Troyans éliminés ?

En plus des resultats des scans demandés que j'ai envoyé dans le poste precedent, voici un nouveau rapport hijackthis, au cas ou..

- la ligne 020 est encore la..

- j'ai toujours le message "res://C:\WINDOWS\System32\ shdoclc.dll/navcancl.htm" quand j'ouvre internet explorer en cliquant sur des liens situes dans mes mails (avant les liens fonctionnaient). en revanche pas de probleme si j'ouvre directement explorer..

Merci encore de votre aide :-)
bonne nuit !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:48:32, on 10/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Utilitaires\Alwil Software\Avast4\aswUpdSv.exe
D:\Utilitaires\Lavasoft\Ad-Aware\AAWService.exe
D:\Utilitaires\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
C:\Program Files\Mouse\Amoumain.exe
C:\WINDOWS\system32\WF2K.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\UTILIT~1\ALWILS~1\Avast4\ashDisp.exe
D:\Utilitaires\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
D:\Utilitaires\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Utilitaires\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\Watch.exe
D:\Utilitaires\Spybot - Search & Destroy\TeaTimer.exe
D:\Utilitaires\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\UTILIT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {fd971ed9-b77e-4183-8bcd-72d9c9fabb8c} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\system32\WF2K.EXE Initial
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] D:\UTILIT~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] D:\Utilitaires\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Utilitaires\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\UTILIT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\UTILIT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - AppInit_DLLs: xoktjl.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Utilitaires\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Utilitaires\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Utilitaires\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Utilitaires\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Utilitaires\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

merci de m'aider :-)

(En fait j'attends d'intaller un nouveau firewall avant d'eliminer norton qui de toute facon n'est plus a jour depuis longtemps...)

voila le rapport ComboFix. Malheureusement l'ordi a redémarré à la fin du scan (juste avant d'editer le rapport), et avec lui tous les programmes anti-virus, firewall et autre.. J'ai essayer de les arreter en vitesse mais bon.. ComboFix semble avoir terminer normalement mais je ne sais pas si ca pose un probleme ?

============
ComboFix 09-02-08.01 - redempteur 2009-02-08 21:48:00.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1023.579 [GMT 1:00]
Lancé depuis: c:\documents and settings\redempteur\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090208-0] *On-access scanning disabled* (Updated)
AV: Lavasoft Ad-Watch Live! AntiVirus *On-access scanning disabled* (Updated)
AV: Norton Internet Security 2006 *On-access scanning disabled* (Outdated)
FW: Norton Internet Security 2006 *disabled*
FW: Norton Internet Worm Protection *disabled*
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\enlawqtj.ini
c:\windows\system32\hkexxaxw.ini
c:\windows\system32\oapujibr.ini
c:\windows\system32\paftjdhy.ini

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-08 au 2009-02-08 ))))))))))))))))))))))))))))))))))))
.

2009-02-08 14:50 . 2009-02-08 14:49 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-04 23:42 . 2009-02-05 00:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-04 23:24 . 2009-02-04 22:59 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-04 23:00 . 2009-02-04 22:59 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-04 22:56 . 2009-02-04 22:57 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-04 22:56 . 2009-02-04 22:56 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{2BAE6915-8510-4B9F-B498-02DA86258AA0}
2009-02-03 23:53 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui
2009-02-03 23:04 . 2009-02-03 23:04 0 --a------ C:\ywdhlny.exe
2009-02-03 23:04 . 2009-02-03 23:04 0 --a------ C:\wgqjqf.exe
2009-02-03 23:04 . 2009-02-03 23:04 0 --a------ C:\nwurjr.exe
2009-02-03 23:04 . 2009-02-03 23:04 0 --a------ C:\eych.exe
2009-02-03 23:03 . 2009-02-03 23:03 0 --a------ C:\-1661879528

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-08 20:50 --------- d-----w c:\program files\Wanadoo
2009-02-08 13:50 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2009-02-08 13:49 --------- d-----w c:\program files\Java
2009-02-08 12:37 --------- d-----w c:\program files\MSN Messenger
2009-02-03 22:40 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-03 22:39 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-02-03 22:39 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-03 22:39 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-03 22:39 --------- d-----w c:\program files\Symantec
2008-12-22 09:01 295 ----a-w C:\reecmuxmkv.bat
2008-12-22 00:27 --------- d-----w c:\program files\x264
2008-12-21 18:46 --------- d-----w c:\program files\Fichiers communs\AVSMedia
2008-12-21 18:46 --------- d-----w c:\program files\AVS4YOU
2008-12-21 16:12 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-12-21 15:56 --------- d-----w c:\documents and settings\redempteur\Application Data\AVS4YOU
2008-12-21 15:56 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Steam"="d:\jeux\Steam\Steam.exe" [2008-10-08 1410296]
"SpybotSD TeaTimer"="d:\utilitaires\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"AsusServiceProvider"="c:\program files\ASUS\AASP\1.00.05\aaCenter.exe" [2006-08-03 591360]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-02-11 53096]
"WheelMouse"="c:\program files\Mouse\Amoumain.exe" [2006-05-09 163840]
"WinFoxV2"="c:\windows\system32\WF2K.EXE" [2006-07-17 1490944]
"WinFast2KLoadDefault"="c:\windows\system32\wf2kcpl.dll" [2006-02-22 668672]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-08 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"Symantec PIF AlertEng"="c:\program files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"avast!"="d:\utilit~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Ad-Watch"="d:\utilitaires\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-04 509784]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=xoktjl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.X264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Nap]
--a------ 2006-08-31 15:01 1422848 d:\utilitaires\ASUS\AI Suite\AiNap\AiNap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 02:01 32768 d:\utilitaires\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Jeux\\Civilisation IV\\Civilization4.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Utilitaires\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:eMule : TCP Entrant
"4672:UDP"= 4672:UDP:eMule : UDP Entrant

R0 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys [2007-03-31 137216]
R0 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys [2007-03-31 5248]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-04 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-04 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-04 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\utilitaires\Lavasoft\Ad-Aware\AAWService.exe [2009-01-19 950096]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-04-22 106808]
R3 ovt530;Webcam Deluxe;c:\windows\system32\drivers\ov530vid.sys [2007-06-01 161792]
R4 WINFOXIO;WINFOXIO;c:\windows\system32\drivers\WINFOXIO.sys [2007-03-31 9600]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - COMHOST
.
Contenu du dossier 'Tâches planifiées'

2009-02-04 c:\windows\Tasks\Ad-Aware Update (Daily).job
- d:\utilitaires\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-04 22:59]

2009-01-03 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - redempteur.job
- d:\utilit~1\NORTON~1\NORTON~1\Navw32.exe [2007-05-23 12:13]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{fd971ed9-b77e-4183-8bcd-72d9c9fabb8c} - c:\windows\system32\xoktjl.dll
MSConfigStartUp-BSplayer_WhenUSave_Installer - c:\program files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe
MSConfigStartUp-updateMgr - d:\utilitaires\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.com/
IE: { - c:\program files\Messenger\msmsgs.exe
FF - ProfilePath - c:\documents and settings\redempteur\Application Data\Mozilla\Firefox\Profiles\ajref1l0.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.fr
FF - component: d:\utilitaires\Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 21:51:35
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(1436)
c:\windows\system32\WPDShServiceObj.dll
d:\utilitaires\WebCam\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Symantec Shared\CCSETMGR.EXE
c:\program files\Fichiers communs\Symantec Shared\CCEVTMGR.EXE
c:\program files\Fichiers communs\Symantec Shared\CCPROXY.EXE
c:\program files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\program files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
d:\utilitaires\Alwil Software\Avast4\aswUpdSv.exe
d:\utilitaires\Alwil Software\Avast4\ashServ.exe
c:\progra~1\Wanadoo\TaskBarIcon.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Wanadoo\GestionnaireInternet.exe
c:\progra~1\Wanadoo\ComComp.exe
c:\progra~1\Wanadoo\Toaster.exe
c:\progra~1\Wanadoo\Inactivity.exe
c:\progra~1\Wanadoo\PollingModule.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
d:\utilitaires\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\ALERTM~1\ALERTM~1.EXE
.
**************************************************************************
.
Heure de fin: 2009-02-08 21:54:43 - La machine a redémarré [redempteur]
ComboFix-quarantined-files.txt 2009-02-08 20:54:06

Avant-CF: 10 710 020 096 octets libres
Après-CF: 10,655,043,584 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

198 --- E O F --- 2007-08-21 01:01:20
============

et voila le rapport HijackThis:
============
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:58:06, on 08/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Utilitaires\Alwil Software\Avast4\aswUpdSv.exe
D:\Utilitaires\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\UTILIT~1\ALWILS~1\Avast4\ashDisp.exe
D:\Utilitaires\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Utilitaires\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Utilitaires\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\UTILIT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Utilitaires\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - D:\Utilitaires\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\system32\WF2K.EXE Initial
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe C:\WINDOWS\system32\wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [avast!] D:\UTILIT~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] D:\Utilitaires\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "D:\Jeux\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Utilitaires\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\UTILIT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\UTILIT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - AppInit_DLLs: xoktjl.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Utilitaires\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Utilitaires\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Utilitaires\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Utilitaires\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - D:\Utilitaires\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Utilitaires\Norton Internet Security\comHost.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Utilitaires\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Utilitaires\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - D:\Utilitaires\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

norton est désinstallé.. et voici le rapport:


-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz )
BIOS : BIOS Date: 10/02/06 17:12:27 Ver: 08.00.12
USER : redempteur ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090208-0] 4.8.1335 (Activated)
Firewall : Norton Internet Worm Protection 2006 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:15 Go (Free:10 Go)
D:\ (Local Disk) - NTFS - Total:217 Go (Free:45 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 08/02/2009|22:37 )

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.com/?gws_rd=ssl"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\REDEMP~1\Recent\Red.Alert.2.Command.&.Conquer.Keygen.lnk



1 - "C:\ToolBar SD\TB_1.txt" - 08/02/2009|22:38 - Option : [1]

-----------\\ Fin du rapport a 22:38:08,60

Re-bonjour,

En plus du log Toolbar-S&D que tu m'as demandé (cf. post précédent), j'ai refait un scan complet avast/ad-aware/spybot (rien de nouveau) puis j'ai relancé HijackThis (rapport ci-dessous). il reste encore le "O20 - AppInit_DLLs: xoktjl.dll"..

Quel est le verdict ?

Merci encore de ton aide !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:31:58, on 08/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Utilitaires\Alwil Software\Avast4\aswUpdSv.exe
D:\Utilitaires\Lavasoft\Ad-Aware\AAWService.exe
D:\Utilitaires\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
C:\Program Files\Mouse\Amoumain.exe
C:\WINDOWS\system32\WF2K.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
D:\UTILIT~1\ALWILS~1\Avast4\ashDisp.exe
D:\Utilitaires\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Jeux\Steam\Steam.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
D:\Utilitaires\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
D:\Utilitaires\Alwil Software\Avast4\ashMaiSv.exe
D:\Utilitaires\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Wanadoo\Watch.exe
D:\Utilitaires\Firefox\firefox.exe
D:\Utilitaires\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\UTILIT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {fd971ed9-b77e-4183-8bcd-72d9c9fabb8c} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\system32\WF2K.EXE Initial
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe C:\WINDOWS\system32\wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [avast!] D:\UTILIT~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] D:\Utilitaires\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "D:\Jeux\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Utilitaires\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\UTILIT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\UTILIT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - AppInit_DLLs: xoktjl.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Utilitaires\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Utilitaires\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Utilitaires\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Utilitaires\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Utilitaires\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

effectivement !! Merci beaucoup pour le lien. J'ai suivi les instructions et je pense que maintenant norton est completement desinstallé (?). Pour la mise a jour windows, c'est difficile vu que ma clef n'est pas valide...

J'ai refait tourné ToolBarSD et HijackThis, voici les nouveaux rapports:

============

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz )
BIOS : BIOS Date: 10/02/06 17:12:27 Ver: 08.00.12
USER : redempteur ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090208-1] 4.8.1335 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:15 Go (Free:10 Go)
D:\ (Local Disk) - NTFS - Total:217 Go (Free:45 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 09/02/2009| 1:25 )

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.com/?gws_rd=ssl"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\REDEMP~1\Recent\Red.Alert.2.Command.&.Conquer.Keygen.lnk



1 - "C:\ToolBar SD\TB_1.txt" - 08/02/2009|22:38 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 09/02/2009| 1:26 - Option : [1]

-----------\\ Fin du rapport a 1:26:12,01

============

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:28:43, on 09/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Utilitaires\Alwil Software\Avast4\aswUpdSv.exe
D:\Utilitaires\Lavasoft\Ad-Aware\AAWService.exe
D:\Utilitaires\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
C:\Program Files\Mouse\Amoumain.exe
C:\WINDOWS\system32\WF2K.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
D:\UTILIT~1\ALWILS~1\Avast4\ashDisp.exe
D:\Utilitaires\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
D:\Utilitaires\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
D:\Utilitaires\Alwil Software\Avast4\ashMaiSv.exe
D:\Utilitaires\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Utilitaires\Firefox\firefox.exe
D:\Utilitaires\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\UTILIT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {fd971ed9-b77e-4183-8bcd-72d9c9fabb8c} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\system32\WF2K.EXE Initial
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe C:\WINDOWS\system32\wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] D:\UTILIT~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] D:\Utilitaires\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Utilitaires\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\UTILIT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\UTILIT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - AppInit_DLLs: xoktjl.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Utilitaires\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Utilitaires\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Utilitaires\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Utilitaires\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Utilitaires\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

trop tard pour la console de recup, je l'avais deja installee a la premiere utilisation...

J'ai arreté touts les programmes que je pouvais et desactivé tous les virus/anti-spyware/firewall qui tournent sur ma machine (j'espere l'avoir fait correctement, j'ai suivi les instructions mais je suis jamais sur avec ces trucs..)

voila le rapport Combofix suivi d'un nouveau HijackThis. le message 020 est toujours la et le message 02 associé avait deja disparu apres la premiere utilisation de Combofix hier. J'ai pas de probleme de page web qui apparaissent toutes seules (je l'ai eu mais spybot et avast semblent avoir resolu le probleme la semaine derniere. Je voudrais neanmoins etre sur que tout est clean maintenant). Est-ce que c'est un residu de virus qui n'a pas ete nettoyé completement ?

============
ComboFix 09-02-08.02 - redempteur 2009-02-09 11:25:56.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1023.686 [GMT 1:00]
Lancé depuis: c:\documents and settings\redempteur\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090208-1] *On-access scanning disabled* (Updated)
AV: Lavasoft Ad-Watch Live! AntiVirus *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-09 au 2009-02-09 ))))))))))))))))))))))))))))))))))))
.

2009-02-09 00:43 . 2009-02-09 00:43 <REP> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-02-08 22:36 . 2009-02-09 01:26 <REP> d-------- C:\ToolBar SD
2009-02-08 14:50 . 2009-02-08 14:49 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-04 23:42 . 2009-02-05 00:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-04 23:24 . 2009-02-04 22:59 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-04 23:00 . 2009-02-04 22:59 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-04 22:56 . 2009-02-04 22:57 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-04 22:56 . 2009-02-04 22:56 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{2BAE6915-8510-4B9F-B498-02DA86258AA0}
2009-02-03 23:53 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui
2009-02-03 23:04 . 2009-02-03 23:04 0 --a------ C:\ywdhlny.exe
2009-02-03 23:04 . 2009-02-03 23:04 0 --a------ C:\wgqjqf.exe
2009-02-03 23:04 . 2009-02-03 23:04 0 --a------ C:\nwurjr.exe
2009-02-03 23:04 . 2009-02-03 23:04 0 --a------ C:\eych.exe
2009-02-03 23:03 . 2009-02-03 23:03 0 --a------ C:\-1661879528

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-09 09:36 --------- d-----w c:\program files\Wanadoo
2009-02-08 13:49 --------- d-----w c:\program files\Java
2009-02-08 12:37 --------- d-----w c:\program files\MSN Messenger
2008-12-22 09:01 295 ----a-w C:\reecmuxmkv.bat
2008-12-22 00:27 599,570 ----a-w c:\windows\system32\x264vfw.dll
2008-12-22 00:27 --------- d-----w c:\program files\x264
2008-12-21 18:46 --------- d-----w c:\program files\Fichiers communs\AVSMedia
2008-12-21 18:46 --------- d-----w c:\program files\AVS4YOU
2008-12-21 16:12 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-12-21 15:56 --------- d-----w c:\documents and settings\redempteur\Application Data\AVS4YOU
2008-12-21 15:56 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2008-12-21 15:52 56,718 ----a-w c:\windows\system32\x264-uninstall.exe
2006-06-23 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-02-08_21.53.13.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-09 09:35:48 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_56c.dat
+ 2009-02-09 09:35:39 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_65c.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"AsusServiceProvider"="c:\program files\ASUS\AASP\1.00.05\aaCenter.exe" [2006-08-03 591360]
"WheelMouse"="c:\program files\Mouse\Amoumain.exe" [2006-05-09 163840]
"WinFoxV2"="c:\windows\system32\WF2K.EXE" [2006-07-17 1490944]
"WinFast2KLoadDefault"="c:\windows\system32\wf2kcpl.dll" [2006-02-22 668672]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-08 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"avast!"="d:\utilit~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Ad-Watch"="d:\utilitaires\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-04 509784]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=xoktjl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.X264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Nap]
--a------ 2006-08-31 15:01 1422848 d:\utilitaires\ASUS\AI Suite\AiNap\AiNap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 02:01 32768 d:\utilitaires\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Jeux\\Civilisation IV\\Civilization4.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Utilitaires\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:eMule : TCP Entrant
"4672:UDP"= 4672:UDP:eMule : UDP Entrant

R0 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys [2007-03-31 137216]
R0 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys [2007-03-31 5248]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-04 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-04 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-04 20560]
R3 ovt530;Webcam Deluxe;c:\windows\system32\drivers\ov530vid.sys [2007-06-01 161792]
R4 WINFOXIO;WINFOXIO;c:\windows\system32\drivers\WINFOXIO.sys [2007-03-31 9600]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\utilitaires\Lavasoft\Ad-Aware\AAWService.exe [2009-01-19 950096]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - WINFOXIO
.
Contenu du dossier 'Tâches planifiées'

2009-02-08 c:\windows\Tasks\Ad-Aware Update (Daily).job
- d:\utilitaires\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-04 22:59]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{fd971ed9-b77e-4183-8bcd-72d9c9fabb8c} - (no file)


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.com/
IE: { - c:\program files\Messenger\msmsgs.exe
FF - ProfilePath - c:\documents and settings\redempteur\Application Data\Mozilla\Firefox\Profiles\ajref1l0.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.fr
FF - component: d:\utilitaires\Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-09 11:26:26
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-02-09 11:27:14
ComboFix-quarantined-files.txt 2009-02-09 10:27:12
ComboFix2.txt 2009-02-09 10:05:59
ComboFix3.txt 2009-02-08 20:54:45

Avant-CF: 11 048 861 696 octets libres
Après-CF: 11,040,915,456 octets libres

137 --- E O F --- 2007-08-21 01:01:20

============

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:28, on 09/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Utilitaires\Alwil Software\Avast4\aswUpdSv.exe
D:\Utilitaires\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\UTILIT~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
D:\Utilitaires\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\system32\WF2K.EXE Initial
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe C:\WINDOWS\system32\wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] D:\UTILIT~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] D:\Utilitaires\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - AppInit_DLLs: xoktjl.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Utilitaires\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Utilitaires\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Utilitaires\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Utilitaires\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Utilitaires\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Salut !

c'est les virus que je me suis chopé ? ou ce qu'il en reste ?
Est-ce que supprimer ces fichiers a la main va finir de les eradiquer ?
Il y a aussi la ligne suivante du log Combofix:
2009-02-03 23:03 . 2009-02-03 23:03 0 --a------ C:\-1661879528
qui semble avoir ete cree + ou - en meme temps.. c'est rien ?

Aussi qu'est ce que je dois faire pour virer la ligne 020 du log HijackThis ?

Desolé, beaucoup de questions mais je suis un peu (ok, completement !!) paumé quand il s'agit de gerer le systeme et encore plus les virus !!

Merci beaucoup ! :-)

j'ai executé le script avec Combofix (apres avoir desactivé antivirus et antispyware..). Le log est ci-dessous..

J'ai ensuite fait un scan avec malwarebytes et effacé les 2 fichiers qu'il a detecté comme infecté. Le rapport est apres celui de Combofix..

J'ai egalement remarqué, un peu par hasard, un probleme avec internet explorer: Quand je clique sur un lien a partir d'un mail (lien qui marchait habituellement) il ne fait rien et quand je stop la recherche il m'affiche l'adresse:
res://C:\WINDOWS\system32\shdoclc.dll/navcancl.htm
ca vient d'ou ca ? avec firefox je n'ai aucun probleme..

log Combofix:
============
ComboFix 09-02-08.02 - redempteur 2009-02-09 21:07:07.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1023.673 [GMT 1:00]
Lancé depuis: c:\documents and settings\redempteur\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\redempteur\Bureau\CFScript
AV: avast! antivirus 4.8.1335 [VPS 090209-0] *On-access scanning disabled* (Updated)
AV: Lavasoft Ad-Watch Live! AntiVirus *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé

FILE ::
C:\-1661879528
C:\eych.exe
C:\nwurjr.exe
C:\wgqjqf.exe
c:\windows\system32\xoktjl.dll
C:\ywdhlny.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-1661879528
C:\eych.exe
C:\nwurjr.exe
C:\wgqjqf.exe
C:\ywdhlny.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-09 au 2009-02-09 ))))))))))))))))))))))))))))))))))))
.

2009-02-09 00:43 . 2009-02-09 00:43 <REP> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-02-08 22:36 . 2009-02-09 01:26 <REP> d-------- C:\ToolBar SD
2009-02-08 14:50 . 2009-02-08 14:49 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-04 23:42 . 2009-02-05 00:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-04 23:24 . 2009-02-04 22:59 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-04 23:00 . 2009-02-04 22:59 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-04 22:56 . 2009-02-04 22:57 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-04 22:56 . 2009-02-04 22:56 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{2BAE6915-8510-4B9F-B498-02DA86258AA0}
2009-02-03 23:53 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-09 19:38 --------- d-----w c:\program files\Wanadoo
2009-02-08 13:49 --------- d-----w c:\program files\Java
2009-02-08 12:37 --------- d-----w c:\program files\MSN Messenger
2008-12-22 09:01 295 ----a-w C:\reecmuxmkv.bat
2008-12-22 00:27 599,570 ----a-w c:\windows\system32\x264vfw.dll
2008-12-22 00:27 --------- d-----w c:\program files\x264
2008-12-21 18:46 --------- d-----w c:\program files\Fichiers communs\AVSMedia
2008-12-21 18:46 --------- d-----w c:\program files\AVS4YOU
2008-12-21 16:12 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-12-21 15:56 --------- d-----w c:\documents and settings\redempteur\Application Data\AVS4YOU
2008-12-21 15:56 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2008-12-21 15:52 56,718 ----a-w c:\windows\system32\x264-uninstall.exe
2006-06-23 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-02-08_21.53.13.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-09 19:32:45 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5cc.dat
+ 2009-02-09 19:32:35 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_650.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"AsusServiceProvider"="c:\program files\ASUS\AASP\1.00.05\aaCenter.exe" [2006-08-03 591360]
"WheelMouse"="c:\program files\Mouse\Amoumain.exe" [2006-05-09 163840]
"WinFoxV2"="c:\windows\system32\WF2K.EXE" [2006-07-17 1490944]
"WinFast2KLoadDefault"="c:\windows\system32\wf2kcpl.dll" [2006-02-22 668672]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-08 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"avast!"="d:\utilit~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Ad-Watch"="d:\utilitaires\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-04 509784]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=xoktjl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.X264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Nap]
--a------ 2006-08-31 15:01 1422848 d:\utilitaires\ASUS\AI Suite\AiNap\AiNap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 02:01 32768 d:\utilitaires\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Jeux\\Civilisation IV\\Civilization4.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Utilitaires\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:eMule : TCP Entrant
"4672:UDP"= 4672:UDP:eMule : UDP Entrant

R0 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys [2007-03-31 137216]
R0 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys [2007-03-31 5248]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-04 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-04 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-04 20560]
R3 ovt530;Webcam Deluxe;c:\windows\system32\drivers\ov530vid.sys [2007-06-01 161792]
R4 WINFOXIO;WINFOXIO;c:\windows\system32\drivers\WINFOXIO.sys [2007-03-31 9600]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\utilitaires\Lavasoft\Ad-Aware\AAWService.exe [2009-01-19 950096]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - WINFOXIO
.
Contenu du dossier 'Tâches planifiées'

2009-02-08 c:\windows\Tasks\Ad-Aware Update (Daily).job
- d:\utilitaires\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-04 22:59]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{fd971ed9-b77e-4183-8bcd-72d9c9fabb8c} - (no file)


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.com/
IE: { - c:\program files\Messenger\msmsgs.exe
FF - ProfilePath - c:\documents and settings\redempteur\Application Data\Mozilla\Firefox\Profiles\ajref1l0.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.fr
FF - component: d:\utilitaires\Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-09 21:07:43
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-02-09 21:08:33
ComboFix-quarantined-files.txt 2009-02-09 20:08:31
ComboFix2.txt 2009-02-09 10:27:14
ComboFix3.txt 2009-02-09 10:05:59
ComboFix4.txt 2009-02-08 20:54:45

Avant-CF: 11 014 868 992 octets libres
Après-CF: 11,004,948,480 octets libres

148 --- E O F --- 2007-08-21 01:01:20
============

log Malwarebytes:
============
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1742
Windows 5.1.2600 Service Pack 2

09/02/2009 21:41:45
mbam-log-2009-02-09 (21-41-45).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 79316
Temps écoulé: 12 minute(s), 30 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winfast2kloaddefault (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\WF2KCPL.dll (Trojan.Agent) -> Quarantined and deleted successfully.
============

merci de votre aide :-)

Oups.. J'ai demandé a Malwarebytes de restaurer les fichiers mais ca ne semble pas avoir fonctionné.. j'ai le CD qui va avec la carte graphique donc je peux la reinstallé si je constate des problemes...

Le scan Ad-aware me donne 14 fichier suspicious (en plus des cookies) pour lesquels il conseil de rien faire..

J'ai scanné les 3 fichiers avec virustotal. Aucun resultat a chaque fois.. voici les 3 logs:

c:\windows\system32\deploytk.dll:
============
File size: 410984 bytes
MD5...: d14bfab125e34b0f1bc152b92fb02d94
SHA1..: b371ac50ae58caa36aa2018d2ba99ac148d25a17
SHA256: 3097267000f1e73dbc2d4f3b30ef7362a59cb34371591801da21aabbea38cccf
SHA512: 8f9051898429b963587ed03f8d212f195c1b071e695177af957a411cce1b8f4e
f6397fc478e51a9c1aa9bb66241894f3ad085714cd398b3e1d3c737052526e44
ssdeep: 6144:ItHJcBYwcG1f2UIEhxgSnjvU9hT7yy8R0cSjvD40:+6zh2EhxgIvU9hT7yy
8R0njs0
PEiD..: -
TrID..: File type identification
DirectShow filter (53.7%)
Windows OCX File (32.9%)
Win32 Executable MS Visual C++ (generic) (10.0%)
Win32 Executable Generic (2.2%)
Generic Win/DOS Executable (0.5%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x17273
timedatestamp.....: 0x49181bfe (Mon Nov 10 11:33:18 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x20d2a 0x21000 6.59 0dc24e7aa8f7843b58e8cce74dff3c48
.rdata 0x22000 0x7915 0x8000 5.10 bc08c77d34593f015270be7a7d275775
.data 0x2a000 0x327c 0x2000 3.25 83668cc1bdff8dbf0af10edea3b71ad7
.rsrc 0x2e000 0x32368 0x33000 4.01 c86e5d40146bb4617b19e42c3830ce49
.reloc 0x61000 0x322a 0x4000 4.90 174e9dc06c939285eb6b8781de3ac1e1

( 14 imports )
> ADVAPI32.dll: RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA, RegOpenKeyExA, RegSetValueExA, RegQueryInfoKeyA, RegEnumKeyExA, RegQueryValueExA, RegQueryValueA
> urlmon.dll: IsValidURL
> WININET.dll: InternetCrackUrlA, InternetCloseHandle, InternetReadFile, InternetTimeToSystemTime, HttpQueryInfoA, InternetErrorDlg, HttpSendRequestA, HttpAddRequestHeadersA, InternetTimeFromSystemTime, HttpOpenRequestA, InternetConnectA, InternetOpenA
> SHLWAPI.dll: PathFileExistsA
> COMCTL32.dll: -
> WINTRUST.dll: WinVerifyTrust
> WSOCK32.dll: -, -, -, -
> CRYPT32.dll: CryptMsgGetParam, CertOpenSystemStoreA, CertGetNameStringW, CertCloseStore, CryptMsgClose, CertFindCertificateInStore, CryptQueryObject, CertGetEnhancedKeyUsage
> SHELL32.dll: ShellExecuteExA, SHGetFileInfoA
> KERNEL32.dll: QueryPerformanceCounter, InterlockedExchange, GetACP, GetLocaleInfoA, GetThreadLocale, GetVersionExA, RaiseException, InitializeCriticalSection, DeleteCriticalSection, MultiByteToWideChar, lstrlenA, GetModuleFileNameA, WideCharToMultiByte, lstrlenW, EnterCriticalSection, LeaveCriticalSection, GetLastError, HeapFree, GetProcessHeap, lstrcmpiA, DisableThreadLibraryCalls, InterlockedIncrement, InterlockedDecrement, lstrcpynA, IsDBCSLeadByte, MulDiv, FreeLibrary, SizeofResource, LoadResource, FindResourceA, LoadLibraryExA, GetModuleHandleA, HeapAlloc, FlushInstructionCache, GetCurrentProcess, GetCurrentThreadId, GetLongPathNameA, WaitForSingleObject, CloseHandle, GetExitCodeProcess, CreateProcessA, GlobalAlloc, lstrcmpA, GetTickCount, GetProcAddress, LoadLibraryA, LockResource, GlobalUnlock, GlobalLock, GetTempPathA, SetLastError, GlobalFree, GlobalHandle, GetTempFileNameA, lstrcatA, WriteFile, SetEndOfFile, SetFilePointer, CompareFileTime, SystemTimeToFileTime, Sleep, FileTimeToSystemTime, GetFileTime, GetFileSize, CreateFileA, lstrcpyA, SetEvent, CreateThread, CreateEventA, GlobalMemoryStatus, UnhandledExceptionFilter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, GetStdHandle, SetHandleCount, ReadFile, GetCPInfo, GetOEMCP, LCMapStringW, LCMapStringA, SetUnhandledExceptionFilter, TlsGetValue, TlsSetValue, TlsFree, TlsAlloc, HeapSize, TerminateProcess, IsBadWritePtr, VirtualFree, HeapCreate, HeapDestroy, ExitProcess, GetCommandLineA, GetSystemTimeAsFileTime, HeapReAlloc, VirtualQuery, GetSystemInfo, VirtualAlloc, VirtualProtect, RtlUnwind, GetCurrentProcessId, IsBadReadPtr, IsBadCodePtr, GetStringTypeA, GetStringTypeW, SetStdHandle, FlushFileBuffers, GetTimeZoneInformation, CompareStringA, CompareStringW, SetEnvironmentVariableA, FindClose, FileTimeToLocalFileTime, GetDriveTypeA, FindFirstFileA, GetFullPathNameA, GetCurrentDirectoryA, GetDiskFreeSpaceA
> USER32.dll: DestroyWindow, DefWindowProcA, PtInRect, CharNextA, UnregisterClassA, SetWindowPos, SetWindowRgn, OffsetRect, EqualRect, IntersectRect, ReleaseDC, GetDC, SetWindowLongA, GetWindowLongA, GetCursorPos, SetCursor, MapDialogRect, SetWindowContextHelpId, GetDlgCtrlID, LoadBitmapA, PostMessageA, EnableWindow, KillTimer, SetTimer, MessageBoxA, DialogBoxIndirectParamA, RegisterWindowMessageA, UnionRect, GetWindowTextLengthA, GetWindowTextA, SetWindowTextA, CreateAcceleratorTableA, GetActiveWindow, GetClassNameA, RedrawWindow, GetDlgItem, SendMessageA, DestroyAcceleratorTable, GetDesktopWindow, InvalidateRgn, FillRect, SetCapture, ReleaseCapture, DialogBoxParamA, GetSysColor, SendDlgItemMessageA, GetWindow, GetWindowRect, SystemParametersInfoA, EndDialog, LoadStringA, MsgWaitForMultipleObjects, IsWindowUnicode, GetMessageW, GetMessageA, TranslateMessage, DispatchMessageW, DispatchMessageA, PeekMessageA, RegisterClassExA, GetClassInfoExA, LoadCursorA, wsprintfA, CreateWindowExA, GetParent, SetFocus, ShowWindow, GetFocus, IsChild, BeginPaint, GetClientRect, EndPaint, GetKeyState, InvalidateRect, IsWindow, CallWindowProcA, MapWindowPoints
> ole32.dll: CoTaskMemRealloc, CoCreateInstance, OleRegEnumVerbs, OleRegGetUserType, CoTaskMemFree, CoTaskMemAlloc, CreateOleAdviseHolder, OleRegGetMiscStatus, OleLoadFromStream, WriteClassStm, OleSaveToStream, CLSIDFromString, StringFromGUID2, OleLockRunning, CreateStreamOnHGlobal, CoGetClassObject, CLSIDFromProgID, OleInitialize, OleUninitialize
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> GDI32.dll: CreateCompatibleBitmap, SelectObject, BitBlt, GetObjectA, GetStockObject, CreateSolidBrush, DeleteObject, CreateDCA, CreateFontIndirectA, DPtoLP, ModifyWorldTransform, SetGraphicsMode, StretchBlt, SetBkMode, SetTextColor, GetDeviceCaps, LPtoDP, SaveDC, SetMapMode, SetWindowOrgEx, SetViewportOrgEx, DeleteDC, RestoreDC, CreateCompatibleDC, CreateRectRgnIndirect

( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=d14bfab125e34b0f1bc152b92fb02d94' target='_blank'>https://www.symantec.com?md5=d14bfab125e34b0f1bc152b92fb02d94</a>
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=d14bfab125e34b0f1bc152b92fb02d94' target='_blank'>http://research.sunbelt-software.com/...
============

c:\windows\system32\lsdelete.exe:
============
File size: 15688 bytes
MD5...: 3b9d852f427bafacf4a1e059a369fd10
SHA1..: 7e4129e93d2abf2b5f108323d18aef18dab91ca8
SHA256: 2b958018a65bca6d163d50e8f20e1d0f8f0007eae945525cf34d90b4b092d057
SHA512: f995ac63f9cb363a29f2085428c55d8772f05e07e7830cdd377c3ab5cf35808b
8721851a1421aac40ba5d8be2bd0c43b1c6d284666469082d0216de5c14fc861
ssdeep: 192:w2O1JIzcmFGZ4ujHnBaoHmei1Q9sJwF930LyowJL/aMjGwP7PM20e+ebM8JM
u74v:qOc5nnBjHVMQ9sJwFiLYJLWwXbH0Rl
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x22f0
timedatestamp.....: 0x496f34ab (Thu Jan 15 13:05:47 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1362 0x1400 5.78 e700c1b5c2353a10b2db729b156207e1
.rdata 0x3000 0x3ac 0x400 4.63 2d47414238d9b93e57a78a157c9d3919
.data 0x4000 0x998 0xa00 3.05 fa1b42f5935800f3f30682d2b1422656
.rsrc 0x5000 0x1b4 0x200 5.09 af5e12250c526d183544eef9776736bc

( 1 imports )
> ntdll.dll: RtlCreateHeap, NtTerminateProcess, RtlFreeHeap, RtlInitUnicodeString, RtlDestroyHeap, NtDisplayString, ZwClose, ZwDelayExecution, memcpy, wcscat, ZwReadFile, wcslen, ZwSetInformationFile, memset, RtlAllocateHeap, ZwDeleteFile, ZwOpenFile, ZwQueryInformationFile, wcscpy, NtQuerySystemTime, _snwprintf, strlen, strcpy, RtlUnicodeStringToAnsiString, ZwCreateFile, RtlTimeToTimeFields, ZwWriteFile, strcat
============

c:\windows\system32\wuapi.dll.mui:
============
File size: 27672 bytes
MD5...: 09afe1abb483e2ffbfe199cb8faf193a
SHA1..: d0842705351ea217b02b012373cf37ab5b343e39
SHA256: 0d4a9156a7ad0bd72f94d0fe9b8ceee03ca1ef8464ecb2f951cdce71fb936f90
SHA512: 93e67538be80d3ba85060001e5f062b54b4ab9edac9cf0a3c68fc70ebc43d2c4
36c75476ff5a5255d903cfbc1879cfdc0f6c8f19664fab2b2b782b9899a09397
ssdeep: 192:tS9pF55r1l+QOcFfGIHQ6ZQWSZC2opz+ehjK3XvO:k9Xbr+7WiWSZOh1jKnv
O
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x0
timedatestamp.....: 0x48f7aa5b (Thu Oct 16 20:55:55 2008)
machinetype.......: 0x14c (I386)

( 2 sections )
name viradd virsiz rawdsiz ntrpy md5
.rsrc 0x1000 0x3000 0x3000 4.14 c6da452846ccb69a33cc6ebedfbd2661
.reloc 0x4000 0x8 0x1000 0.00 3808644f11ba1ee3cb2b6326fcd2e01a

( 0 imports )

( 0 exports )
============

Pas de soucis, je te croyais couché;)

Faudra regerder pour IE, , mais ça doit pas etre bien grave
@+

Salut !

Ca semble avoir marché, la ligne concernée a disparu ainsi que la 020 correspondante dans le rapport hijackthis. Ci-dessous le log Combofix suivi d'un nouveau log hijackthis.

Je pense egalement avoir resolu mon probleme de liens avec IE. J'ai simplement retablie les parametres web par defaut. le texte "res://C:\WINDOWS\System32\ shdoclc.dll/navcancl.htm" n'apparait plus et les liens fonctionnent de nouveau. Ca te parait OK ?

Je te laisse regarder le reste des log bitdefender et ad-aware tranquilement.. J'espere que toute trace de virus/troyan est maintenant nettoyée ? J'attend le verdict...

log Combofix:
============
ComboFix 09-02-08.02 - redempteur 2009-02-10 23:55:08.7 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1023.665 [GMT 1:00]
Lancé depuis: c:\documents and settings\redempteur\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\redempteur\Bureau\CFScript
AV: avast! antivirus 4.8.1335 [VPS 090210-0] *On-access scanning disabled* (Updated)
AV: Lavasoft Ad-Watch Live! AntiVirus *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-10 au 2009-02-10 ))))))))))))))))))))))))))))))))))))
.

2009-02-10 10:17 . 2009-02-10 10:40 <REP> d-------- c:\windows\BDOSCAN8
2009-02-09 22:57 . 2009-02-09 22:57 668,672 --a------ c:\windows\system32\WF2KCPL.dll
2009-02-09 21:14 . 2009-02-09 21:14 <REP> d-------- c:\documents and settings\redempteur\Application Data\Malwarebytes
2009-02-09 21:14 . 2009-02-09 21:14 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-09 21:14 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-09 21:14 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-09 00:43 . 2009-02-09 00:43 <REP> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-02-08 22:36 . 2009-02-10 22:57 <REP> d-------- C:\ToolBar SD
2009-02-08 14:50 . 2009-02-08 14:49 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-04 23:42 . 2009-02-05 00:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-04 23:24 . 2009-02-04 22:59 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-04 23:00 . 2009-02-04 22:59 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-04 22:56 . 2009-02-04 22:57 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-04 22:56 . 2009-02-04 22:56 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{2BAE6915-8510-4B9F-B498-02DA86258AA0}
2009-02-03 23:53 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 22:09 --------- d-----w c:\program files\Wanadoo
2009-02-08 13:49 --------- d-----w c:\program files\Java
2009-02-08 12:37 --------- d-----w c:\program files\MSN Messenger
2008-12-22 09:01 295 ----a-w C:\reecmuxmkv.bat
2008-12-22 00:27 599,570 ----a-w c:\windows\system32\x264vfw.dll
2008-12-22 00:27 --------- d-----w c:\program files\x264
2008-12-21 18:46 --------- d-----w c:\program files\Fichiers communs\AVSMedia
2008-12-21 18:46 --------- d-----w c:\program files\AVS4YOU
2008-12-21 16:12 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-12-21 15:56 --------- d-----w c:\documents and settings\redempteur\Application Data\AVS4YOU
2008-12-21 15:56 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2008-12-21 15:52 56,718 ----a-w c:\windows\system32\x264-uninstall.exe
2006-06-23 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-02-08_21.53.13.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-10 09:17:19 45,056 ----a-w c:\windows\BDOSCAN8\avxdisk.dll
+ 2009-02-10 09:17:19 10,240 ----a-w c:\windows\BDOSCAN8\avxs.dll
+ 2009-02-10 09:17:20 27,136 ----a-w c:\windows\BDOSCAN8\avxt.dll
+ 2009-02-10 09:17:21 102,400 ----a-w c:\windows\BDOSCAN8\bdcore.dll
+ 2008-01-09 14:01:48 118,784 ----a-w c:\windows\BDOSCAN8\bdupd.dll
+ 2008-01-09 14:01:48 53,248 ----a-w c:\windows\BDOSCAN8\ipsupd.dll
+ 2009-02-10 09:17:22 142,848 ----a-w c:\windows\BDOSCAN8\libfn.dll
+ 2009-02-10 09:17:20 86,016 ----a-w c:\windows\BDOSCAN8\librtvr.dll
+ 2008-01-09 14:01:48 53,248 ----a-w c:\windows\bdoscandel.exe
+ 2008-01-09 14:01:48 118,784 ----a-w c:\windows\Downloaded Program Files\bdupd.dll
+ 2008-01-09 14:01:48 53,248 ----a-w c:\windows\Downloaded Program Files\ipsupd.dll
- 2009-02-08 13:10:53 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-10 10:04:36 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-08 13:10:53 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2009-02-10 10:04:36 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2009-02-08 13:10:53 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-10 10:04:36 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-10 21:35:48 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5e0.dat
+ 2009-02-10 21:35:39 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_64c.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"AsusServiceProvider"="c:\program files\ASUS\AASP\1.00.05\aaCenter.exe" [2006-08-03 591360]
"WheelMouse"="c:\program files\Mouse\Amoumain.exe" [2006-05-09 163840]
"WinFoxV2"="c:\windows\system32\WF2K.EXE" [2006-07-17 1490944]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-08 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"avast!"="d:\utilit~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Ad-Watch"="d:\utilitaires\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-04 509784]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.X264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Nap]
--a------ 2006-08-31 15:01 1422848 d:\utilitaires\ASUS\AI Suite\AiNap\AiNap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 02:01 32768 d:\utilitaires\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Jeux\\Civilisation IV\\Civilization4.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Utilitaires\\BitTorrent\\bittorrent.exe"=
"d:\\Jeux\\Quake III Arena\\quake3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:eMule : TCP Entrant
"4672:UDP"= 4672:UDP:eMule : UDP Entrant

R0 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys [2007-03-31 137216]
R0 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys [2007-03-31 5248]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-04 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-04 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-04 20560]
R3 ovt530;Webcam Deluxe;c:\windows\system32\drivers\ov530vid.sys [2007-06-01 161792]
R4 WINFOXIO;WINFOXIO;c:\windows\system32\drivers\WINFOXIO.sys [2007-03-31 9600]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\utilitaires\Lavasoft\Ad-Aware\AAWService.exe [2009-01-19 950096]
.
Contenu du dossier 'Tâches planifiées'

2009-02-10 c:\windows\Tasks\Ad-Aware Update (Daily).job
- d:\utilitaires\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-04 22:59]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.com/
IE: { - c:\program files\Messenger\msmsgs.exe
FF - ProfilePath - c:\documents and settings\redempteur\Application Data\Mozilla\Firefox\Profiles\ajref1l0.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.fr
FF - plugin: d:\utilitaires\Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 23:55:41
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-02-10 23:56:33
ComboFix-quarantined-files.txt 2009-02-10 22:56:32
ComboFix2.txt 2009-02-10 00:09:41
ComboFix3.txt 2009-02-09 23:16:08
ComboFix4.txt 2009-02-09 20:08:34
ComboFix5.txt 2009-02-10 22:54:49

Avant-CF: 11 019 804 672 octets libres
Après-CF: 11,009,589,248 octets libres

151 --- E O F --- 2007-08-21 01:01:20
============

log Hijackthis:
============
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:00:47, on 11/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Utilitaires\Alwil Software\Avast4\aswUpdSv.exe
D:\Utilitaires\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\UTILIT~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\explorer.exe
D:\Utilitaires\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\system32\WF2K.EXE Initial
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] D:\UTILIT~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] D:\Utilitaires\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Utilitaires\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Utilitaires\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Utilitaires\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Utilitaires\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Utilitaires\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

negatif pour les 2 :-)

voila le log du premier (Lbd.sys):
File size: 64160 bytes
MD5...: 53b670772d98b459a5af35598ab5815e
SHA1..: 04a37e33a9d1a6963a27633a07e505aa82e75c28
SHA256: 392a15d1da57ad23c41576593fa1d336137d740e15a263b42c8d8cbe41bb1959
SHA512: d41959c8193139170f93dd765499bce28479b36f03d1ad1bc29ed348c33123a8
4383707d125c5c9bcb8a02457cbd725835b004ba918ba2069f3293c0f1bafafe
ssdeep: 768:L7f2OSe2hOf53Ziu2EcEMSSy3nFj7D/1JJETz/EQm2MjcoGQHo3eibcGtLAm
+b2:zUhOrhM9y31fBWO5GtLe2
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (58.4%)
Clipper DOS Executable (13.8%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.7%)
VXD Driver (0.2%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xcb85
timedatestamp.....: 0x49805dde (Wed Jan 28 13:30:06 2009)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x480 0x7cdc 0x7d00 6.59 4af1a70cee52a30963ad25835fa06ad2
.rdata 0x8180 0x35d8 0x3600 3.26 5d8acc7afdc1246848bb85bbdb7e6d4d
.data 0xb780 0x13ec 0x1400 1.05 3f7d51692ac032a9c76740d33ae6204a
INIT 0xcb80 0x6b6 0x700 5.27 ca648ff0977788faa5aa39b30a78ae91
.rsrc 0xd280 0x348 0x380 3.11 3c611619974883e7d269e896d40ad1b5
.reloc 0xd600 0xa76 0xa80 6.37 0056afaf5ac08fd2e7f58df9c7a295e2

( 3 imports )
> ntoskrnl.exe: PsGetCurrentProcessId, memcpy, ZwCreateKey,
ZwSetValueKey, sprintf, IofCompleteRequest, IofCallDriver,
MmGetSystemRoutineAddress, ObfDereferenceObject,
IoGetDeviceObjectPointer, PsGetCurrentThreadId, PsGetVersion,
ZwQueryValueKey, MmMapLockedPages, MmBuildMdlForNonPagedPool,
ProbeForRead, ExAllocatePool, KeServiceDescriptorTable,
ObOpenObjectByPointer, _vsnprintf, KeWaitForSingleObject, KeSetEvent,
KeSetTimer, PsCreateSystemThread, KeClearEvent, KeInitializeTimer,
ObQueryNameString, ObReferenceObjectByHandle, ExGetPreviousMode,
KeTickCount, KeBugCheckEx, ExAllocatePoolWithTag, RtlCopyUnicodeString,
ZwClose, ZwOpenKey, ExFreePool, memset, DbgPrint, RtlInitUnicodeString,
IoCreateDevice, IoCreateSymbolicLink, PsSetCreateProcessNotifyRoutine,
PsSetLoadImageNotifyRoutine, IoDeleteSymbolicLink, IoDeleteDevice,
MmCreateMdl, KeInitializeEvent, RtlUnwind
> HAL.dll: ExAcquireFastMutex, ExReleaseFastMutex, KeGetCurrentIrql
> FLTMGR.SYS: FltGetRequestorProcessId, FltGetFileNameInformation,
FltRegisterFilter, FltBuildDefaultSecurityDescriptor,
FltCreateCommunicationPort, FltFreeSecurityDescriptor,
FltAllocateContext, FltSetInstanceContext, FltStartFiltering,
FltCloseClientPort, FltSendMessage

( 0 exports )

ATENTION *ATTENTION:* VirusTotal est un service gratuit offert par
Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et
la continuité de ce service. Bien que le taux de détection permis par
l'utilisation de multiples moteurs antivirus soit bien supérieur à celui
offert par seulement un produit, *ces résultats NE garantissent PAS
qu'un fichier est sans danger*. Il n'y a actuellement aucune solution
qui offre un taux d'efficacité de 100% pour la détection des virus et
malwares.

Autre fichier </fr/>

VirusTotal © Hispasec Sistemas <https://www.hispasec.com/> -
<http://blog.hispasec.com/virustotal/rss20.xml> Blog
<http://blog.hispasec.com/virustotal/> - Contact: info@virustotal.com
<mailto:info@virustotal.com> - Terms of Service & Privacy Policy
</privacy.html>

oui, les cracks et les programmes qui essayent de s'executer surtout quand on a un antivirus pas a jour !! ;-)

voila le rapport TCleaner. J'ai supprimé l'executable Combofix sur le bureau a la main.. C'est OK ?

[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Combofix.txt: trouvé !
C:\TB.txt: trouvé !
C:\Combofix: trouvé !
C:\Qoobox: trouvé !
C:\Toolbar SD: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\redempteur\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\redempteur\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\redempteur\Bureau\ToolBarSD.exe: trouvé !
C:\Documents and Settings\redempteur\Recent\HijackThis.lnk: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\redempteur\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\redempteur\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\redempteur\Bureau\ToolBarSD.exe: supprimé !
C:\Documents and Settings\redempteur\Recent\HijackThis.lnk: supprimé !
C:\Combofix.txt: supprimé !
C:\TB.txt: supprimé !
C:\Combofix: supprimé !
C:\Qoobox: supprimé !
C:\Toolbar SD: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !

Fichiers temporaires nettoyés !