Télécharges Malwarebyte's à l'adresse ci-dessous :

http://www.generation-nt.com/malwarebytes-anti-malware-telec­hargement-47800.html

1) Redémarres en mode sans échec. Pour cela, tapotes F8 au démarrage, avant que le logo de windows n'apparaisse.
2) Choisis ton compte et pas l'Administrateur.
3) Fais un scan complet, et supprimes tout ce qu'il te trouve.
4) Sauvegardes le résultat (à la fin du scan, l'option "afficher le résultat", apparait).
5) Lorsque tu as fini ça, refais un log hijackthis et post-le à la suite du résultat de Malwarebyte's.

Bonjour a vous ,pour suivre .. **si je ne réponds pas de suite, c'est que moi aussi j'ai un­ métier et une famille **

Tiens tiens qui voilà.

Télécharge ToolbarS&D à l'adresse ci-dessous :

http://www.malekal.com//tutorial_ToolBar_SD.php

1) Double clique dessus pour l'installer.
2) Lances-le et choisis l'option F (français)
3) Choisis l'option 1 et appuies sur la touche Enter.
4) Une fois l'analyse terminé, colles le rapport.

Slt Zangetsu. J'ai vraiment du mal avec toolbar s&d. Je réussis meme pas à le lancer.

Laisse ToolbarS&D de côté.

Télécharge le patch pour le trojan amvo à l'adresse ci-dessous :

http://www.infos-du-net.com/forum/276524-11-grand-probleme-virus-amvo-xn1i9x

Redémarre en mode sans échec puis applique le patch.

Télécharge le patch pour le trojan amvo à l'adresse ci-dessous :

Je ne vois pas de patch a cette adresse ?? **si je ne réponds pas de suite, c'est que moi aussi j'ai un­ métier et une famille **

Si il y en a un tout en bas, mais je vais donner le lien :

http://www.net-studio.org/software/AmvoRemover.rar

J'ai téléchargé et appliqué le patch.

Peux-tu refaire un log hijackthis pour voir si tout s'est bien déroulé.

Voici le rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:48:46, on 17/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Microsoft Encarta\Microsoft Encarta 2007 - Collection\EDICT.EXE
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\microsoft\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http:­//fr.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http:­//fr.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http:­//fr.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http:­//fr.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Userinit] C:\WINDOWS\system32\cologsver.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [E07FDXRC_5554877] "C:\Program Files\Microsoft Encarta\Microsoft Encarta 2007 - Collection\EDICT.EXE" -m
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\UNESCO\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DAE98F5-DE45-43C4-B2B9-1BB4CD35A142}: NameServer = 206.82.130.195 209.244.0.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\microsoft\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
End of file - 12146 bytes

A ce que je vois c'est pas le cas. Donc le patch, tu peux le virer. Je te dis quoi bientot.

Zangtsu on avait fait un truc mais tu m'as pas répondu tu m'as dit dernier log hijackthis mais ta jamais répondu

D'accord!

Je ne vois pas ta question, donc si tu peux me la reposer.

Télécharges ComboFix à l'adresse ci-dessous :

http://www.bleepingcomputer.com/combofix/fr/comment-utiliser­-combofix

1) Désactives ton antivirus !!
2) Lances-le (Tapes la touche 1 puis tu appuies sur Enter)
3) Après la fin de la sauvegarde du Registre Windows, ComboFix va déconnecter ton pc d'internet. Donc ne sois pas surpris, ta connexion sera totalement rétablie après.
4) Post le rapport qui s'ouvrira à la fin, ainsi qu'un nouveau log Hijackthis.

Voilà le log combo fix


ComboFix 08-09-16.05 - UNESCO 2008-09-18 16:44:35.1 - NTFSx86
Lancé depuis: C:\Documents and Settings\UNESCO\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\bwpncb6.com
C:\Documents and Settings\UNESCO\Cookies\unesco@2o7[1].txt
C:\Documents and Settings\UNESCO\Cookies\unesco@bluestreak[1].txt
C:\Documents and Settings\UNESCO\Cookies\unesco@edt02[1].txt
C:\Documents and Settings\UNESCO\Cookies\unesco@media6degrees[2].txt
C:\Documents and Settings\UNESCO\Cookies\unesco@serving-sys[1].txt
C:\Documents and Settings\UNESCO\Cookies\unesco@www.reseauetudiant[2].txt
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\ckvo2.dll
C:\WINDOWS\system32\MSINET.oca

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-18 au 2008-09-18 ))))))))))))))))))))))))))))))))))))
.

2008-09-17 16:58 . 2008-09-17 17:32 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-16 16:22 . 2008-09-16 16:22 <REP> d-------- C:\Program Files\ESTsoft
2008-09-16 16:22 . 2008-09-16 16:22 <REP> d-------- C:\Documents and Settings\UNESCO\Application Data\ESTsoft
2008-09-16 11:04 . 2008-09-16 11:04 1,160 --a------ C:\WINDOWS\mozver.dat
2008-09-16 10:32 . 2008-09-16 11:13 <REP> d-------- C:\ToolBar SD
2008-09-15 12:07 . 2008-09-15 12:07 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-15 12:07 . 2008-09-15 12:07 <REP> d-------- C:\Documents and Settings\UNESCO\Application Data\Malwarebytes
2008-09-15 12:07 . 2008-09-15 12:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-15 12:07 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-15 12:07 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-14 11:26 . 2008-09-14 11:26 <REP> d-------- C:\Program Files\Trend Micro
2008-09-10 15:13 . 2008-09-10 18:20 98,137 -r-hs---- C:\s.bat
2008-09-10 11:54 . 2008-09-10 15:13 96,047 -r-hs---- C:\39lpji.com
2008-09-08 12:45 . 2008-09-09 10:46 93,896 -r-hs---- C:\1t6yxlxx.cmd
2008-09-05 14:27 . 2008-09-06 16:15 19,456 --a------ C:\WINDOWS\system32\ddr.exe
2008-09-05 08:11 . 2008-09-05 10:36 92,213 -r-hs---- C:\ktnquo.exe
2008-09-03 20:38 . 2008-09-03 20:38 90,956 -r-hs---- C:\ov.cmd
2008-09-03 08:28 . 2008-09-07 18:02 93,385 -r-hs---- C:\jdhc2x2.com
2008-09-02 17:23 . 2008-09-03 18:48 90,163 -r-hs---- C:\f.bat
2008-09-01 18:06 . 2008-09-02 17:11 92,971 -r-hs---- C:\22xo.exe
2008-09-01 08:26 . 2008-09-02 09:01 90,623 -r-hs---- C:\kk3.bat
2008-08-30 11:39 . 2008-08-30 11:39 244 --ah----- C:\sqmnoopt11.sqm
2008-08-30 11:39 . 2008-08-30 11:39 232 --ah----- C:\sqmdata11.sqm
2008-08-30 11:16 . 2008-08-30 14:31 89,725 -r-hs---- C:\rs.cmd
2008-08-27 12:30 . 2008-08-27 12:30 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-27 06:40 . 2008-08-29 16:00 91,084 -r-hs---- C:\ph.com
2008-08-25 18:15 . 2008-08-25 18:17 <REP> d-------- C:\wamp
2008-08-24 18:07 . 2008-08-27 07:04 90,120 -r-hs---- C:\n.com
2008-08-23 12:06 . 2008-08-23 19:14 92,661 -r-hs---- C:\mnl6on3.com
2008-08-22 10:46 . 2008-08-22 17:24 91,122 -r-hs---- C:\yssjnngm.cmd
2008-08-21 10:14 . 2008-08-21 22:02 90,994 -r-hs---- C:\83fgj.com
2008-08-20 13:37 . 2008-09-18 16:33 <REP> d-------- C:\Program Files\eMule
2008-08-20 09:55 . 2008-08-20 17:56 92,123 -r-hs---- C:\2.cmd

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-18 16:36 --------- d-----w C:\Documents and Settings\UNESCO\Application Data\AVG7
2008-09-18 16:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-09-17 16:19 --------- d-----w C:\Program Files\microsoft
2008-09-16 11:53 --------- d-----w C:\Documents and Settings\UNESCO\Application Data\uTorrent
2008-09-15 15:57 --------- d-----w C:\Documents and Settings\UNESCO\Application Data\Skype
2008-09-15 14:27 --------- d-----w C:\Documents and Settings\UNESCO\Application Data\skypePM
2008-08-25 19:08 --------- d-----w C:\Program Files\Notepad++
2008-08-19 14:56 --------- d-----w C:\Program Files\uTorrent
2008-08-16 13:38 91,179 --sh--r C:\t1ypkh.exe
2008-08-16 11:34 92,457 --sh--r C:\rqq2v.bat
2008-08-14 14:16 88,935 --sh--r C:\tbm9.bat
2008-08-13 10:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-09 10:07 --------- d-----w C:\Program Files\SPSS
2008-08-08 12:40 --------- d-----w C:\Program Files\Windows Live
2008-08-08 12:35 --------- d-----w C:\Program Files\Himalaya Studios
2008-08-08 12:34 --------- d-----w C:\Program Files\AVI DivX MPEG to DVD Converter & Burner
2008-08-08 12:31 --------- d-----w C:\Program Files\Site Internet Facile
2008-08-08 12:31 --------- d-----w C:\Program Files\DivX
2008-08-08 12:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-08 12:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-08-08 12:22 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-08-07 19:14 --------- d-----w C:\Program Files\Ubisoft
2008-08-06 21:33 --------- d-----w C:\Program Files\Rainbow Technologies
2008-08-06 21:27 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-08-06 08:51 88,762 --sh--r C:\x.com
2008-08-05 11:23 --------- d-----w C:\Program Files\Codemasters
2008-08-03 18:07 --------- d-----w C:\Program Files\Epidata
2008-07-30 20:24 --------- d-----w C:\Program Files\Skype
2008-07-30 20:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-07-30 20:23 --------- d-----w C:\Program Files\Fichiers communs\Skype
2008-07-26 11:01 --------- d-----w C:\Documents and Settings\UNESCO\Application Data\gtk-2.0
2008-07-24 12:18 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-07-24 11:49 --------- d-----w C:\Documents and Settings\UNESCO\Application Data\Windows Live Writer
2008-07-24 11:36 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-07-24 11:36 --------- d-----w C:\Program Files\Windows Live Favorites
2008-07-24 10:39 --------- d-----w C:\Program Files\Synaptics
2008-07-22 00:42 42,320 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-07-18 22:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 22:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 22:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 22:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 22:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 22:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 22:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 22:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2007-11-11 11:42 24,192 ----a-w C:\Documents and Settings\UNESCO\usbsermptxp.sys
2007-11-11 11:42 22,768 ----a-w C:\Documents and Settings\UNESCO\usbsermpt.sys
2007-11-11 12:49 1,795,616 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-11 12:50 35,360 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2005-03-13 1057280]
"E07FDXRC_5554877"="C:\Program Files\Microsoft Encarta\Microsoft Encarta 2007 - Collection\EDICT.EXE" [2006-06-13 351000]
"Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2008-05-27 4269296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"StatusClient 2.6"="C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 61440]
"TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 188416]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-01-07 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-02-06 344064]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 126976]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 561152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-08 113664]
BTTray.lnk - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2005-07-22 577597]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\microsoft\\uTorrent.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Ubisoft\\XIII\\system\\XIII.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\eMule\\emule.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{045f5f50-318d-11dc-880c-000e35f13038}]
\Shell\AutoOpen\command - H:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{180a8ea0-7e9a-11dd-8ddd-000e35f13038}]
\Shell\AutoRun\command - F:\jdhc2x2.com
\Shell\explore\Command - F:\jdhc2x2.com
\Shell\open\Command - F:\jdhc2x2.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2289da40-66bb-11dd-8d5e-ac664b6b19e0}]
\Shell\AutoRun\command - F:\t1ypkh.exe
\Shell\explore\Command - F:\t1ypkh.exe
\Shell\open\Command - F:\t1ypkh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2289da41-66bb-11dd-8d5e-ac664b6b19e0}]
\Shell\AutoRun\command - G:\t1ypkh.exe
\Shell\explore\Command - G:\t1ypkh.exe
\Shell\open\Command - G:\t1ypkh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d98c301-2ed9-11dc-8800-864b7c3753e2}]
\Shell\AutoOpen\command - F:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7157d480-321b-11dc-8810-000e35f13038}]
\Shell\Auto\command - wscript "Sex City.jpg.wsf"
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "Sex City.jpg.wsf"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b837e60-d613-11dc-8a5e-000e35f13038}]
\Shell\Auto\command - wscript "Sex City.jpg.wsf"
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "Sex City.jpg.wsf"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87dcb2d0-8191-11dc-88f8-000e50a7559a}]
\Shell\Auto\command - wscript "esta ig.vbs"
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "esta ig.vbs"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4fb7cc0-f404-11dc-8b1b-000e35f13038}]
\Shell\AutoRun\command - 8ng8w.com
\Shell\explore\Command - 8ng8w.com
\Shell\open\Command - 8ng8w.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aca16310-3ed4-11dc-882f-000e35f13038}]
\Shell\Auto\command - wscript "esta ig.vbs"
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "esta ig.vbs"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae4d9820-59ba-11dd-8d0e-000e50a7559a}]
\Shell\AutoRun\command - ekugb3.bat
\Shell\explore\Command - ekugb3.bat
\Shell\open\Command - ekugb3.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aff1bda1-6185-11dd-8d36-ac16517130fd}]
\Shell\Auto\command - wscript "Sex City.jpg.wsf"
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "Sex City.jpg.wsf"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb2a7490-6ce4-11dc-889c-000e35f13038}]
\Shell\AutoRun\command - F:\[u]0/u.com
\Shell\explore\Command - F:\[u]0/u.com
\Shell\open\Command - F:\[u]0/u.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d26196a0-c4df-11dc-8a17-000e35f13038}]
\Shell\AutoRun\command - fooool.exe
\Shell\explore\Command - fooool.exe
\Shell\open\Command - fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1ead110-e214-11dc-8aa4-000e35f13038}]
\Shell\AutoRun\command - G:\ntde1ect.com
\Shell\explore\Command - G:\ntde1ect.com
\Shell\open\Command - G:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1ead111-e214-11dc-8aa4-000e35f13038}]
\Shell\AutoRun\command - ntde1ect.com
\Shell\explore\Command - ntde1ect.com
\Shell\open\Command - ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4ccbf00-33d7-11dc-8812-000e35f13038}]
\Shell\AutoOpen\command - F:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
HKCU-Run-ares - C:\Program Files\Ares\Ares.exe
HKLM-Run-Userinit - C:\WINDOWS\system32\cologsver.exe
HKLM-Run-CTHelper - CTHELPER.EXE


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\UNESCO\Application Data\Mozilla\Firefox\Profiles\pfb2gmub.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://yahoo.fr/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-18 16:53:51
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\UNESCO\LOCALS~1\Temp\mc23.tmp"
.
Heure de fin: 2008-09-18 16:55:56
ComboFix-quarantined-files.txt 2008-09-18 16:55:49

Avant-CF: 22,667,988,992 octets libres
AprŠs-CF: 25,987,145,728 octets libres

252 --- E O F --- 2008-09-18 11:14:18



Voilà le log hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:58:08, on 18/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Microsoft Encarta\Microsoft Encarta 2007 - Collection\EDICT.EXE
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\microsoft\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://fr.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [E07FDXRC_5554877] "C:\Program Files\Microsoft Encarta\Microsoft Encarta 2007 - Collection\EDICT.EXE" -m
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\UNESCO\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DAE98F5-DE45-43C4-B2B9-1BB4CD35A142}: NameServer = 206.82.130.195 209.244.0.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\microsoft\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
End of file - 10658 bytes

Fixes les lignes (lance hijacthis, coches les lignes, fais "fix checked", en bas à gauche) :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://fr.search.yahoo.com

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

C'est fait. jdoi tenvoyer le log?

Je suis pas chez moi, donc je peux pas t'aider ce soir, mais envoie toujours un log, pour que ce soit à jour.