Infecté par trojan.popuper... RESOLU

Pas d'quoi ;-))

@+
Le moyen d'aimer une chose est de se dire qu'on pourrait la perdre (Gilbert Keith Chesterton)

Hello, je me retrouve avec tout cela comme infection. Je dois avouer que je n'y comprends rien alors si quelqu'un voulais bien m'aider.

Je viens de formater mon ordi et je l'ai nettoyé du mieux possible mais rien n'y fait.

**********************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:39:02, on 23/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O21 - SSODL: CDCheck - {e211580b-de09-43cd-aa52-15930bdd2998} - C:\WINDOWS\Installer\{e211580b-de09-43cd-aa52-15930bdd2998}\CDCheck.dll
O21 - SSODL: zip - {8a8d73d1-4321-4013-8a5c-a3ad030d6c51} - C:\WINDOWS\Installer\{8a8d73d1-4321-4013-8a5c-a3ad030d6c51}\zip.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
End of file - 10563 bytes


*****************************************************************

Bref voilà ma peine.

Avis aux personnes qui aimerai m'aider.

Aub.

Salut

Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp

++ Chaque voyage est le rêve d'une nouvelle naissance (Jean Royer)

Voilà ce que ça donne.
Merci pour ta réponse rapide.
J'espère que ça le sera aussi pour tout ça.

Aub.




ComboFix 08-03-23.2 - HP_Administrateur 2008-03-24 0:00:00.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1439 [GMT 1:00]
Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))))))))
.

2008-03-23 23:51 . 2008-03-23 23:58 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-03-23 23:50 . 2008-03-23 23:50 <REP> d-------- C:\WINDOWS\LastGood
2008-03-23 23:37 . 2008-03-23 23:37 <REP> d-------- C:\Program Files\Trend Micro
2008-03-23 23:30 . 2008-03-23 23:30 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Grisoft
2008-03-23 23:30 . 2008-03-23 23:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-23 23:30 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-23 22:49 . 2008-03-23 22:49 19,968 --a------ C:\Program Files\tmp1861062.exe
2008-03-23 22:49 . 2008-03-23 22:49 19,968 --a------ C:\Program Files\tmp1860953.exe
2008-03-23 22:49 . 2008-03-23 22:49 19,968 --a------ C:\Program Files\tmp1860906.exe
2008-03-23 07:32 . 2008-03-23 07:32 16,628 --a------ C:\Program Files\tmp60296.exe
2008-03-23 07:32 . 2008-03-23 07:32 16,600 --a------ C:\Program Files\tmp60328.exe
2008-03-23 07:32 . 2008-03-23 07:32 16,600 --a------ C:\Program Files\tmp60312.exe
2008-03-23 07:32 . 2008-03-23 07:32 16,492 --a------ C:\Program Files\tmp60359.exe
2008-03-23 07:32 . 2008-03-23 07:32 13,552 --a------ C:\Program Files\tmp60593.exe
2008-03-22 17:28 . 2008-03-23 22:37 <REP> d-------- C:\Program Files\eMule
2008-03-21 21:47 . 2008-03-21 21:47 16,580 --a------ C:\Program Files\tmp6942593.exe
2008-03-21 21:47 . 2008-03-21 21:47 13,460 --a------ C:\Program Files\tmp6952203.exe
2008-03-21 21:47 . 2008-03-21 21:47 13,368 --a------ C:\Program Files\tmp6952046.exe
2008-03-21 19:53 . 2008-03-21 19:53 19,968 --a------ C:\Program Files\tmp73921.exe
2008-03-21 17:58 . 2008-03-21 17:58 19,968 --a------ C:\Program Files\tmp51812.exe
2008-03-21 07:08 . 2008-03-21 07:08 19,968 --a------ C:\Program Files\tmp52968.exe
2008-03-20 20:44 . 2008-03-20 20:44 13,544 --a------ C:\Program Files\tmp6067390.exe
2008-03-20 20:43 . 2008-03-20 20:43 16,452 --a------ C:\Program Files\tmp6037593.exe
2008-03-20 19:01 . 2008-03-20 19:01 19,968 --a------ C:\Program Files\tmp65593.exe
2008-03-20 19:01 . 2008-03-20 19:01 19,968 --a------ C:\Program Files\tmp64921.exe
2008-03-20 19:01 . 2008-03-20 19:01 19,968 --a------ C:\Program Files\tmp61453.exe
2008-03-20 19:01 . 2008-03-20 19:01 19,968 --a------ C:\Program Files\tmp60687.exe
2008-03-20 19:01 . 2008-03-20 19:01 19,968 --a------ C:\Program Files\tmp59796.exe
2008-03-20 19:01 . 2008-03-20 19:01 19,968 --a------ C:\Program Files\tmp59578.exe
2008-03-20 19:01 . 2008-03-20 19:01 19,968 --a------ C:\Program Files\tmp58812.exe
2008-03-20 19:01 . 2008-03-20 19:01 19,968 --a------ C:\Program Files\tmp55609.exe
2008-03-20 19:01 . 2008-03-20 19:01 19,968 --a------ C:\Program Files\tmp50875.exe
2008-03-20 19:01 . 2008-03-20 19:01 19,968 --a------ C:\Program Files\tmp49859.exe
2008-03-20 19:01 . 2008-03-20 19:01 19,968 --a------ C:\Program Files\tmp49828.exe
2008-03-20 07:01 . 2008-03-20 07:01 19,968 --a------ C:\Program Files\tmp55984.exe
2008-03-20 07:01 . 2008-03-20 07:01 19,968 --a------ C:\Program Files\tmp55921.exe
2008-03-19 22:34 . 2008-03-19 22:34 19,968 --a------ C:\Program Files\tmp111234.exe
2008-03-19 22:34 . 2008-03-19 22:34 19,968 --a------ C:\Program Files\tmp110375.exe
2008-03-19 20:43 . 2008-03-19 20:43 13,424 --a------ C:\Program Files\tmp7322890.exe
2008-03-19 20:42 . 2008-03-19 20:42 16,608 --a------ C:\Program Files\tmp7260328.exe
2008-03-18 21:56 . 2008-03-18 21:56 12,288 --a------ C:\Program Files\tmp5476312.exe
2008-03-18 20:23 . 2008-03-18 20:23 1,917 --a------ C:\WINDOWS\imsins.BAK
2008-03-18 20:06 . 2008-03-18 20:06 35,756 --a------ C:\Program Files\tmp67437.exe
2008-03-18 20:06 . 2008-03-18 20:06 16,564 --a------ C:\Program Files\tmp58953.exe
2008-03-18 20:06 . 2008-03-18 20:06 16,560 --a------ C:\Program Files\tmp59000.exe
2008-03-18 20:06 . 2008-03-18 20:06 16,496 --a------ C:\Program Files\tmp58921.exe
2008-03-18 20:06 . 2008-03-18 20:06 13,484 --a------ C:\Program Files\tmp58906.exe
2008-03-18 20:04 . 2008-03-18 20:04 12,288 --a------ C:\Program Files\tmp9224125.exe
2008-03-18 20:02 . 2008-03-18 20:02 16,536 --a------ C:\Program Files\tmp9136562.exe
2008-03-18 20:02 . 2008-03-18 20:02 13,424 --a------ C:\Program Files\tmp9137390.exe
2008-03-17 18:45 . 2008-03-17 18:45 16,512 --a------ C:\Program Files\tmp58546.exe
2008-03-17 18:45 . 2008-03-17 18:45 16,468 --a------ C:\Program Files\tmp58453.exe
2008-03-17 18:45 . 2008-03-17 18:45 16,440 --a------ C:\Program Files\tmp58500.exe
2008-03-17 18:45 . 2008-03-17 18:45 13,520 --a------ C:\Program Files\tmp58531.exe
2008-03-16 18:40 . 2008-03-16 18:40 16,632 --a------ C:\Program Files\tmp25361078.exe
2008-03-16 18:40 . 2008-03-16 18:40 13,368 --a------ C:\Program Files\tmp25368343.exe
2008-03-16 09:23 . 2008-03-12 13:18 507 --a------ C:\WINDOWS\win.tmp
2008-03-16 09:23 . 2008-03-24 00:04 231 --a------ C:\WINDOWS\system.tmp
2008-03-16 09:21 . 2008-03-16 09:21 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\HPQ
2008-03-16 09:19 . 2008-03-20 22:19 <REP> d-------- C:\Program Files\Spyware Doctor
2008-03-16 09:19 . 2008-03-16 09:19 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\PC Tools
2008-03-16 09:19 . 2008-03-17 18:44 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-16 09:19 . 2006-08-24 12:40 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2008-03-16 09:19 . 2006-07-10 17:38 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2008-03-15 17:51 . 2008-03-15 17:51 <REP> d-------- C:\Program Files\Common Files
2008-03-15 17:40 . 2008-03-15 17:40 <REP> d-------- C:\Program Files\IE Extensions
2008-03-13 19:46 . 2008-03-13 19:46 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Leadertech
2008-03-13 19:30 . 2008-03-23 22:19 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\OpenOffice.org2
2008-03-13 19:24 . 2008-03-13 19:41 3,888,054 --a------ C:\WINDOWS\wallpaper.bmp
2008-03-13 12:57 . 2008-03-13 12:57 <REP> d-------- C:\WINDOWS\Sun
2008-03-13 12:43 . 2008-03-13 12:43 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-03-12 20:38 . 2008-03-12 20:38 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\HP
2008-03-12 19:07 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-12 19:07 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-12 19:07 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-12 13:56 . 2008-03-12 13:56 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-12 13:48 . 2008-03-13 19:23 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-03-12 13:42 . 2008-03-12 13:42 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\AdobeUM
2008-03-12 13:34 . 2008-03-12 13:34 <REP> d--hs---- C:\Documents and Settings\HP_Administrateur\UserData
2008-03-12 13:18 . 2008-03-12 13:18 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-03-12 13:17 . 2008-03-12 13:17 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-03-12 13:17 . 2008-03-12 13:18 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-12 12:50 . 2008-03-13 18:45 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2008-03-12 12:46 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-03-12 12:45 . 2008-03-12 12:45 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-12 12:42 . 2008-03-12 12:42 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Contacts
2008-03-12 12:41 . 2008-03-12 12:41 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-12 12:41 . 2008-03-15 11:59 <REP> d-------- C:\Program Files\Windows Live
2008-03-12 12:41 . 2008-03-12 12:44 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-12 12:41 . 2008-03-12 12:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-12 08:07 . 2008-03-12 08:07 <REP> d-------- C:\Program Files\MSXML 4.0
2008-03-12 07:58 . 2008-03-23 23:37 <REP> dr------- C:\Program Files
2008-03-12 07:58 . 2008-03-12 08:03 <REP> dr------- C:\Documents and Settings\Default User\Menu Démarrer
2008-03-12 07:58 . 2008-03-12 08:03 <REP> dr------- C:\Documents and Settings\All Users\Menu Démarrer
2008-03-12 07:58 . 2008-03-12 08:03 <REP> dr------- C:\Documents and Settings\All Users\Documents
2008-03-12 07:58 . 2008-03-12 08:03 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-03-12 07:58 . 2008-03-12 08:03 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-03-12 07:58 . 2008-03-12 08:03 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-03-12 07:54 . 2008-03-15 11:58 <REP> dr-hs---- C:\WINDOWS\system32\dllcache
2008-03-12 07:54 . 2008-03-12 08:03 <REP> dr------- C:\WINDOWS\system32\config\systemprofile\Menu Démarrer

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 06:01 --------- d-----w C:\Program Files\Google
2008-03-12 11:32 --------- d-----w C:\Program Files\Java
2008-03-12 06:22 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-03-12 06:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-11 23:18 1,906 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_RF774AA-ABF t3612.fr_YC_0Pavi_QCZB639_E64FRemMPA3_48_INODUSM3_SASUSTek Computer INC._V1.05_B3.07_T060802_WXP2_L40C_M1983_J200_7AMD_8Athlon 64 X2 Dual Core_92_#080311_N_Z_G10DE0241.MRK
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-11 05:36 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2006-02-19 09:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00 15360]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2006-12-12 23:46 3375104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 13:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-22 00:56 16261632 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:15 77312 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 23:50 7311360]
"nwiz"="nwiz.exe" [2006-05-09 23:50 1519616 C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 09:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 22:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 06:11 49152]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2006-12-12 23:46 3375104]

C:\Documents and Settings\HP_Administrateur\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CDCheck"= {e211580b-de09-43cd-aa52-15930bdd2998} - C:\WINDOWS\Installer\{e211580b-de09-43cd-aa52-15930bdd2998}\CDCheck.dll [2008-03-15 17:40 19034]
"zip"= {8a8d73d1-4321-4013-8a5c-a3ad030d6c51} - C:\WINDOWS\Installer\{8a8d73d1-4321-4013-8a5c-a3ad030d6c51}\zip.dll [2008-03-15 17:40 22690]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 12:00]

*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-24 00:04:29
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\Installer\{e211580b-de09-43cd-aa52-15930bdd2998}\CDCheck.dll
-> C:\WINDOWS\Installer\{8a8d73d1-4321-4013-8a5c-a3ad030d6c51}\zip.dll
.
Temps d'accomplissement: 2008-03-24 0:06:38
ComboFix-quarantined-files.txt 2008-03-23 23:06:31
.
2008-03-15 10:59:24 --- E O F ---

Salut

pas mal de saletés !

Télécharge SDFix sur ton bureau

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.cmd pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum stp

++

Chaque voyage est le rêve d'une nouvelle naissance (Jean Royer)

voilà ce que ça donne.


[b]SDFix: Version 1.160 /b

Run by HP_Administrateur on 24/03/2008 at 15:18

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\HP_ADM~1\Bureau\sdfix\SDFix

[b]Checking Services /b:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files /b:

Trojan Files Found:

C:\WINDOWS\Installer\{e211580b-de09-43cd-aa52-15930bdd2998}\­CDCheck.dll - Deleted
C:\WINDOWS\Installer\{8a8d73d1-4321-4013-8a5c-a3ad030d6c51}\­zip.dll - Deleted
C:\Program Files\IE Extensions\cj.v2.dll - Deleted
C:\Program Files\tmp110375.exe - Deleted
C:\Program Files\tmp111234.exe - Deleted
C:\Program Files\tmp49828.exe - Deleted
C:\Program Files\tmp49859.exe - Deleted
C:\Program Files\tmp50875.exe - Deleted
C:\Program Files\tmp51812.exe - Deleted
C:\Program Files\tmp52968.exe - Deleted
C:\Program Files\tmp5476312.exe - Deleted
C:\Program Files\tmp55609.exe - Deleted
C:\Program Files\tmp55921.exe - Deleted
C:\Program Files\tmp55984.exe - Deleted
C:\Program Files\tmp58812.exe - Deleted
C:\Program Files\tmp59578.exe - Deleted
C:\Program Files\tmp59796.exe - Deleted
C:\Program Files\tmp60687.exe - Deleted
C:\Program Files\tmp61453.exe - Deleted
C:\Program Files\tmp64921.exe - Deleted
C:\Program Files\tmp65593.exe - Deleted
C:\Program Files\tmp72718.exe - Deleted
C:\Program Files\tmp73000.exe - Deleted
C:\Program Files\tmp73921.exe - Deleted
C:\Program Files\tmp9224125.exe - Deleted



Folder C:\WINDOWS\Installer\{e211580b-de09-43cd-aa52-15930bdd2998} - Removed
Folder C:\WINDOWS\Installer\{8a8d73d1-4321-4013-8a5c-a3ad030d6c51} - Removed
Folder C:\Program Files\IE Extensions - Removed


Removing Temp Files

[b]ADS Check /b:



[b]Final Check /b:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-24 15:23:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services /b:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[b]Remaining Files /b:


File Backups: - C:\DOCUME~1\HP_ADM~1\Bureau\sdfix\SDFix\backups\backups.zip

[b]Files with Hidden Attributes /b:

Wed 12 Mar 2008 211 A.SHR --- "C:\BOOT.BAK"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 2 Nov 2006 32 A.SH. --- "C:\WINDOWS\SMINST\HPCD.SYS"
Wed 12 Mar 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

[b]Finished!/b

très bien, poste un nouveau combo stp

++ Chaque voyage est le rêve d'une nouvelle naissance (Jean Royer)

ComboFix 08-03-23.2 - HP_Administrateur 2008-03-24 15:42:57.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1308 [GMT 1:00]
Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-24 to 2008-03-24 ))))))))))))))))))))))))))))))))))))
.

2008-03-24 15:16 . 2008-03-24 15:16 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-24 01:20 . 2008-03-24 01:20 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-24 01:20 . 2008-03-24 01:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-24 00:19 . 2008-03-24 00:43 <REP> d-------- C:\WINDOWS\Internet Logs
2008-03-24 00:19 . 2008-03-24 00:19 <REP> d-------- C:\Program Files\Zone Labs
2008-03-23 23:51 . 2008-03-24 00:57 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-03-23 23:37 . 2008-03-23 23:37 <REP> d-------- C:\Program Files\Trend Micro
2008-03-23 23:30 . 2008-03-23 23:30 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Grisoft
2008-03-23 23:30 . 2008-03-23 23:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-23 23:30 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-22 17:28 . 2008-03-24 01:10 <REP> d-------- C:\Program Files\eMule
2008-03-18 20:23 . 2008-03-18 20:23 1,917 --a------ C:\WINDOWS\imsins.BAK
2008-03-16 09:23 . 2008-03-12 13:18 507 --a------ C:\WINDOWS\win.tmp
2008-03-16 09:23 . 2008-03-24 00:04 227 --a------ C:\WINDOWS\system.tmp
2008-03-16 09:21 . 2008-03-16 09:21 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\HPQ
2008-03-16 09:19 . 2008-03-24 00:45 <REP> d-------- C:\Program Files\Spyware Doctor
2008-03-16 09:19 . 2008-03-16 09:19 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\PC Tools
2008-03-16 09:19 . 2008-03-17 18:44 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-16 09:19 . 2006-08-24 12:40 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2008-03-16 09:19 . 2006-07-10 17:38 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2008-03-13 19:46 . 2008-03-13 19:46 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Leadertech
2008-03-13 19:30 . 2008-03-24 15:26 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\OpenOffice.org2
2008-03-13 19:24 . 2008-03-13 19:41 3,888,054 --a------ C:\WINDOWS\wallpaper.bmp
2008-03-13 12:57 . 2008-03-13 12:57 <REP> d-------- C:\WINDOWS\Sun
2008-03-13 12:43 . 2008-03-13 12:43 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-03-12 20:38 . 2008-03-12 20:38 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\HP
2008-03-12 19:07 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-12 19:07 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-12 19:07 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-12 13:56 . 2008-03-12 13:56 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-12 13:48 . 2008-03-13 19:23 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-03-12 13:42 . 2008-03-12 13:42 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\AdobeUM
2008-03-12 13:34 . 2008-03-12 13:34 <REP> d--hs---- C:\Documents and Settings\HP_Administrateur\UserData
2008-03-12 13:18 . 2008-03-12 13:18 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-03-12 13:17 . 2008-03-12 13:17 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-03-12 13:17 . 2008-03-12 13:18 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-12 12:50 . 2008-03-13 18:45 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2008-03-12 12:46 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-03-12 12:45 . 2008-03-12 12:45 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-12 12:42 . 2008-03-12 12:42 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Contacts
2008-03-12 12:41 . 2008-03-12 12:41 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-12 12:41 . 2008-03-15 11:59 <REP> d-------- C:\Program Files\Windows Live
2008-03-12 12:41 . 2008-03-12 12:44 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-12 12:41 . 2008-03-12 12:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-12 08:07 . 2008-03-12 08:07 <REP> d-------- C:\Program Files\MSXML 4.0
2008-03-12 07:58 . 2008-03-24 15:23 <REP> dr------- C:\Program Files
2008-03-12 07:58 . 2008-03-12 08:03 <REP> dr------- C:\Documents and Settings\Default User\Menu Démarrer
2008-03-12 07:58 . 2008-03-12 08:03 <REP> dr------- C:\Documents and Settings\All Users\Menu Démarrer
2008-03-12 07:58 . 2008-03-12 08:03 <REP> dr------- C:\Documents and Settings\All Users\Documents
2008-03-12 07:58 . 2008-03-12 08:03 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-03-12 07:58 . 2008-03-12 08:03 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-03-12 07:58 . 2008-03-12 08:03 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-03-12 07:54 . 2008-03-15 11:58 <REP> dr-hs---- C:\WINDOWS\system32\dllcache
2008-03-12 07:54 . 2008-03-12 08:03 <REP> dr------- C:\WINDOWS\system32\config\systemprofile\Menu Démarrer
2008-03-12 07:24 . 2008-03-12 07:24 <REP> d-------- C:\Program Files\Alwil Software
2008-03-12 07:24 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-12 07:24 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-12 07:24 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2008-03-12 07:24 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-12 07:24 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-12 07:24 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-12 07:24 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-12 07:24 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-12 07:08 . 2006-03-21 04:23 23,040 --------- C:\WINDOWS\kb913800.exe
2008-03-12 07:06 . 2008-03-24 00:41 <REP> d-------- C:\Program Files\Yahoo!
2008-03-12 07:06 . 2008-03-12 07:07 <REP> d-------- C:\Program Files\CCleaner
2008-03-12 07:05 . 2004-08-10 12:00 57,856 --a------ C:\WINDOWS\system32\SETECC.tmp
2008-03-12 01:02 . 2008-03-12 01:02 <REP> d-------- C:\Program Files\Lavasoft
2008-03-12 01:02 . 2008-03-12 01:02 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Lavasoft
2008-03-12 00:47 . 2008-03-12 00:47 1,158 --a------ C:\WINDOWS\mozver.dat
2008-03-12 00:46 . 2008-03-16 22:46 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
2008-03-12 00:46 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-12 00:39 . 2008-03-12 00:39 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Thunderbird
2008-03-12 00:39 . 2008-03-12 00:39 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Talkback
2008-03-12 00:37 . 2008-03-12 00:37 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-12 00:23 . 2008-03-12 00:23 <REP> d-------- C:\WINDOWS\system32\AlertModule
2008-03-12 00:23 . 2004-08-23 14:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2008-03-12 00:23 . 2004-08-23 14:50 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2008-03-12 00:22 . 2008-03-24 15:36 <REP> d-------- C:\Program Files\Wanadoo
2008-03-12 00:20 . 2008-03-12 00:20 <REP> d-------- C:\Program Files\Inventel
2008-03-12 00:20 . 2008-03-12 00:20 278,528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2008-03-12 00:19 . 2008-03-12 00:19 81,920 --a------ C:\WINDOWS\system32\W32N50.dll
2008-03-12 00:19 . 2008-03-12 00:19 17,134 --a------ C:\WINDOWS\system32\PCANDIS5.sys
2008-03-12 00:18 . 2008-03-12 00:18 1,906 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_RF774AA-ABF t3612.fr_YC_0Pavi_QCZB639_E64FRemMPA3_48_INODUSM3_SASUSTek Computer INC._V1.05_B3.07_T060802_WXP2_L40C_M1983_J200_7AMD_8Athlon 64 X2 Dual Core_92_#080311_N_Z_G10DE0241.MRK
2008-03-12 00:14 . 2008-03-12 00:14 <REP> d-------- C:\Program Files\Orange
2008-03-12 00:12 . 2006-01-02 18:45 <REP> d-------- C:\Documents and Settings\HP_Administrateur\WINDOWS
2008-03-12 00:12 . 2005-11-12 01:08 <REP> d--h----- C:\Documents and Settings\HP_Administrateur\Voisinage réseau
2008-03-12 00:12 . 2005-11-12 01:08 <REP> d--h----- C:\Documents and Settings\HP_Administrateur\Voisinage d'impression
2008-03-12 00:12 . 2005-11-15 03:23 <REP> d--h----- C:\Documents and Settings\HP_Administrateur\Modèles
2008-03-12 00:12 . 2008-03-23 07:45 <REP> dr------- C:\Documents and Settings\HP_Administrateur\Mes documents
2008-03-12 00:12 . 2008-03-12 08:03 <REP> dr------- C:\Documents and Settings\HP_Administrateur\Menu Démarrer
2008-03-12 00:12 . 2008-03-24 01:19 <REP> dr------- C:\Documents and Settings\HP_Administrateur\Favoris
2008-03-12 00:12 . 2008-03-24 15:46 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Bureau
2008-03-12 00:11 . 2006-01-02 18:45 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-03-12 00:11 . 2006-01-02 18:45 <REP> d-------- C:\Documents and Settings\Default User\WINDOWS
2008-03-12 00:07 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-12 00:07 . 2008-03-24 15:28 182 --a------ C:\WINDOWS\system\hpsysdrv.DAT

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 06:01 --------- d-----w C:\Program Files\Google
2008-03-12 11:32 --------- d-----w C:\Program Files\Java
2008-03-12 06:22 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-03-12 06:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-11 23:18 1,906 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_RF774AA-ABF t3612.fr_YC_0Pavi_QCZB639_E64FRemMPA3_48_INODUSM3_SASUSTek Computer INC._V1.05_B3.07_T060802_WXP2_L40C_M1983_J200_7AMD_8Athlon 64 X2 Dual Core_92_#080311_N_Z_G10DE0241.MRK
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-11 05:36 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2006-02-19 09:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00 15360]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2006-12-12 23:46 3375104]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 13:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-22 00:56 16261632 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:15 77312 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 23:50 7311360]
"nwiz"="nwiz.exe" [2006-05-09 23:50 1519616 C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 09:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 22:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 06:11 49152]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2006-12-12 23:46 3375104]

C:\Documents and Settings\HP_Administrateur\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 12:00]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-24 15:46:20
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
Temps d'accomplissement: 2008-03-24 15:47:37
ComboFix-quarantined-files.txt 2008-03-24 14:47:32
ComboFix2.txt 2008-03-23 23:06:40
.
2008-03-15 10:59:24 --- E O F ---



Voilà.

Aub.

ok, fais ceci stp :

# Dans la fenêtre d'HijackThis, clique sur le bouton à droite Config
# Clique sur le bouton Misc Tools Button
# Clique sur le boutton ADS Spy
# Dans la nouvelle fenêtre, clique sur le bouton Scan
# Enregistre le rapport et poste le stp

++ Chaque voyage est le rêve d'une nouvelle naissance (Jean Royer)

Lorsque j'arrive au moment de scanner, cela indique scan complete mais rien ne s'affiche.

Est-ce normal ou ai-je fais une fausse manip

Merci.

Aub.

non ! c'est possible !

télécharge clean.zip (de Malekal_morte) : http://www.malekal.com/download/clean.zip

* Décompressez le fichier sur le bureau (clic droit / extraire tout), afin d’obtenir un dossier nommé clean.
* Ouvrez le dossier Clean qui se trouve sur votre bureau et faire un double-cliquez sur clean.cmd.
* Une fenêtre noire va apparaître, choisissez l'option 1, un rapport sera crée sous la racine : C:\rapport_clean.txt

==> poste le stp Chaque voyage est le rêve d'une nouvelle naissance (Jean Royer)

voilà, ce que cela donne.

24/03/2008 a 16:17:05,53

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files