt
14 Février 2008 18:59:07

je le fais et je te tiens au courant
14 Février 2008 20:01:15

voila le rapport que tu m'as demandé:

ComboFix 08-02-14.3 - sandrine 2008-02-14 19:11:43.1 - NTFSx86
Endroit: C:\Documents and Settings\sandrine\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
ADS - svchost.exe: deleted 68 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\opnkhhh.dll
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\sandrine\Local Settings\Application Data\gfjptpsno.dat
C:\Documents and Settings\sandrine\Local Settings\Application Data\gfjptpsno.exe
c:\Documents and Settings\sandrine\Local Settings\Application Data\gfjptpsno_nav.dat
c:\Documents and Settings\sandrine\Local Settings\Application Data\gfjptpsno_navps.dat
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\network monitor
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInst.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\isgTi19
C:\Temp\isgTi19\lPig.log
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\ddcaawv.dll
C:\WINDOWS\system32\dgonnruu.dll
C:\WINDOWS\system32\djufljrb.dll
C:\WINDOWS\system32\dp1
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\feq9
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\opnkhhh.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\phjvypjq.ini
C:\WINDOWS\system32\smfoivva.ini
C:\WINDOWS\system32\utvwa.ini
C:\WINDOWS\system32\utvwa.ini2
C:\WINDOWS\system32\uurnnogd.ini
C:\WINDOWS\system32\vwsisygc.dllbox

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-14 to 2008-02-14 ))))))))))))))))))))))))))))))))))))
.

2008-02-12 09:56 . 2008-02-13 22:27 <REP> d-------- C:\Program Files\COMODO
2008-02-12 09:56 . 2008-02-13 22:27 <REP> d-------- C:\Documents and Settings\sandrine\Application Data\Comodo
2008-02-12 09:56 . 2008-02-13 22:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-02-11 17:03 . 2008-02-11 17:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-11 17:02 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-02-11 17:02 . 2008-02-11 17:12 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-02-11 16:59 . 2008-02-12 09:05 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-11 16:57 . 2008-02-12 09:05 <REP> d-------- C:\WINDOWS\Internet Logs
2008-02-11 16:33 . 2008-02-11 16:33 <REP> d-------- C:\Program Files\Trend Micro
2008-02-06 11:01 . 2008-02-06 11:01 <REP> d-------- C:\Documents and Settings\sandrine\Application Data\Grisoft
2008-02-06 10:57 . 2008-02-06 10:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-06 10:57 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-05 15:02 . 2008-02-13 23:10 <REP> d-------- C:\Program Files\Drmupgds
2008-02-05 14:48 . 2008-02-06 10:11 <REP> d--hs---- C:\WINDOWS\bWFydGlu
2008-01-27 21:31 . 2007-05-16 18:19 149,040 --a------ C:\WINDOWS\system32\ImageDrive.cpl

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-13 17:28 --------- d-----w C:\Program Files\eMule
2008-02-09 14:07 --------- d-----w C:\Documents and Settings\sandrine\Application Data\MSN6
2008-02-06 17:01 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-06 14:31 --------- d-----w C:\Program Files\Windows Coloring Book
2008-02-06 14:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-06 14:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-06 14:13 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2008-02-06 14:11 --------- d-----w C:\Program Files\GamesBar
2008-02-06 14:11 --------- d-----w C:\Program Files\Free Audio Pack
2008-02-06 14:09 --------- d-----w C:\Program Files\FairUse Wizard 2
2008-02-06 14:08 --------- d-----w C:\Program Files\Ubi Soft
2008-02-06 14:06 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-06 14:03 --------- d-----w C:\Documents and Settings\sandrine\Application Data\Lavasoft
2008-02-06 12:29 --------- d-----w C:\Program Files\Services en ligne
2008-02-05 22:05 --------- d-----w C:\Program Files\Fichiers communs\Sandlot Shared
2008-02-05 16:18 12,224 ----a-w C:\Documents and Settings\sandrine\Application Data\wklnhst.dat
2008-01-06 18:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-28 21:43 --------- d-----w C:\Program Files\CDex_170b2
2007-12-28 14:19 --------- d-----w C:\Program Files\QuickZip4
2007-12-28 14:06 --------- d-----w C:\Documents and Settings\sandrine\Application Data\Apple Computer
2007-12-28 13:59 --------- d-----w C:\Program Files\Fichiers communs\Apple
2007-12-28 13:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-28 13:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-17 17:54 --------- d-----w C:\Program Files\Picture It! Premium 10
2007-12-14 15:55 --------- d-----w C:\Documents and Settings\sandrine\Application Data\dvdcss
2007-12-14 15:52 --------- d-----w C:\Documents and Settings\sandrine\Application Data\Sony Corporation
2007-12-14 15:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-14 15:45 --------- d-----w C:\Program Files\Sonic
2007-12-14 15:40 --------- d-----w C:\Program Files\Sony
2007-12-14 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation
2007-06-06 18:45 0 -c--a-w C:\Documents and Settings\patrice\Application Data\wklnhst.dat
2007-01-05 13:26 0 -c--a-w C:\Documents and Settings\florian-lauriane\Application Data\wklnhst.dat
2006-11-25 07:57 482 ----a-w C:\Program Files\Del.js
2004-03-11 11:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"BoontyBox"="C:\Program Files\Boonty\BoontyBox\BoontyBox.exe" [ ]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2005-10-27 17:44 3887104]
"PowerBar"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-03 13:47 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27 153136]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 07:18 307200]
"Drmupgds"="C:\Program Files\Drmupgds\Drmupgds.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2005-04-12 10:32 32881]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-04-23 11:24 3756032]
"nwiz"="nwiz.exe" [2004-04-23 11:24 831488 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-04-23 11:24 46080]
"QuickTime Task"="C:\Program Files\VistaCodecPack\QT\QTTask.exe" [2007-11-14 23:43 286720]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 16:35 32768]
"PlayerKiosquePlus"="C:\Program Files\Lecteur CANALPLAY\PlayerKiosquePlus.exe" [ ]
"CanalPlayer"="C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" [2005-12-22 11:51 2030312]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 10:00 49152]
"m6"="C:\Program Files\M6Video\M6video.exe" [2006-07-04 19:27 1014272]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-11 08:54 1836544]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-06-13 05:20 127036]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Services en ligne\vikozizi.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vwsisygc]
vwsisygc.dll


.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 19:37:45
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ????????????l?@?l?@?D??????w???????????????wl?@?l?@????? ???????????g??w???w???????w???wx??????????w???????? ??????????????|x???0???????????? jt???w?????????????????#I?????????????l?@?l?@????????w????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\slrundll.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-14 19:46:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-14 18:46:21
.
2008-02-13 10:09:31 --- E O F ---


je fais quoi maintenant????
14 Février 2008 21:41:37

Re,

Copie le texte se situant dans le cadre ci-dessous :

Folder::
C:\Program Files\Drmupgds\
C:\Program Files\GamesBar
C:\WINDOWS\bWFydGlu

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BoontyBox"=-
"PowerBar"=-
"Drmupgds"=-


Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.

++++++++

Télécharge Navilog (de Il-Mafioso)

Enregistre-le sur ton Bureau.
Installe-le en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

Une fois l'installation terminée, fais un clic droit sur le raccourci navilog1 puis choisis "Exécuter en tant qu'administrateur". ( Pour Vista)

Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
! N'utilise pas l'option 2,3 et 4 sans notre accord !
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste le rapport ici.

Le rapport se trouve ici :C:\fixnavi.txt
14 Février 2008 21:43:55

télécharge "avaste" et fait un scan, redemar ton ordi,et le tour est jouer...
14 Février 2008 21:48:43

Gâteau ..
14 Février 2008 22:00:05

ok, je fais ça et je reviens..........
14 Février 2008 22:23:48

ComboFix 08-02-14.3 - sandrine 2008-02-14 22:09:55.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.12 [GMT 1:00]
Endroit: C:\Documents and Settings\sandrine\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\sandrine\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Drmupgds\
C:\Program Files\GamesBar
C:\Program Files\GamesBar\Localization-French.ini
C:\Program Files\GamesBar\search.bin
C:\WINDOWS\bWFydGlu

.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-14 to 2008-02-14 ))))))))))))))))))))))))))))))))))))
.

2008-02-12 09:56 . 2008-02-13 22:27 <REP> d-------- C:\Program Files\COMODO
2008-02-12 09:56 . 2008-02-13 22:27 <REP> d-------- C:\Documents and Settings\sandrine\Application Data\Comodo
2008-02-12 09:56 . 2008-02-13 22:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-02-11 17:03 . 2008-02-11 17:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-11 17:02 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-02-11 17:02 . 2008-02-11 17:12 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-02-11 16:59 . 2008-02-12 09:05 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-11 16:57 . 2008-02-12 09:05 <REP> d-------- C:\WINDOWS\Internet Logs
2008-02-11 16:33 . 2008-02-11 16:33 <REP> d-------- C:\Program Files\Trend Micro
2008-02-06 11:01 . 2008-02-06 11:01 <REP> d-------- C:\Documents and Settings\sandrine\Application Data\Grisoft
2008-02-06 10:57 . 2008-02-06 10:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-06 10:57 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-27 21:31 . 2007-05-16 18:19 149,040 --a------ C:\WINDOWS\system32\ImageDrive.cpl

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 20:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-13 17:28 --------- d-----w C:\Program Files\eMule
2008-02-09 14:07 --------- d-----w C:\Documents and Settings\sandrine\Application Data\MSN6
2008-02-06 17:01 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-06 14:31 --------- d-----w C:\Program Files\Windows Coloring Book
2008-02-06 14:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-06 14:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-06 14:13 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2008-02-06 14:11 --------- d-----w C:\Program Files\Free Audio Pack
2008-02-06 14:09 --------- d-----w C:\Program Files\FairUse Wizard 2
2008-02-06 14:08 --------- d-----w C:\Program Files\Ubi Soft
2008-02-06 14:06 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-06 14:03 --------- d-----w C:\Documents and Settings\sandrine\Application Data\Lavasoft
2008-02-06 12:29 --------- d-----w C:\Program Files\Services en ligne
2008-02-05 22:05 --------- d-----w C:\Program Files\Fichiers communs\Sandlot Shared
2008-02-05 16:18 12,224 ----a-w C:\Documents and Settings\sandrine\Application Data\wklnhst.dat
2008-01-06 18:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-28 21:43 --------- d-----w C:\Program Files\CDex_170b2
2007-12-28 14:19 --------- d-----w C:\Program Files\QuickZip4
2007-12-28 14:06 --------- d-----w C:\Documents and Settings\sandrine\Application Data\Apple Computer
2007-12-28 13:59 --------- d-----w C:\Program Files\Fichiers communs\Apple
2007-12-28 13:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-28 13:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-17 17:54 --------- d-----w C:\Program Files\Picture It! Premium 10
2007-12-14 15:55 --------- d-----w C:\Documents and Settings\sandrine\Application Data\dvdcss
2007-12-14 15:52 --------- d-----w C:\Documents and Settings\sandrine\Application Data\Sony Corporation
2007-12-14 15:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-14 15:45 --------- d-----w C:\Program Files\Sonic
2007-12-14 15:40 --------- d-----w C:\Program Files\Sony
2007-12-14 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation
2007-06-06 18:45 0 -c--a-w C:\Documents and Settings\patrice\Application Data\wklnhst.dat
2007-01-05 13:26 0 -c--a-w C:\Documents and Settings\florian-lauriane\Application Data\wklnhst.dat
2006-11-25 07:57 482 ----a-w C:\Program Files\Del.js
2004-03-11 11:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2005-10-27 17:44 3887104]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-03 13:47 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27 153136]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 07:18 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2005-04-12 10:32 32881]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-04-23 11:24 3756032]
"nwiz"="nwiz.exe" [2004-04-23 11:24 831488 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-04-23 11:24 46080]
"QuickTime Task"="C:\Program Files\VistaCodecPack\QT\QTTask.exe" [2007-11-14 23:43 286720]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 16:35 32768]
"PlayerKiosquePlus"="C:\Program Files\Lecteur CANALPLAY\PlayerKiosquePlus.exe" [ ]
"CanalPlayer"="C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" [2005-12-22 11:51 2030312]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 10:00 49152]
"m6"="C:\Program Files\M6Video\M6video.exe" [2006-07-04 19:27 1014272]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-11 08:54 1836544]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-06-13 05:20 127036]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

C:\Documents and Settings\sandrine\Menu D‚marrer\Programmes\D‚marrage\
Outil de d‚tection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-14 16:40:21 344064]
wkcalrem.LNK - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-12 01:54:26 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Services en ligne\vikozizi.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vwsisygc]
vwsisygc.dll

R2 X4HSX32;X4HSX32;C:\Program Files\Metaboli Player\X4HSX32.Sys [2006-12-13 08:34]
R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 18:52]
R3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 07:04]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 16:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 16:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 16:59]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 22:15:23
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-14 22:18:10
ComboFix-quarantined-files.txt 2008-02-14 21:18:04
ComboFix2.txt 2008-02-14 18:46:31
.
2008-02-13 10:09:31 --- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:23:15, on 14/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\slrundll.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\M6Video\M6video.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aliceadsl.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.aliceadsl.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Barre &Magique - {01A7812B-59E8-4A4F-BFD6-EEE6D4CB6BA2} - C:\Program Files\Telecom Italia France\Barre Magique 1.05.08.22\Tiscali BBar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PlayerKiosquePlus] C:\Program Files\Lecteur CANALPLAY\PlayerKiosquePlus.exe /iconic
O4 - HKLM\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe /iconic
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [m6] C:\Program Files\M6Video\M6video.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=zuzeb004YY...
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O16 - DPF: {041816FE-7869-4B5F-9BE4-FFF3B7368727} (IsHere Class) - http://barremagique.aliceadsl.fr/download/BarreMagique....
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.c...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x40...
O16 - DPF: {5DDCC37F-7C6B-48B8-9664-97C537920CA0} (aecviz Class) - http://www.maisonfamiliale.com/AECVIZ/npaecviz.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/w...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/Nvi...
O16 - DPF: {74F6B963-B89B-44D4-AAD0-8EEDC4973314} (IsHere Class) - http://barremagique.tiscali.fr/download/TiscaliBarreMag...
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega.DMFacade.Interface) - https://www.virginmega.fr/DownloadManager/Release/Prod/...
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurateur/AccountHel...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.fr/net/import/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game17.zylom.tiscali.fr/activex/zylomgamesplayer...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} (Canal+ Active MSWAY) - http://www.canalplay.com/cabs/msway44.cab
O20 - Winlogon Notify: vwsisygc - vwsisygc.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Services en ligne\vikozizi.html

--
End of file - 12158 bytes


je m'occupe de navilog maintenant :pt1cable: 

14 Février 2008 22:35:19

euhhhhh, j'ai un ptit soucis, j'ai installé navilog, j'ai validé l'option1 a savoir le choix de la lettre f+ entrée, et il ne se passe rien.......
14 Février 2008 22:50:12

Tu as appuyé sur une touche à chaque fois comme demandé ?
14 Février 2008 22:56:03

ben vi, ça m'ouvre la fenetre "choisir f pour français...
je le fais et plus rien apres :heink: 
14 Février 2008 23:08:01

Bon pas grave.

Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé et poste le rapport ici.
Le rapport se trouve ici : C:\rapport_clean.txt

Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.

+++++++++

Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

Télécharge et installe Antivir. (tuto)
Pourquoi changer ? Avast vs Antivir
Vérifie qu’il soit bien à jour ! Fais une analyse complète, poste le rapport.
14 Février 2008 23:18:00

excuse moi si je suis blonde mdrrrrrrrrr
bon je continue........
14 Février 2008 23:52:45

pfffffffff clean marche pas non plus, il se lance, commence la recherche et plus rien, la fenetre noire se ferme........je fais quoi alors
15 Février 2008 10:07:33

bonjour, bon j'ai refait clean ce matin ...bien réveillée...et voila le rapport mdrrrrr

15/02/2008 a 9:55:56,51

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32
"C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND

*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\DivX\Google\Firefox\ffinstaller.exe" FOUND
"C:\Program Files\msn messenger\riched20.dll" FOUND
*** Fin du rapport !
15 Février 2008 16:19:47

AntiVir PersonalEdition Classic
Report file date: vendredi 15 février 2008 12:21

Scanning for 1109627 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Administrateur
Computer name: MARTIN-X4MZ0M55

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 10:32:54
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 10:32:55
ANTIVIR3.VDF : 7.0.2.142 188928 Bytes 15/02/2008 10:32:55
AVEWIN32.DLL : 7.6.0.65 3240448 Bytes 15/02/2008 10:32:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 15/02/2008 10:32:56
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 15 février 2008 12:21

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( '60' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\upload_moi_MARTIN-X4MZ0M55.tar.gz
[0] Archive type: GZ
--> upload_moi.tar
[1] Archive type: TAR (tape archiver)
--> qoobox/Quarantine/C/Program Files/Temporary/kernInst.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ipm
--> qoobox/Quarantine/C/WINDOWS/system32/awvtu.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/ddcaawv.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/dgonnruu.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/djufljrb.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/nGpxx01/nGpxx011065.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.VB.cgu.2
--> qoobox/Quarantine/C/WINDOWS/system32/opnkhhh.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/catchme2008-02-14_193657.57.zip
[2] Archive type: ZIP
--> awvtu.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> opnkhhh.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/Program Files/Temporary/kernInst.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ipm
--> qoobox/Quarantine/C/WINDOWS/system32/awvtu.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/ddcaawv.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/dgonnruu.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/djufljrb.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/nGpxx01/nGpxx011065.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.VB.cgu.2
--> qoobox/Quarantine/C/WINDOWS/system32/opnkhhh.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/catchme2008-02-14_193657.57.zip
[2] Archive type: ZIP
--> awvtu.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> opnkhhh.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/Program Files/Temporary/kernInst.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ipm
--> qoobox/Quarantine/C/WINDOWS/system32/awvtu.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/ddcaawv.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/dgonnruu.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/djufljrb.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/nGpxx01/nGpxx011065.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.VB.cgu.2
--> qoobox/Quarantine/C/WINDOWS/system32/opnkhhh.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/catchme2008-02-14_193657.57.zip
[2] Archive type: ZIP
--> awvtu.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> opnkhhh.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/Program Files/Temporary/kernInst.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ipm
--> qoobox/Quarantine/C/WINDOWS/system32/awvtu.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/ddcaawv.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/dgonnruu.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/djufljrb.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/nGpxx01/nGpxx011065.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.VB.cgu.2
--> qoobox/Quarantine/C/WINDOWS/system32/opnkhhh.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/catchme2008-02-14_193657.57.zip
[2] Archive type: ZIP
--> awvtu.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> opnkhhh.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/Program Files/Temporary/kernInst.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ipm
--> qoobox/Quarantine/C/WINDOWS/system32/awvtu.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/ddcaawv.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/dgonnruu.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/djufljrb.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/nGpxx01/nGpxx011065.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.VB.cgu.2
--> qoobox/Quarantine/C/WINDOWS/system32/opnkhhh.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/catchme2008-02-14_193657.57.zip
[2] Archive type: ZIP
--> awvtu.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> opnkhhh.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/Program Files/Temporary/kernInst.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ipm
--> qoobox/Quarantine/C/WINDOWS/system32/awvtu.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/ddcaawv.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/dgonnruu.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/djufljrb.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/nGpxx01/nGpxx011065.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.VB.cgu.2
--> qoobox/Quarantine/C/WINDOWS/system32/opnkhhh.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/catchme2008-02-14_193657.57.zip
[2] Archive type: ZIP
--> awvtu.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> opnkhhh.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/Program Files/Temporary/kernInst.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ipm
--> qoobox/Quarantine/C/WINDOWS/system32/awvtu.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/ddcaawv.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/dgonnruu.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/djufljrb.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/nGpxx01/nGpxx011065.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.VB.cgu.2
--> qoobox/Quarantine/C/WINDOWS/system32/opnkhhh.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/catchme2008-02-14_193657.57.zip
[2] Archive type: ZIP
--> awvtu.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> opnkhhh.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48217982.qua'!
C:\QooBox\Quarantine\catchme2008-02-14_193657.57.zip
[0] Archive type: ZIP
--> awvtu.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> opnkhhh.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48299377.qua'!
C:\QooBox\Quarantine\C\Program Files\Temporary\kernInst.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ipm
[INFO] The file was moved to '48279386.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\awvtu.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '482b93a1.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcaawv.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48189394.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\dgonnruu.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48249399.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\djufljrb.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '482a939f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\opnkhhh.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '482393a8.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\nGpxx01\nGpxx011065.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.VB.cgu.2
[INFO] The file was moved to '48259387.qua'!
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\es.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll
[WARNING] The file could not be opened!
Begin scan in 'A:\'
Search path A:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.



End of the scan: vendredi 15 février 2008 15:12
Used time: 2:50:38 min

The scan has been done completely.

7706 Scanning directories
241081 Files were scanned
72 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
9 files were moved to quarantine
0 files were renamed
33 Files cannot be scanned
241009 Files not concerned
2178 Archives were scanned
33 Warnings
0 Notes

et voila, je fais quoi maintenant?
15 Février 2008 16:23:10

Re :) 

Télécharge AVG Anti-Spyware Installes-le.
Si le lien ne fonctionne pas : >Clique ici<
Lance AVG et fais une mise à jour.
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglet comment réagir, clique sur Actions recommandées. Choisis Quarantaine.
Ne fais pas d’analyse pour le moment.
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Relance Avg.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport". Ceci génère un rapport qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
Poste le ici.
&
Toujours en mode sans échec, relance clean et fais l'option 2, poste le rapport.
15 Février 2008 21:08:37

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 20:30:14 15/02/2008

+ Résultat de l'analyse:



C:\System Volume Information\_restore{D5BC1836-4265-4C7D-B664-958E653503BC}\RP3\A0006595.exe -> Downloader.Adload.qy : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{D5BC1836-4265-4C7D-B664-958E653503BC}\RP1\A0000405.exe -> Downloader.Agent.haq : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{D5BC1836-4265-4C7D-B664-958E653503BC}\RP5\A0006651.exe -> Downloader.Agent.ipm : Nettoyé et sauvegardé (mise en quarantaine).


Fin du rapport



Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 15/02/2008 a 20:35:12,06

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.1"

*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\DivX\Google\Firefox\ffinstaller.exe"
tentative de suppression de "C:\Program Files\msn messenger\riched20.dll"

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !


et voila, j'attends la suite maintenant :pt1cable: 
15 Février 2008 21:15:54

Reposte un HIjackthis.
15 Février 2008 21:19:23

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:18:20, on 15/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\M6Video\M6video.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\system32\slrundll.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aliceadsl.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.aliceadsl.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Barre &Magique - {01A7812B-59E8-4A4F-BFD6-EEE6D4CB6BA2} - C:\Program Files\Telecom Italia France\Barre Magique 1.05.08.22\Tiscali BBar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe /iconic
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [m6] C:\Program Files\M6Video\M6video.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=zuzeb004YY...
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O16 - DPF: {041816FE-7869-4B5F-9BE4-FFF3B7368727} (IsHere Class) - http://barremagique.aliceadsl.fr/download/BarreMagique....
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - http://www.m6video.fr/1click/install/files/installer2.c...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x40...
O16 - DPF: {5DDCC37F-7C6B-48B8-9664-97C537920CA0} (aecviz Class) - http://www.maisonfamiliale.com/AECVIZ/npaecviz.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/w...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/Nvi...
O16 - DPF: {74F6B963-B89B-44D4-AAD0-8EEDC4973314} (IsHere Class) - http://barremagique.tiscali.fr/download/TiscaliBarreMag...
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega.DMFacade.Interface) - https://www.virginmega.fr/DownloadManager/Release/Prod/...
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurateur/AccountHel...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.fr/net/import/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game17.zylom.tiscali.fr/activex/zylomgamesplayer...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} (Canal+ Active MSWAY) - http://www.canalplay.com/cabs/msway44.cab
O20 - Winlogon Notify: vwsisygc - vwsisygc.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Services en ligne\vikozizi.html

--
End of file - 12650 bytes
15 Février 2008 21:24:59

Re,

Relance HiJackThis, do a system scan only, coche ces lignes :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aliceadsl.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.aliceadsl.fr
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusea [...] 004YYFR_ZU
O15 - Trusted Zone: *.amaena.com
O24 - Desktop Component 0: (no name) - C:\Program Files\Services en ligne\vikozizi.html

Puis Fix Checked !

Te conseille fortement d'enlever Shareaza du démarrage :) 

Plus de problèmes ?

Désinstalle, supprime tous les logiciels utilisés pour la désinfection ainsi que les dossiers créés correspondants.. Garde ccleaner, avg et antivir si nous les avons installé..
Rapporte ton infection sur Malware Complaints >Tuto<
Ton(tes) infection(s) : Vundo

Puis regarde ce dossier :

Sécurité/Prévention

Bonne soirée
15 Février 2008 21:40:10

je te remercie encore pour ton aide ...dis moi mon pc est tout propre maintenant?
pour sharazade, j'arrive pas a le desinstaller completement......
promis apres j'arrete de t'embeter ... pour cette fois mdrrrrrrrrr

bonne soirée a toi aussi
15 Février 2008 22:22:55

Tu n'arrives pas à le désinstaller complètement, c'est à dire ?
16 Février 2008 10:08:39

bonjour,

quand je vais dans panneau de configuration et suppression des programmes et que je veux virer shareaza, ça m'ouvre une fenetre avec une croix rouge :
le fichier "c/programfiles/shareaza/uninstall/unins000.dat"
n'existe pas.impossible de désinstaller
16 Février 2008 11:17:33

Ah !
Essaie en mode sans échec, je pense que ça ne changera rien.
Sinon retélécharge-le, installe-le et désintalle-le.
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS