Virus Explorer.exe

Bonjour,
Bonjour,
J'ai des gros probleme sur mon ordinateur et j'ai besoin d'aide.
J'ai deja reinstallé mon PC 03 fois avec des antivirus different mais c'est toujours le même probleme.
Il s'agirait d'un virus (virus.win32.virut.n INVADER ) pour kaspersky et qui change les codes de mes programmes et toute de suite apres l'antivirus le declare comme un virus et le supprimer. A chaque fois explorer est le responsable comme il le dit.
Quand j'ouvre bloc note explorer s'ouvre avec lui et paff le fichier est infecté et supprimer apres.
J'ai deja utiliser docteur spyware 5 mais c'est toujours la même chose.
J'ai deja formater mon disque dur a bas niveau mais rien n'as changé.
J'ai essayé de mettre a jour l'antivirus puis installé les logiciel mais c'est toujours la même chose.

Voila le resultat de HiJackThis 2



StartupList report, 28/01/2008, 17:03:22
StartupList version: 1.52.2
Started from : \\192.168.1.254\herylo\versd400\herylo1\FICHIER HERY\AUTRES UTILITAIRE PC\HiJackThis_v2.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
D:\Program Files\FlashGet\FlashGet.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
D:\Program Files\RealVNC\VNC4\WinVNC4.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Mozilla Firefox\firefox.exe
\192.168.1.254\herylo\versd400\herylo1\FICHIER HERY\AUTRES UTILITAIRE PC\HiJackThis_v2.exe
D:\WINDOWS\system32\NOTEPAD.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = D:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

igfxhkcmd = D:\WINDOWS\system32\hkcmd.exe
AVP = "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
Flashget = "D:\Program Files\FlashGet\FlashGet.exe" /min

--------------------------------------------------

Load/Run keys from D:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

--------------------------------------------------

Shell & screensaver key from D:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=D:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

flashget urlcatch - D:\Program Files\FlashGet\jccatch.dll - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}
(no name) - D:\Program Files\FlashGet\getflash.dll - {F156768E-81EF-470C-9057-481BA8380DBA}

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: D:\WINDOWS\system32\SHELL32.dll
CDBurn: D:\WINDOWS\system32\SHELL32.dll
WebCheck: D:\WINDOWS\system32\webcheck.dll
SysTray: D:\WINDOWS\system32\stobject.dll

--------------------------------------------------
End of report, 4 493 bytes
Report generated in 0,047 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only







Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17:02:52, on 28/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
D:\Program Files\FlashGet\FlashGet.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
D:\Program Files\RealVNC\VNC4\WinVNC4.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Mozilla Firefox\firefox.exe
\192.168.1.254\herylo\versd400\herylo1\FICHIER HERY\AUTRES UTILITAIRE PC\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [igfxhkcmd] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Flashget] "D:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{76ACE666-742D-4B23-9431-A9DA55A48CFC}: NameServer = 192.168.1.202
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Service d'indexation (CiSvc) - Unknown owner - D:\WINDOWS\system32\cisvc.exe
O23 - Service: Application système COM+ (COMSysApp) - Unknown owner - D:\WINDOWS\system32\dllhost.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - D:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - D:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - D:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - D:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - D:\WINDOWS\system32\msiexec.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - D:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - D:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - D:\WINDOWS\System32\SCardSvr.exe
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - D:\WINDOWS\system32\dllhost.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - D:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - D:\WINDOWS\System32\vssvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - D:\WINDOWS\system32\wbem\wmiapsrv.exe
End of file - 4806 bytes

Configuration: Windows XP
Firefox 2.0.0.6