Hijackthis rapport ???

merci, voici le rapport toolbar:

-----------\\ ToolBar S&D 1.0.7 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 3 ]
[ USER : Sivry G‚rald ] [ "I:\Toolbar SD" ] [ Selection : 1 ]
[ 29/07/2008 | 10:06:23,43 ] [ PC : A6-B3EE1E109E08 ]
[ MAJ : 25-07-2008 | 17:35 ]

-----------\\ Recherche de Fichiers / Dossiers ...

I:\Program Files\AskSBar
I:\Program Files\AskSBar\bar
I:\Program Files\AskSBar\SrchAstt

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.google.com/keyword/%s"
"Local Page"="I:\\WINDOWS\\system32\\blank.htm"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Start Page"="https://www.orange.fr/portail"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"


-----------\\ Fin du rapport a 10:06:42,26

rapport toolbar

-----------\\ ToolBar S&D 1.0.7 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 3 ]
[ USER : Sivry G‚rald ] [ "I:\Toolbar SD" ] [ Selection : 2 ]
[ 29/07/2008 | 10:42:52,14 ] [ PC : A6-B3EE1E109E08 ]
[ MAJ : 25-07-2008 | 17:35 ]

-----------\\ SUPPRESSION

Supprime! - I:\Program Files\AskSBar\bar
Supprime! - I:\Program Files\AskSBar\SrchAstt
Supprime! - I:\Program Files\AskSBar

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.google.com/keyword/%s"
"Local Page"="I:\\WINDOWS\\system32\\blank.htm"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Start Page"="https://www.orange.fr/portail"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"


-----------\\ Fin du rapport a 10:43:46,70



Rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:38, on 29/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\csrss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
I:\Program Files\Vtune\TBPanel.exe
I:\WINDOWS\RTHDCPL.EXE
I:\WINDOWS\system32\RUNDLL32.EXE
I:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
I:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
I:\Program Files\Creative\Shared Files\CIDS\CTStray.exe
I:\Program Files\Creative\Input Devices\MOUSE\CTPoint.exe
I:\Program Files\Creative\Input Devices\Keyboard\CTType.exe
I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
I:\WINDOWS\VM305_STI.EXE
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\SuperCopier2\SuperCopier2.exe
I:\PROGRA~1\Wanadoo\TaskBarIcon.exe
I:\Program Files\DNA\btdna.exe
I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
I:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
I:\WINDOWS\System32\FTRTSVC.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\WINDOWS\System32\alg.exe
I:\WINDOWS\explorer.exe
I:\WINDOWS\system32\NOTEPAD.EXE
I:\Program Files\Wanadoo\GestionnaireInternet.exe
I:\Program Files\Wanadoo\ComComp.exe
I:\PROGRA~1\Wanadoo\Toaster.exe
I:\PROGRA~1\Wanadoo\Inactivity.exe
I:\PROGRA~1\Wanadoo\PollingModule.exe
I:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
I:\Program Files\Wanadoo\Watch.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\Program Files\Trend Micro\HijackThis\HJT.exe
I:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - I:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - I:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Gainward] "I:\Program Files\Vtune\TBPanel.exe" /A
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [JMB36X IDE Setup] I:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] "I:\WINDOWS\system32\xRaidSetup.exe" boot
O4 - HKLM\..\Run: [RoxioEngineUtility] "I:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxAssistant] C:\Program Files\Common Files\Roxio Shared\Upgrade\RoxAssist.exe /s
O4 - HKLM\..\Run: [RoxioDragToDisc] "I:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "I:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Creative Mouse Software] "I:\Program Files\Creative\Shared Files\CIDS\CTStray.exe"
O4 - HKLM\..\Run: [Creative Mouse Software 1] "I:\Program Files\Creative\Input Devices\MOUSE\CTPoint.exe"
O4 - HKLM\..\Run: [Creative Keyboard Software] "I:\Program Files\Creative\Shared Files\CIDS\CTStray.exe"
O4 - HKLM\..\Run: [Creative Keyboard Software 1] "I:\Program Files\Creative\Input Devices\Keyboard\CTType.exe"
O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WOOWATCH] I:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] "I:\PROGRA~1\Wanadoo\GestMaj.exe" TaskBarIcon.exe
O4 - HKLM\..\Run: [BigDog305] "I:\WINDOWS\VM305_STI.EXE" VIMICRO USB PC Camera V
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] "I:\Program Files\SuperCopier2\SuperCopier2.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "I:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WOOKIT] "I:\PROGRA~1\Wanadoo\Shell.exe" appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [EasyFlirt Messenger] "I:\Program Files\EasyFlirt Messenger\EasyFlirt Messenger.exe" /M
O4 - HKCU\..\Run: [msnmsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swjnbgr] i:\documents and settings\sivry gérald\local settings\application data\swjnbgr.exe swjnbgr
O4 - HKCU\..\Run: [SpybotSD TeaTimer] I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - I:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - I:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - I:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe

je n'arrive pas à telecharger navilog, ca bloque, pourtant, j'ai fait la manip pour desactiver le tea timer.

voici le bloc notes navilog option 2

Clean Navipromo version 3.6.1 commencé le 29/07/2008 à 18:40:02,35

Outil exécuté depuis I:\Program Files\navilog1
Session actuelle : "Sivry Gérald"

Mise à jour le 19.07.2008 à 20h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur


*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "I:\WINDOWS\System32" *


* Suppression dans "I:\Documents and Settings\Sivry Gérald\locals~1\applic~1" *



*** Suppression dossiers dans "I:\WINDOWS" ***


*** Suppression dossiers dans "I:\Program Files" ***


*** Suppression dossiers dans "I:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Suppression dossiers dans "I:\Documents and Settings\All Users\menudm~1" ***


*** Suppression dossiers dans "i:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "I:\Documents and Settings\Sivry Gérald\applic~1" ***


*** Suppression dossiers dans "I:\Documents and Settings\Sivry Gérald\locals~1\applic~1" ***


*** Suppression dossiers dans "I:\Documents and Settings\Sivry Gérald\menudm~1\progra~1" ***



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu I:\WINDOWS\Temp effectué !
Nettoyage contenu I:\Documents and Settings\Sivry G‚rald\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "I:\WINDOWS\system32" *


* Dans "I:\Documents and Settings\Sivry Gérald\locals~1\applic~1" *


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Recherche clés RUN orphelines Navipromo ***
!! Résultats temporairement non pris en charge !!
!! Les clés trouvées ne sont pas forcément infectées !!

Clés trouvés :

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swjnbgr"="i:\\documents and settings\\sivry g‚rald\\local settings\\application data\\swjnbgr.exe swjnbgr"


*** Nettoyage terminé le 29/07/2008 à 18:43:51,50 ***


et le rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:46:39, on 29/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\csrss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\System32\FTRTSVC.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\WINDOWS\System32\alg.exe
I:\WINDOWS\NOTEPAD.EXE
I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
I:\Program Files\Vtune\TBPanel.exe
I:\WINDOWS\RTHDCPL.EXE
I:\WINDOWS\system32\RUNDLL32.EXE
I:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
I:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
I:\Program Files\Creative\Shared Files\CIDS\CTStray.exe
I:\Program Files\Creative\Input Devices\MOUSE\CTPoint.exe
I:\Program Files\Creative\Input Devices\Keyboard\CTType.exe
I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
I:\WINDOWS\VM305_STI.EXE
I:\WINDOWS\system32\ctfmon.exe
I:\PROGRA~1\Wanadoo\TaskBarIcon.exe
I:\Program Files\SuperCopier2\SuperCopier2.exe
I:\Program Files\DNA\btdna.exe
I:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
I:\Program Files\EasyFlirt Messenger\EasyFlirt Messenger.exe
I:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
I:\PROGRA~1\Wanadoo\ComComp.exe
I:\WINDOWS\system32\wuauclt.exe
I:\PROGRA~1\Wanadoo\Toaster.exe
I:\PROGRA~1\Wanadoo\Inactivity.exe
I:\PROGRA~1\Wanadoo\PollingModule.exe
I:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
I:\PROGRA~1\Wanadoo\Watch.exe
I:\Program Files\Outlook Express\msimn.exe
I:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
I:\Program Files\Trend Micro\HijackThis\HJT.exe
I:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - I:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - I:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Gainward] "I:\Program Files\Vtune\TBPanel.exe" /A
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [JMB36X IDE Setup] I:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] "I:\WINDOWS\system32\xRaidSetup.exe" boot
O4 - HKLM\..\Run: [RoxioEngineUtility] "I:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxAssistant] C:\Program Files\Common Files\Roxio Shared\Upgrade\RoxAssist.exe /s
O4 - HKLM\..\Run: [RoxioDragToDisc] "I:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "I:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Creative Mouse Software] "I:\Program Files\Creative\Shared Files\CIDS\CTStray.exe"
O4 - HKLM\..\Run: [Creative Mouse Software 1] "I:\Program Files\Creative\Input Devices\MOUSE\CTPoint.exe"
O4 - HKLM\..\Run: [Creative Keyboard Software] "I:\Program Files\Creative\Shared Files\CIDS\CTStray.exe"
O4 - HKLM\..\Run: [Creative Keyboard Software 1] "I:\Program Files\Creative\Input Devices\Keyboard\CTType.exe"
O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WOOWATCH] I:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] "I:\PROGRA~1\Wanadoo\GestMaj.exe" TaskBarIcon.exe
O4 - HKLM\..\Run: [BigDog305] "I:\WINDOWS\VM305_STI.EXE" VIMICRO USB PC Camera V
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] I:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "I:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WOOKIT] "I:\PROGRA~1\Wanadoo\Shell.exe" appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [EasyFlirt Messenger] "I:\Program Files\EasyFlirt Messenger\EasyFlirt Messenger.exe" /M
O4 - HKCU\..\Run: [msnmsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swjnbgr] i:\documents and settings\sivry gérald\local settings\application data\swjnbgr.exe swjnbgr
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - I:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - I:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - I:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe

petit souci, dans results, est inscrit : [Kill explorer]
quand je clique sur exit, il s'inscrit otmoveit (ne repond pas)
le fichier dans C:\otmoveit... est vide
combien de temps dure la recherche, peut etre ai-je coupé trop tôt ? j'ai attendu une bonne dizaine de minutes, est ce assez?

rapport hijackthis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:59:25, on 29/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\csrss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\System32\FTRTSVC.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\alg.exe
I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
I:\WINDOWS\RTHDCPL.EXE
I:\WINDOWS\system32\RUNDLL32.EXE
I:\Program Files\Creative\Shared Files\CIDS\CTStray.exe
I:\Program Files\Creative\Input Devices\MOUSE\CTPoint.exe
I:\Program Files\Creative\Input Devices\Keyboard\CTType.exe
I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
I:\WINDOWS\VM305_STI.EXE
I:\WINDOWS\system32\ctfmon.exe
I:\PROGRA~1\Wanadoo\TaskBarIcon.exe
I:\Program Files\DNA\btdna.exe
I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
I:\PROGRA~1\Wanadoo\ComComp.exe
I:\PROGRA~1\Wanadoo\Toaster.exe
I:\PROGRA~1\Wanadoo\Inactivity.exe
I:\PROGRA~1\Wanadoo\PollingModule.exe
I:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
I:\PROGRA~1\Wanadoo\Watch.exe
I:\Program Files\Outlook Express\msimn.exe
I:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
I:\WINDOWS\system32\wbem\wmiprvse.exe
I:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - I:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - I:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Gainward] "I:\Program Files\Vtune\TBPanel.exe" /A
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [JMB36X IDE Setup] I:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] "I:\WINDOWS\system32\xRaidSetup.exe" boot
O4 - HKLM\..\Run: [RoxioEngineUtility] "I:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxAssistant] C:\Program Files\Common Files\Roxio Shared\Upgrade\RoxAssist.exe /s
O4 - HKLM\..\Run: [RoxioDragToDisc] "I:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "I:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Creative Mouse Software] "I:\Program Files\Creative\Shared Files\CIDS\CTStray.exe"
O4 - HKLM\..\Run: [Creative Mouse Software 1] "I:\Program Files\Creative\Input Devices\MOUSE\CTPoint.exe"
O4 - HKLM\..\Run: [Creative Keyboard Software] "I:\Program Files\Creative\Shared Files\CIDS\CTStray.exe"
O4 - HKLM\..\Run: [Creative Keyboard Software 1] "I:\Program Files\Creative\Input Devices\Keyboard\CTType.exe"
O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WOOWATCH] I:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] "I:\PROGRA~1\Wanadoo\GestMaj.exe" TaskBarIcon.exe
O4 - HKLM\..\Run: [BigDog305] "I:\WINDOWS\VM305_STI.EXE" VIMICRO USB PC Camera V
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] I:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "I:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WOOKIT] "I:\PROGRA~1\Wanadoo\Shell.exe" appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [EasyFlirt Messenger] "I:\Program Files\EasyFlirt Messenger\EasyFlirt Messenger.exe" /M
O4 - HKCU\..\Run: [msnmsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swjnbgr] i:\documents and settings\sivry gérald\local settings\application data\swjnbgr.exe swjnbgr
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - I:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - I:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - I:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe

bloc notes otmoveit.exe :

< [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion¬\Run] >
File/Folder [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion¬\Run] not found.
File/Folder "swjnbgr"= not found.
File/Folder I:\documents and settings\sivry gérald\local settings\application data\swjnbgr.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07292008_202014


rapport hijackthis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:29:34, on 29/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\csrss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
I:\Program Files\Vtune\TBPanel.exe
I:\WINDOWS\RTHDCPL.EXE
I:\WINDOWS\system32\RUNDLL32.EXE
I:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
I:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
I:\Program Files\Creative\Shared Files\CIDS\CTStray.exe
I:\Program Files\Creative\Input Devices\MOUSE\CTPoint.exe
I:\Program Files\Creative\Input Devices\Keyboard\CTType.exe
I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
I:\WINDOWS\VM305_STI.EXE
I:\WINDOWS\system32\ctfmon.exe
I:\PROGRA~1\Wanadoo\TaskBarIcon.exe
I:\Program Files\SuperCopier2\SuperCopier2.exe
I:\Program Files\DNA\btdna.exe
I:\Program Files\EasyFlirt Messenger\EasyFlirt Messenger.exe
I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
I:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
I:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
I:\PROGRA~1\Wanadoo\ComComp.exe
I:\PROGRA~1\Wanadoo\Toaster.exe
I:\PROGRA~1\Wanadoo\Inactivity.exe
I:\PROGRA~1\Wanadoo\PollingModule.exe
I:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
I:\WINDOWS\System32\FTRTSVC.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\WINDOWS\System32\alg.exe
I:\PROGRA~1\Wanadoo\Watch.exe
I:\WINDOWS\system32\wuauclt.exe
I:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
I:\Program Files\Trend Micro\HijackThis\HJT.exe
I:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - I:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - I:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Gainward] "I:\Program Files\Vtune\TBPanel.exe" /A
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [JMB36X IDE Setup] I:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] "I:\WINDOWS\system32\xRaidSetup.exe" boot
O4 - HKLM\..\Run: [RoxioEngineUtility] "I:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxAssistant] C:\Program Files\Common Files\Roxio Shared\Upgrade\RoxAssist.exe /s
O4 - HKLM\..\Run: [RoxioDragToDisc] "I:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "I:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Creative Mouse Software] "I:\Program Files\Creative\Shared Files\CIDS\CTStray.exe"
O4 - HKLM\..\Run: [Creative Mouse Software 1] "I:\Program Files\Creative\Input Devices\MOUSE\CTPoint.exe"
O4 - HKLM\..\Run: [Creative Keyboard Software] "I:\Program Files\Creative\Shared Files\CIDS\CTStray.exe"
O4 - HKLM\..\Run: [Creative Keyboard Software 1] "I:\Program Files\Creative\Input Devices\Keyboard\CTType.exe"
O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WOOWATCH] I:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] "I:\PROGRA~1\Wanadoo\GestMaj.exe" TaskBarIcon.exe
O4 - HKLM\..\Run: [BigDog305] "I:\WINDOWS\VM305_STI.EXE" VIMICRO USB PC Camera V
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] I:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "I:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WOOKIT] "I:\PROGRA~1\Wanadoo\Shell.exe" appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [EasyFlirt Messenger] "I:\Program Files\EasyFlirt Messenger\EasyFlirt Messenger.exe" /M
O4 - HKCU\..\Run: [msnmsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swjnbgr] i:\documents and settings\sivry gérald\local settings\application data\swjnbgr.exe swjnbgr
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - I:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - I:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - I:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe

désolé, j'espère que cette fois ci je n'ai pas fait de bêtises
voici le bloc notes


Search Navipromo version 3.6.1 commencé le 29/07/2008 à 20:48:13,90

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis I:\Program Files\navilog1
Session actuelle : "Sivry Gérald"

Mise à jour le 19.07.2008 à 20h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***

Favorit

*** Recherche dossiers dans "I:\WINDOWS" ***


*** Recherche dossiers dans "I:\Program Files" ***


*** Recherche dossiers dans "I:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Recherche dossiers dans "I:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "i:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "I:\Documents and Settings\Sivry Gérald\applic~1" ***


*** Recherche dossiers dans "I:\Documents and Settings\Sivry Gérald\locals~1\applic~1" ***


*** Recherche dossiers dans "I:\Documents and Settings\Sivry Gérald\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier Navipromo trouvé


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "I:\WINDOWS\system32" *

* Recherche dans "I:\Documents and Settings\Sivry Gérald\locals~1\applic~1" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "I:\WINDOWS\system32" :


* Dans "I:\Documents and Settings\Sivry Gérald\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 29/07/2008 à 20:53:21,37 ***

oui, j'ai 2 sessions, et je ne suis pas sur le compte administrateur.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:11:40, on 29/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\csrss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
I:\WINDOWS\RTHDCPL.EXE
I:\WINDOWS\system32\RUNDLL32.EXE
I:\Program Files\Creative\Shared Files\CIDS\CTStray.exe
I:\Program Files\Creative\Input Devices\MOUSE\CTPoint.exe
I:\Program Files\Creative\Input Devices\Keyboard\CTType.exe
I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
I:\WINDOWS\VM305_STI.EXE
I:\WINDOWS\system32\ctfmon.exe
I:\PROGRA~1\Wanadoo\TaskBarIcon.exe
I:\Program Files\DNA\btdna.exe
I:\WINDOWS\System32\FTRTSVC.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\alg.exe
I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
I:\PROGRA~1\Wanadoo\ComComp.exe
I:\PROGRA~1\Wanadoo\Toaster.exe
I:\PROGRA~1\Wanadoo\Inactivity.exe
I:\PROGRA~1\Wanadoo\PollingModule.exe
I:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
I:\PROGRA~1\Wanadoo\Watch.exe
I:\Program Files\Outlook Express\msimn.exe
I:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
I:\Program Files\Trend Micro\HijackThis\HJT.exe
I:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - I:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - I:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Gainward] "I:\Program Files\Vtune\TBPanel.exe" /A
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [JMB36X IDE Setup] I:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] "I:\WINDOWS\system32\xRaidSetup.exe" boot
O4 - HKLM\..\Run: [RoxioEngineUtility] "I:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxAssistant] C:\Program Files\Common Files\Roxio Shared\Upgrade\RoxAssist.exe /s
O4 - HKLM\..\Run: [RoxioDragToDisc] "I:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "I:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Creative Mouse Software] "I:\Program Files\Creative\Shared Files\CIDS\CTStray.exe"
O4 - HKLM\..\Run: [Creative Mouse Software 1] "I:\Program Files\Creative\Input Devices\MOUSE\CTPoint.exe"
O4 - HKLM\..\Run: [Creative Keyboard Software] "I:\Program Files\Creative\Shared Files\CIDS\CTStray.exe"
O4 - HKLM\..\Run: [Creative Keyboard Software 1] "I:\Program Files\Creative\Input Devices\Keyboard\CTType.exe"
O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WOOWATCH] I:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] "I:\PROGRA~1\Wanadoo\GestMaj.exe" TaskBarIcon.exe
O4 - HKLM\..\Run: [BigDog305] "I:\WINDOWS\VM305_STI.EXE" VIMICRO USB PC Camera V
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] I:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "I:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WOOKIT] "I:\PROGRA~1\Wanadoo\Shell.exe" appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [EasyFlirt Messenger] "I:\Program Files\EasyFlirt Messenger\EasyFlirt Messenger.exe" /M
O4 - HKCU\..\Run: [msnmsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swjnbgr] i:\documents and settings\sivry gérald\local settings\application data\swjnbgr.exe swjnbgr
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - I:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - I:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - I:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe

j'ai déja Ccleaner et je ne sais pas s'il est bien installé, dois je le desinstaller et le réinstaller?

apres clic droit, je n'ai pas de extraire tout, winrar me propose
extraire les fichiers
extraire ici
extraire vers diaghelp\

que choisir?

voici le rapport
( pendant la manip, une fenetre s'est ouverte avec en titre : windows pas de disque, et comme message : exception processing message C0000013Parameters75afbf7c 4 75afbf7c 75afbf7c , je l'ai fermée et la recherche a continué )



DiagHelp version v1.4 - http://www.malekal.com
excute le 29/07/2008 à 23:31:21,34


Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
I:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->29/07/2008 23:31:17
I:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->29/07/2008 23:31:09
I:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->29/07/2008 23:30:13
I:\WINDOWS\prefetch\WOOBROWSER.EXE-2D710CF8.pf -->29/07/2008 23:17:42
I:\WINDOWS\prefetch\MSIMN.EXE-38BA891D.pf -->29/07/2008 23:17:09
I:\WINDOWS\prefetch\WATCH.EXE-0DACDE18.pf -->29/07/2008 23:16:53
I:\WINDOWS\prefetch\TOASTER.EXE-1CBF7015.pf -->29/07/2008 23:16:53
I:\WINDOWS\prefetch\POLLINGMODULE.EXE-2C738EAB.pf -->29/07/2008 23:16:53
I:\WINDOWS\prefetch\INACTIVITY.EXE-054B684A.pf -->29/07/2008 23:16:53
I:\WINDOWS\prefetch\GESTIONNAIREINTERNET.EXE-0D9C1BD4.pf -->29/07/2008 23:16:52

I:\WINDOWS\System32\drivers\mbamswissarmy.sys -->23/07/2008 20:09:44
I:\WINDOWS\System32\drivers\mbam.sys -->23/07/2008 20:09:38
I:\WINDOWS\System32\drivers\cdralw2k.sys -->22/07/2008 19:00:16
I:\WINDOWS\System32\drivers\cdr4_xp.sys -->22/07/2008 19:00:16
I:\WINDOWS\System32\drivers\aswFsBlk.sys -->19/07/2008 16:37:42
I:\WINDOWS\System32\drivers\aswmon2.sys -->19/07/2008 16:37:21
I:\WINDOWS\System32\drivers\aswSP.sys -->19/07/2008 16:35:18

I:\WINDOWS\System32\sdkinst.log -->29/07/2008 08:14:36
I:\WINDOWS\System32\PerfStringBackup.INI -->28/07/2008 19:56:57
I:\WINDOWS\System32\perfh00C.dat -->28/07/2008 19:56:57
I:\WINDOWS\System32\perfh009.dat -->28/07/2008 19:56:57
I:\WINDOWS\System32\perfc00C.dat -->28/07/2008 19:56:57
I:\WINDOWS\System32\perfc009.dat -->28/07/2008 19:56:57
I:\WINDOWS\System32\wpa.dbl -->28/07/2008 19:38:29
I:\WINDOWS\System32\CONFIG.NT -->27/07/2008 07:29:07
I:\WINDOWS\System32\TZLog.log -->23/07/2008 03:01:34
I:\WINDOWS\System32\FNTCACHE.DAT -->22/07/2008 19:33:23
I:\WINDOWS\System32\ROXECDC6Inst.log -->22/07/2008 19:00:17
I:\WINDOWS\System32\h323log.txt -->22/07/2008 15:28:07
I:\WINDOWS\System32\pid.PNF -->22/07/2008 15:25:05
I:\WINDOWS\System32\LoopyMusic.wav -->22/07/2008 13:45:34
I:\WINDOWS\System32\BuzzingBee.wav -->22/07/2008 13:45:34
I:\WINDOWS\System32\nvapps.xml -->22/07/2008 13:44:01
I:\WINDOWS\System32\$winnt$.inf -->22/07/2008 13:37:42
I:\WINDOWS\System32\jupdate-1.6.0_05-b13.log -->22/07/2008 13:34:17
I:\WINDOWS\System32\nscompat.tlb -->22/07/2008 13:33:12
I:\WINDOWS\System32\amcompat.tlb -->22/07/2008 13:33:12
I:\WINDOWS\System32\WindowsLogon.manifest -->22/07/2008 13:32:21
I:\WINDOWS\System32\logonui.exe.manifest -->22/07/2008 13:32:21
I:\WINDOWS\System32\wuaucpl.cpl.manifest -->22/07/2008 13:32:18
I:\WINDOWS\System32\sapi.cpl.manifest -->22/07/2008 13:32:18
I:\WINDOWS\System32\nwc.cpl.manifest -->22/07/2008 13:32:18

I:\WINDOWS\DFC.INI -->29/07/2008 23:10:13
I:\WINDOWS\wiadebug.log -->29/07/2008 22:15:32
I:\WINDOWS\WindowsUpdate.log -->29/07/2008 22:15:31
I:\WINDOWS\wiaservc.log -->29/07/2008 22:15:31
I:\WINDOWS\bootstat.dat -->29/07/2008 22:15:16
I:\WINDOWS\SchedLgU.Txt -->29/07/2008 22:14:14
I:\WINDOWS\win.ini -->28/07/2008 20:15:41
I:\WINDOWS\Sti_Trace.log -->23/07/2008 21:01:59
I:\WINDOWS\mozver.dat -->22/07/2008 19:57:39
I:\WINDOWS\nsreg.dat -->22/07/2008 18:29:55
I:\WINDOWS\ODBC.INI -->22/07/2008 18:11:02
I:\WINDOWS\Ascd_tmp.ini -->22/07/2008 17:39:52
I:\WINDOWS\AS_Debug.txt -->22/07/2008 17:39:50
I:\WINDOWS\system.ini -->22/07/2008 15:24:56
I:\WINDOWS\Ascd_log.ini -->22/07/2008 13:48:09

winlogon.exe
svchost.exe
ws2_32.dll
user32.dll
tcpip.sys
ndis.sys
null.sys


ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 1704
Command line: I:\WINDOWS\Explorer.EXE

Base Size Version Path
0x77be0000 0x58000 7.00.2600.5512 I:\WINDOWS\system32\msvcrt.dll
0x779e0000 0x97000 5.131.2600.5512 I:\WINDOWS\system32\CRYPT32.dll
0x76610000 0x84000 5.131.2600.5512 I:\WINDOWS\system32\CRYPTUI.dll
0x44080000 0xd0000 7.00.6000.16674 I:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 I:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16674 I:\WINDOWS\system32\iertutil.dll
0x76be0000 0x2e000 5.131.2600.5512 I:\WINDOWS\system32\WINTRUST.dll
0x58b50000 0x9a000 5.82.2900.5512 I:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0700 I:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 I:\WINDOWS\system32\COMRes.dll
0x76ac0000 0x11000 3.05.2284.0001 I:\WINDOWS\system32\ATL.DLL
0x7d200000 0x2bc000 3.01.4001.5512 I:\WINDOWS\system32\msi.dll
0x44360000 0x5cd000 7.00.6000.16674 I:\WINDOWS\system32\ieframe.dll
0x44160000 0x127000 7.00.6000.16674 I:\WINDOWS\system32\urlmon.dll
0x76010000 0x65000 6.02.3104.0000 I:\WINDOWS\system32\MSVCP60.dll
0x10000000 0xe000 1.00.0003.0000 I:\Program Files\Creative\Input Devices\Keyboard\sckbd.dll
0x442b0000 0x3c000 7.00.6000.16674 I:\WINDOWS\system32\webcheck.dll
0x164a0000 0x23000 5.02.5721.5145 I:\WINDOWS\system32\wpdshserviceobj.dll
0x109c0000 0x2c000 5.02.5721.5145 I:\WINDOWS\system32\portabledevicetypes.dll
0x10930000 0x49000 5.02.5721.5145 I:\WINDOWS\system32\portabledeviceapi.dll
0x01fc0000 0x2e000 I:\Program Files\WinRAR\rarext.dll
0x018e0000 0x12000 1.01.0000.0000 I:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x64f00000 0x12000 4.08.1227.0000 I:\Program Files\Alwil Software\Avast4\ashShell.dll
0x5a500000 0x50000 8.05.1302.1018 I:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
0x78130000 0x9b000 8.00.50727.1433 I:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
0x4eb80000 0x1a6000 5.01.3102.5512 I:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll
0x16210000 0x27e000 5.02.5721.5145 I:\WINDOWS\system32\wpdshext.dll
0x74730000 0x3d000 3.525.1132.0000 I:\WINDOWS\system32\ODBC32.dll
0x1f840000 0x18000 3.525.1117.0000 I:\WINDOWS\system32\odbcint.dll
0x07160000 0x46000 5.02.5721.5145 I:\WINDOWS\system32\audiodev.dll
0x15110000 0x25a000 11.00.5721.5145 I:\WINDOWS\system32\WMVCore.DLL
0x11c70000 0x3a000 11.00.5721.5238 I:\WINDOWS\system32\WMASF.DLL
0x325c0000 0x12000 11.00.5510.0000 I:\Program Files\Microsoft Office\OFFICE11\msohev.dll

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 776
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x82000 \??\I:\WINDOWS\system32\winlogon.exe
0x77be0000 0x58000 7.00.2600.5512 I:\WINDOWS\system32\msvcrt.dll
0x779e0000 0x97000 5.131.2600.5512 I:\WINDOWS\system32\CRYPT32.dll
0x76be0000 0x2e000 5.131.2600.5512 I:\WINDOWS\system32\WINTRUST.dll
0x58b50000 0x9a000 5.82.2900.5512 I:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1132.0000 I:\WINDOWS\system32\ODBC32.dll
0x1f840000 0x18000 3.525.1117.0000 I:\WINDOWS\system32\odbcint.dll
0x77000000 0xd4000 2001.12.4414.0700 I:\WINDOWS\system32\COMRes.dll
0x76f80000 0x7f000 2001.12.4414.0700 I:\WINDOWS\system32\CLBCATQ.DLL


Le volume dans le lecteur I s'appelle Systeme
Le numéro de série du volume est 4037-57D5

Répertoire de I:\WINDOWS\system32

14/04/2008 14:00 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 36 879 851 520 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur I s'appelle Systeme
Le numéro de série du volume est 4037-57D5

Répertoire de I:\WINDOWS\Downloaded Program Files

22/07/2008 15:18 <REP> .
22/07/2008 15:18 <REP> ..
22/07/2008 13:32 65 desktop.ini
1 fichier(s) 65 octets

Total des fichiers listés :
1 fichier(s) 65 octets
2 Rép(s) 36 879 847 424 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..


Liste des fichiers en exception sur le pare-feu XP SP2

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"I:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="I:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"I:\\Program Files\\DNA\\btdna.exe"="I:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"I:\\Program Files\\BitTorrent\\bittorrent.exe"="I:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"I:\\Program Files\\Messenger\\msmsgs.exe"="I:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"I:\\Program Files\\Shareaza\\Shareaza.exe"="I:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing"
"I:\\Program Files\\Azureus\\Azureus.exe"="I:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"I:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"="I:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"I:\\WINDOWS\\system32\\dpnsvr.exe"="I:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"I:\\Program Files\\LimeWire\\LimeWire.exe"="I:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"I:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="I:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"



exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001



Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
127.0.0.1 www.activexupdate.com
127.0.0.1 activexupdate.com
127.0.0.1 www.antispywareupdates.net
127.0.0.1 antispywareupdates.net
127.0.0.1 www.avpcheckupdate.com
127.0.0.1 avpcheckupdate.com
127.0.0.1 client.exeupdate.com
127.0.0.1 www.eupdatepage.com
127.0.0.1 eupdatepage.com
127.0.0.1 www.exeupdate.com
127.0.0.1 exeupdate.com
127.0.0.1 www.flwupdate.com
127.0.0.1 flwupdate.com
127.0.0.1 www.hotwinupdates.com
127.0.0.1 hotwinupdates.com
127.0.0.1 www.lavasoftupdate.com
127.0.0.1 lavasoftupdate.com
127.0.0.1 www.malwarewipeupdate.com
127.0.0.1 malwarewipeupdate.com
127.0.0.1 www.movupdate.com
127.0.0.1 movupdate.com
127.0.0.1 www.mpegupdate.com
127.0.0.1 mpegupdate.com
127.0.0.1 www.msupdate.net
127.0.0.1 msupdate.net
127.0.0.1 www.msupdater.net
127.0.0.1 msupdater.net
127.0.0.1 www.necessaryupdates.com
127.0.0.1 necessaryupdates.com
127.0.0.1 newupdates.lzio.com
127.0.0.1 redirect.msupdate.net
127.0.0.1 search.keyword.exeupdate.com
127.0.0.1 www.securityupdatesite.com
127.0.0.1 securityupdatesite.com
127.0.0.1 settings.updatemysettings.com
127.0.0.1 www.spyaxeupdate.com
127.0.0.1 spyaxeupdate.com
127.0.0.1 www.spyfalconupdate.com
127.0.0.1 spyfalconupdate.com
127.0.0.1 www.systemupdates.net
127.0.0.1 systemupdates.net
127.0.0.1 trial.updates.winsoftware.com
127.0.0.1 update.680180.net
127.0.0.1 update.shareaza.com
127.0.0.1 www.updatemysettings.com
127.0.0.1 updatemysettings.com
127.0.0.1 updates.spywarequake.com
127.0.0.1 www.updatesantivirus.com
127.0.0.1 updatesantivirus.com
127.0.0.1 www.urgentsystemupdate.biz
127.0.0.1 urgentsystemupdate.biz
127.0.0.1 www.urgentsystemupdate.com
127.0.0.1 urgentsystemupdate.com
127.0.0.1 windupdates.com
127.0.0.1 www.pandaantivirus-2007.com
127.0.0.1 pandaantivirus-2007.com
127.0.0.1 www.pandadownload-now.com
127.0.0.1 pandadownload-now.com
127.0.0.1 www.panda-hq.com
127.0.0.1 panda-hq.com
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-29 23:36:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
120 - CTPoint.exe
388 - RTHDCPL.exe
488 - cmd.exe
724 - ashDisp.exe
744 - VM305_STI.EXE
752 - csrss.exe
776 - winlogon.exe
820 - services.exe
832 - lsass.exe
972 - TaskBarIcon.exe
1012 - svchost.exe
1076 - svchost.exe
1172 - svchost.exe
1368 - svchost.exe
1556 - ashServ.exe
1612 - nvsvc32.exe
1704 - explorer.exe
1872 - PD91Agent.exe
2124 - svchost.exe
2852 - ctfmon.exe
3204 - alg.exe

Total number of processes = 22
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntkrnlpa.exe
806E4000 - \WINDOWS\system32\hal.dll
BADA8000 - \WINDOWS\system32\KDCOM.DLL
BACB8000 - \WINDOWS\system32\BOOTVID.dll
BA778000 - ACPI.sys
BADAA000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS
BA767000 - pci.sys
BA8A8000 - isapnp.sys
BAE70000 - pciide.sys
BAB28000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
BA8B8000 - MountMgr.sys
BA748000 - ftdisk.sys
BADAC000 - dmload.sys
BA722000 - dmio.sys
BAB30000 - PartMgr.sys
BA8C8000 - VolSnap.sys
BA8D8000 - iviVD.sys
BA70A000 - \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
BA6F2000 - atapi.sys
BA8E8000 - jraid.sys
BA8F8000 - disk.sys
BA908000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
BA6D2000 - fltMgr.sys
BA6C0000 - sr.sys
BA6A9000 - KSecDD.sys
BA61C000 - Ntfs.sys
BA5EF000 - NDIS.sys
BADAE000 - sfhlp01.sys
BADB0000 - prosync1.sys
BA5DD000 - prohlp02.sys
BA5C3000 - Mup.sys
BAA78000 - \SystemRoot\system32\DRIVERS\intelppm.sys
B9E65000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys
B9E51000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
BABE8000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
B9E2D000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
BABF0000 - \SystemRoot\system32\DRIVERS\usbehci.sys
B9E05000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys
BAA88000 - \SystemRoot\system32\DRIVERS\atl01_xp.sys
BABF8000 - \SystemRoot\system32\DRIVERS\fdc.sys
B9DF1000 - \SystemRoot\system32\DRIVERS\parport.sys
BADC2000 - \SystemRoot\system32\DRIVERS\ASACPI.sys
BAA98000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
BAC00000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
B9DE0000 - \SystemRoot\system32\DRIVERS\serial.sys
BAD64000 - \SystemRoot\system32\DRIVERS\serenum.sys
BAAA8000 - \SystemRoot\system32\DRIVERS\imapi.sys
B9DCF000 - \SystemRoot\System32\Drivers\Cdr4_xp.SYS
BAAB8000 - \SystemRoot\system32\DRIVERS\cdrom.sys
BAAC8000 - \SystemRoot\system32\DRIVERS\redbook.sys
B9DAC000 - \SystemRoot\system32\DRIVERS\ks.sys
BAC08000 - \SystemRoot\System32\Drivers\Cdralw2k.SYS
B9D8F000 - \SystemRoot\System32\Drivers\pwd_2k.SYS
BAFCB000 - \SystemRoot\system32\DRIVERS\audstub.sys
BAAD8000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
BAD74000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
B9D78000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
BAAE8000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
BAAF8000 - \SystemRoot\system32\DRIVERS\raspptp.sys
BAC10000 - \SystemRoot\system32\DRIVERS\TDI.SYS
B9C9F000 - \SystemRoot\system32\DRIVERS\psched.sys
BAB08000 - \SystemRoot\system32\DRIVERS\msgpc.sys
BAC18000 - \SystemRoot\system32\DRIVERS\ptilink.sys
BAC20000 - \SystemRoot\system32\DRIVERS\raspti.sys
B9C6F000 - \SystemRoot\system32\DRIVERS\rdpdr.sys
BAB18000 - \SystemRoot\system32\DRIVERS\termdd.sys
BAC28000 - \SystemRoot\system32\DRIVERS\mouclass.sys
BADC8000 - \SystemRoot\system32\DRIVERS\swenum.sys
B9C11000 - \SystemRoot\system32\DRIVERS\update.sys
BAD94000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
BAC30000 - \SystemRoot\System32\Drivers\dvd_2K.SYS
BA978000 - \SystemRoot\System32\Drivers\NDProxy.SYS
BA998000 - \SystemRoot\system32\DRIVERS\usbhub.sys
BADCA000 - \SystemRoot\system32\DRIVERS\USBD.SYS
B70E1000 - \SystemRoot\system32\drivers\RtkHDAud.sys
B70BD000 - \SystemRoot\system32\drivers\portcls.sys
BA9A8000 - \SystemRoot\system32\drivers\drmk.sys
BAC38000 - \SystemRoot\system32\DRIVERS\flpydisk.sys
BADCE000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
BAF84000 - \SystemRoot\System32\Drivers\Null.SYS
BADD0000 - \SystemRoot\System32\Drivers\Beep.SYS
BAC48000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
BAC50000 - \SystemRoot\System32\drivers\vga.sys
BADD2000 - \SystemRoot\System32\Drivers\mnmdd.SYS
BADD4000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
B6FD0000 - \SystemRoot\System32\Drivers\cdudf_xp.SYS
BAC58000 - \SystemRoot\System32\Drivers\Msfs.SYS
BAC60000 - \SystemRoot\System32\Drivers\Npfs.SYS
B6F8B000 - \SystemRoot\System32\Drivers\UdfReadr_xp.SYS
B9BC7000 - \SystemRoot\system32\DRIVERS\rasacd.sys
B6F3E000 - \SystemRoot\system32\DRIVERS\ipsec.sys
B6EE5000 - \SystemRoot\system32\DRIVERS\tcpip.sys
BA9C8000 - \SystemRoot\System32\Drivers\aswTdi.SYS
B6EBF000 - \SystemRoot\system32\DRIVERS\ipnat.sys
B6E97000 - \SystemRoot\system32\DRIVERS\netbt.sys
B6E75000 - \SystemRoot\System32\drivers\afd.sys
BA9D8000 - \SystemRoot\system32\DRIVERS\netbios.sys
B6E4A000 - \SystemRoot\system32\DRIVERS\rdbss.sys
BA9E8000 - \SystemRoot\System32\drivers\prodrv06.sys
B6D3A000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
BA9F8000 - \SystemRoot\System32\Drivers\Fips.SYS
BAA08000 - \SystemRoot\system32\DRIVERS\wanarp.sys
B6CFB000 - \SystemRoot\System32\Drivers\aswSP.SYS
BADD6000 - \SystemRoot\system32\drivers\AsIO.sys
BAC68000 - \SystemRoot\System32\Drivers\Aavmker4.SYS
B6C9B000 - \SystemRoot\System32\Drivers\usbVM305.sys
BAA28000 - \SystemRoot\System32\Drivers\STREAM.SYS
BAC70000 - \SystemRoot\system32\DRIVERS\usbccgp.sys
BAC78000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS
B70A9000 - \SystemRoot\system32\DRIVERS\hidusb.sys
BAA38000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
B709D000 - \SystemRoot\system32\DRIVERS\kbdhid.sys
B7099000 - \SystemRoot\system32\DRIVERS\mouhid.sys
BAA58000 - \SystemRoot\System32\Drivers\Cdfs.SYS
B6C83000 - \SystemRoot\System32\Drivers\dump_atapi.sys
BADDC000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
B7045000 - \SystemRoot\System32\drivers\Dxapi.sys
BAC88000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
BAEB5000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\nv4_disp.dll
BAC98000 - \SystemRoot\system32\DRIVERS\aswFsBlk.sys
B6930000 - \SystemRoot\system32\DRIVERS\DefragFS.sys
B697B000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
B6712000 - \SystemRoot\System32\Drivers\aswMon2.SYS
B655E000 - \SystemRoot\System32\Drivers\Fastfat.SYS
B6521000 - \SystemRoot\system32\drivers\wdmaud.sys
B68D0000 - \SystemRoot\system32\drivers\sysaudio.sys
BAFF9000 - \??\I:\DOCUME~1\SIVRYG~1\LOCALS~1\Temp\mc21.tmp
B5E64000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
BADE4000 - \SystemRoot\System32\Drivers\ParVdm.SYS
BADE6000 - \SystemRoot\System32\Drivers\TBPanel.SYS
B5DC2000 - \SystemRoot\system32\DRIVERS\srv.sys
B59E9000 - \SystemRoot\System32\Drivers\HTTP.sys
B5B32000 - \SystemRoot\System32\Drivers\aswRdr.SYS
B4D8A000 - \SystemRoot\system32\drivers\kmixer.sys
BAE86000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 138

Liste des programmes installes

Adobe Flash Player ActiveX
AIDA32 v3.93
Archiveur WinRAR
Attansic Ethernet Utility
Attansic L1 Gigabit Ethernet Driver
avast! Antivirus
Azureus Vuze
CCleaner (remove only)
Correctif pour Windows Internet Explorer 7 (KB947864)
Creative Keyboard Software
Creative Mouse Software
Easy CD & DVD Creator 6
EasyFlirt Messenger 2.0
Gestionnaire Internet
GOM Player
Hotfix for Windows XP (KB915865)
Java(TM) 6 Update 5
JMB36X Raid Configurer
LimeWire 4.18.3
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
Messenger Plus! Live
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Flight Simulator 2004 Un siècle d'aviation
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB950760)
Mise à jour de sécurité pour Windows XP (KB950762)
Mise à jour de sécurité pour Windows XP (KB951376-v2)
Mise à jour de sécurité pour Windows XP (KB951698)
Mise à jour de sécurité pour Windows XP (KB951748)
Mise à jour pour Windows XP (KB898461)
Mise à jour pour Windows XP (KB942763)
Mise à jour pour Windows XP (KB951978)
Mozilla Firefox (2.0.0.16)
Navigateur Orange
NVIDIA Drivers
PerfectDisk 2008 Professional
Prince of Persia Les Sables du Temps
Race Driver 2
Race Driver 2
Realtek High Definition Audio Driver
Shareaza 2.3.1.0
SuperCopier2
VideoLAN VLC media player 0.8.6i
Vtune 5.9
WebFldrs XP
Windows Live installer
Windows Live Messenger



Le volume dans le lecteur I s'appelle Systeme
Le numéro de série du volume est 4037-57D5

Répertoire de I:\Program Files

29/07/2008 22:08 <REP> .
29/07/2008 22:08 <REP> ..
22/07/2008 18:17 <REP> AIDA32 - Enterprise System Information
22/07/2008 19:59 <REP> Alwil Software
22/07/2008 13:59 <REP> ASUS
22/07/2008 13:45 <REP> Attansic
25/07/2008 07:05 <REP> Azureus
22/07/2008 20:19 <REP> BitTorrent
29/07/2008 22:08 <REP> CCleaner
24/07/2008 17:52 <REP> Codemasters
22/07/2008 13:30 <REP> ComPlus Applications
22/07/2008 19:42 <REP> Creative
22/07/2008 20:19 <REP> DNA
22/07/2008 23:28 <REP> EasyFlirt Messenger
22/07/2008 19:55 <REP> Fichiers communs
23/07/2008 22:07 <REP> GRETECH
22/07/2008 13:43 <REP> Intel
23/07/2008 03:03 <REP> Internet Explorer
22/07/2008 17:48 <REP> InterVideo
22/07/2008 21:08 <REP> Inventel
22/07/2008 13:34 <REP> Java
27/07/2008 10:50 <REP> LimeWire
28/07/2008 22:01 <REP> Malwarebytes' Anti-Malware
22/07/2008 13:29 <REP> Messenger
23/07/2008 21:49 <REP> Messenger Plus! Live
22/07/2008 13:35 <REP> microsoft frontpage
25/07/2008 10:24 <REP> Microsoft Games
22/07/2008 18:08 <REP> Microsoft Office
22/07/2008 13:33 <REP> Microsoft Silverlight
22/07/2008 18:07 <REP> Microsoft.NET
22/07/2008 13:31 <REP> Movie Maker
29/07/2008 22:02 <REP> Mozilla Firefox
22/07/2008 13:29 <REP> MSN Gaming Zone
29/07/2008 22:09 <REP> Navilog1
22/07/2008 13:31 <REP> NetMeeting
22/07/2008 13:31 <REP> Outlook Express
22/07/2008 17:54 <REP> Raxco
22/07/2008 13:47 <REP> Realtek
22/07/2008 18:58 <REP> Roxio
23/07/2008 08:32 <REP> Securitoo
22/07/2008 13:32 <REP> Services en ligne
22/07/2008 22:58 <REP> Shareaza
22/07/2008 17:55 <REP> SuperCopier2
28/07/2008 23:45 <REP> Trend Micro
24/07/2008 17:38 <REP> UBISOFT
22/07/2008 20:36 <REP> VideoLAN
22/07/2008 13:45 <REP> Vtune
29/07/2008 23:29 <REP> Wanadoo
22/07/2008 20:01 <REP> Windows Live
22/07/2008 13:29 <REP> Windows Media Connect 2
22/07/2008 13:33 <REP> Windows Media Player
22/07/2008 13:29 <REP> Windows NT
25/07/2008 09:53 <REP> WinRAR
22/07/2008 13:35 <REP> xerox
0 fichier(s) 0 octets
54 Rép(s) 36 879 511 552 octets libres
Le volume dans le lecteur I s'appelle Systeme
Le numéro de série du volume est 4037-57D5

Répertoire de I:\Program Files\fichiers communs

22/07/2008 19:55 <REP> .
22/07/2008 19:55 <REP> ..
22/07/2008 18:08 <REP> DESIGNER
24/07/2008 17:52 <REP> InstallShield
22/07/2008 13:34 <REP> Java
22/07/2008 18:32 <REP> Microsoft Shared
22/07/2008 13:31 <REP> MSSoap
22/07/2008 18:53 <REP> Nero
22/07/2008 15:25 <REP> ODBC
22/07/2008 19:00 <REP> Roxio Shared
22/07/2008 13:31 <REP> Services
22/07/2008 15:24 <REP> SpeechEngines
22/07/2008 18:08 <REP> System
0 fichier(s) 0 octets
13 Rép(s) 36 879 511 552 octets libres
Le volume dans le lecteur I s'appelle Systeme
Le numéro de série du volume est 4037-57D5

Répertoire de I:\Program Files\fichiers communs\Microsoft Shared\Web Folders

22/07/2008 18:08 <REP> .
22/07/2008 18:08 <REP> ..
22/07/2008 18:08 <REP> 1033
22/07/2008 18:08 <REP> 1036
20/09/2005 11:33 1 293 008 MSONSEXT.DLL
22/03/2007 18:29 39 256 MSOSV.DLL
03/06/1999 12:09 122 937 MSOWS409.DLL
07/03/2001 07:00 127 033 MSOWS40c.DLL
11/07/2003 01:25 80 448 PKMWS.DLL
5 fichier(s) 1 662 682 octets
4 Rép(s) 36 879 507 456 octets libres





****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_A6-B3EE1E109E08.tar.gz a l'adresse http://upload.malekal.com

j'ai deja malwarebytes, par contre, je ne sais pas si j'ai COMCTL32.OCX, ou je peux voir ca? c'est un logiciel?

Merci pour tout, je vais me coucher aussi, je fais tout ca demain.
Bonne nuit et à demain.

je ne suis pas sûr :
lorsque je dois faire cette manip :

Télécharges ComboFix (par sUBs) sur ton Bureau (et pas ailleur !):
http://download.bleepingcomputer.com/sUBs/ComboFix.exe <--- clik droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix et valide .

est ce que je dois d'abord telecharger combofix sur le bureau et ensuite faire un clic droit sur le lien, ou si je dois faire un clic droit sur le lien pour le telecharger sur le bureau en le renommant C-fix ??
j'ai peur de faire une boulette.

j'ai un souci, lorsque j'utilise le lien répondre à sKe69 sur ma boite mail, ca m'ouvre une page IE vide alors que d'habitude, ca m'ouvre le site CCm sur le navigateur orange.
bref, voici le rapport combofix :


ComboFix 08-07-29.1 - Sivry Gérald 2008-07-30 18:45:09.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1629 [GMT 2:00]
Endroit: I:\Documents and Settings\Sivry Gérald\Bureau\C-fix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

I:\WINDOWS\system32\MSINET.oca

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-28 to 2008-07-30 ))))))))))))))))))))))))))))))))))))
.

2008-07-30 17:20 . 2008-07-30 17:20 <REP> d-------- I:\Program Files\Sun
2008-07-29 23:36 . 2008-07-29 23:36 856 --a------ I:\upload_moi_A6-B3EE1E109E08.tar.gz
2008-07-29 22:08 . 2008-07-29 22:08 <REP> d-------- I:\Program Files\CCleaner
2008-07-29 19:23 . 2008-07-29 19:23 <REP> d-------- I:\_OTMoveIt
2008-07-29 17:50 . 2008-07-29 22:09 <REP> d-------- I:\Program Files\Navilog1
2008-07-29 10:04 . 2008-07-29 10:43 <REP> d-------- I:\Toolbar SD
2008-07-28 23:45 . 2008-07-28 23:45 <REP> d-------- I:\Program Files\Trend Micro
2008-07-28 22:01 . 2008-07-28 22:01 <REP> d-------- I:\Program Files\Malwarebytes' Anti-Malware
2008-07-28 22:01 . 2008-07-28 22:01 <REP> d-------- I:\Documents and Settings\Sivry Gérald\Application Data\Malwarebytes
2008-07-28 22:01 . 2008-07-28 22:01 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-28 22:01 . 2008-07-23 20:09 38,472 --a------ I:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-28 22:01 . 2008-07-23 20:09 17,144 --a------ I:\WINDOWS\system32\drivers\mbam.sys
2008-07-28 20:13 . 2008-07-28 20:13 164 --a------ I:\install.dat
2008-07-28 20:07 . 2008-07-28 20:12 <REP> d-------- I:\Documents and Settings\Sivry Gérald\Application Data\GetRightToGo
2008-07-28 19:55 . 2008-07-28 20:01 <REP> d-a------ I:\Documents and Settings\All Users\Application Data\TEMP
2008-07-27 11:06 . 2008-07-29 17:11 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-27 10:54 . 2008-07-27 17:59 <REP> d-------- I:\Documents and Settings\Sivry Gérald\Application Data\LimeWire
2008-07-27 10:50 . 2008-07-27 10:50 <REP> d-------- I:\Program Files\LimeWire
2008-07-25 10:24 . 2008-07-25 10:24 <REP> d-------- I:\Program Files\Microsoft Games
2008-07-24 17:52 . 2008-07-24 17:52 <REP> d-------- I:\Program Files\Codemasters
2008-07-24 17:38 . 2003-10-27 14:06 140,488 --a------ I:\WINDOWS\system32\comdlg32.ocx
2008-07-24 17:38 . 2003-10-27 14:06 115,016 --a------ I:\WINDOWS\system32\MSINET.OCX
2008-07-24 17:38 . 2003-10-27 14:06 89,360 --a------ I:\WINDOWS\system32\VB5DB.DLL
2008-07-24 17:38 . 2003-10-27 14:06 69,632 --a------ I:\WINDOWS\system32\xmltok.dll
2008-07-24 17:38 . 2003-10-27 14:06 36,864 --a------ I:\WINDOWS\system32\xmlparse.dll
2008-07-24 17:38 . 2003-10-27 14:06 35,840 --a------ I:\WINDOWS\system32\comdlg32.oca
2008-07-24 17:38 . 2003-10-27 14:06 26,096 --a------ I:\WINDOWS\system32\xmlinst.exe
2008-07-24 17:38 . 2003-10-27 14:06 24,576 --a------ I:\WINDOWS\system32\msxml3a.dll
2008-07-24 17:32 . 2008-07-24 17:38 <REP> d-------- I:\Program Files\UBISOFT
2008-07-23 23:11 . 2008-07-28 19:37 <REP> d-------- I:\Documents and Settings\Sivry Gérald\Application Data\Azureus
2008-07-23 23:11 . 2008-07-23 23:11 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Azureus
2008-07-23 23:10 . 2008-07-25 07:05 <REP> d-------- I:\Program Files\Azureus
2008-07-23 22:09 . 2008-07-23 22:09 <REP> d-------- I:\Documents and Settings\All Users\Application Data\GRETECH
2008-07-23 22:07 . 2008-07-23 22:07 <REP> d-------- I:\Program Files\GRETECH
2008-07-23 22:07 . 2008-07-23 22:07 <REP> d-------- I:\Documents and Settings\Sivry Gérald\Application Data\GRETECH
2008-07-23 21:47 . 2008-07-23 21:47 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-07-23 21:45 . 2008-07-23 21:49 <REP> d-------- I:\Program Files\Messenger Plus! Live
2008-07-23 21:01 . 2006-04-05 08:14 391,099 -ra------ I:\WINDOWS\system32\drivers\usbVM305.sys
2008-07-23 08:34 . 2008-07-23 08:34 <REP> d-------- I:\WINDOWS\system32\AlertModule
2008-07-23 08:34 . 2004-08-23 14:49 40,960 --a------ I:\WINDOWS\system32\FTRTSVC.exe
2008-07-23 08:34 . 2005-10-06 14:55 36,864 --a------ I:\WINDOWS\system32\IfHelper.dll
2008-07-23 08:32 . 2008-07-23 08:32 <REP> d-------- I:\Program Files\Securitoo
2008-07-22 23:28 . 2008-07-22 23:28 <REP> d-------- I:\Program Files\EasyFlirt Messenger
2008-07-22 23:05 . 2008-06-14 19:33 272,768 --------- I:\WINDOWS\system32\drivers\bthport.sys
2008-07-22 23:05 . 2008-06-14 19:33 272,768 -----c--- I:\WINDOWS\system32\dllcache\bthport.sys
2008-07-22 23:02 . 2005-02-25 05:35 22,752 --a------ I:\WINDOWS\system32\spupdsvc.exe
2008-07-22 22:58 . 2008-07-22 22:58 <REP> d-------- I:\Program Files\Shareaza
2008-07-22 22:58 . 2008-07-22 22:58 <REP> d-------- I:\Documents and Settings\Sivry Gérald\Application Data\Shareaza
2008-07-22 22:45 . 2007-07-30 19:19 271,224 --a------ I:\WINDOWS\system32\mucltui.dll
2008-07-22 22:45 . 2007-07-30 19:19 207,736 --a------ I:\WINDOWS\system32\muweb.dll
2008-07-22 22:45 . 2007-07-30 19:18 30,072 --a------ I:\WINDOWS\system32\mucltui.dll.mui
2008-07-22 21:13 . 2003-08-04 14:22 94,208 --a------ I:\WINDOWS\system32\W32n50.dll
2008-07-22 21:13 . 2004-08-23 14:50 32,768 --a------ I:\WINDOWS\system32\WooDial2000.dll
2008-07-22 21:13 . 2003-08-04 14:22 16,128 --------- I:\WINDOWS\system32\PCANDIS5.SYS
2008-07-22 21:12 . 2008-07-30 18:42 <REP> d-------- I:\Program Files\Wanadoo
2008-07-22 21:08 . 2008-07-22 21:08 <REP> d-------- I:\Program Files\Inventel
2008-07-22 20:58 . 2008-07-22 22:12 <REP> d-------- I:\Documents and Settings\Sivry Gérald\Contacts
2008-07-22 20:58 . 2008-07-22 22:12 <REP> d-------- I:\Documents and Settings\Sivry Gérald\Contacts
2008-07-22 20:36 . 2008-07-22 20:36 <REP> d-------- I:\Program Files\VideoLAN
2008-07-22 20:36 . 2008-07-22 20:36 <REP> d-------- I:\Documents and Settings\Sivry Gérald\Application Data\vlc
2008-07-22 20:19 . 2008-07-22 20:19 <REP> d-------- I:\Program Files\DNA
2008-07-22 20:19 . 2008-07-22 20:19 <REP> d-------- I:\Program Files\BitTorrent
2008-07-22 20:19 . 2008-07-29 22:45 <REP> d-------- I:\Documents and Settings\Sivry Gérald\Application Data\DNA
2008-07-22 20:19 . 2008-07-25 03:02 <REP> d-------- I:\Documents and Settings\Sivry Gérald\Application Data\BitTorrent
2008-07-22 20:05 . 2008-07-22 20:05 268 --ah----- I:\sqmdata00.sqm
2008-07-22 20:05 . 2008-07-22 20:05 244 --ah----- I:\sqmnoopt00.sqm
2008-07-22 19:59 . 2008-07-22 19:59 <REP> d-------- I:\Program Files\Alwil Software
2008-07-22 19:57 . 2008-07-22 19:57 1,160 --a------ I:\WINDOWS\mozver.dat
2008-07-22 19:55 . 2008-07-22 20:01 <REP> d-------- I:\Program Files\Windows Live
2008-07-22 19:55 . 2008-07-22 20:01 <REP> d--hsc--- I:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-22 19:55 . 2008-07-22 19:55 <REP> d-------- I:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-22 19:42 . 2000-05-22 10:58 647,872 --------- I:\WINDOWS\system32\Mscomct2.ocx
2008-07-22 19:42 . 1999-10-10 19:00 41,984 --------- I:\WINDOWS\Ctregrun.exe
2008-07-22 19:40 . 2008-07-22 19:42 <REP> d-------- I:\Program Files\Creative
2008-07-22 19:00 . 2008-07-25 11:26 <REP> d-------- I:\Documents and Settings\Sivry Gérald\Application Data\Roxio
2008-07-22 19:00 . 2003-02-27 16:16 135,168 --------- I:\WINDOWS\system32\l3codecx.acm
2008-07-22 18:58 . 2008-07-22 18:58 <REP> d-------- I:\Program Files\Roxio
2008-07-22 18:55 . 2008-07-22 19:00 <REP> d-------- I:\Program Files\Fichiers communs\Roxio Shared
2008-07-22 18:32 . 2008-07-22 18:53 <REP> d-------- I:\Program Files\Fichiers communs\Nero
2008-07-22 18:29 . 2008-07-22 18:29 0 --a------ I:\WINDOWS\nsreg.dat
2008-07-22 18:17 . 2008-07-22 18:17 <REP> d-------- I:\Program Files\AIDA32 - Enterprise System Information
2008-07-22 18:11 . 2008-07-22 18:11 385 --a------ I:\WINDOWS\ODBC.INI
2008-07-22 18:10 . 2007-04-09 12:23 28,040 --a------ I:\WINDOWS\system32\mdimon.dll
2008-07-22 18:08 . 2008-07-22 18:08 <REP> d-------- I:\WINDOWS\SHELLNEW
2008-07-22 18:07 . 2008-07-22 18:07 <REP> d-------- I:\Program Files\Microsoft.NET
2008-07-22 17:57 . 2008-07-22 18:16 <REP> d-------- I:\WINDOWS\system32\NtmsData
2008-07-22 17:55 . 2008-07-22 17:55 <REP> d-------- I:\Program Files\SuperCopier2
2008-07-22 17:54 . 2008-07-22 17:54 <REP> d----c--- I:\WINDOWS\system32\DRVSTORE
2008-07-22 17:54 . 2008-07-22 17:54 <REP> d-------- I:\Program Files\Raxco
2008-07-22 17:54 . 2008-07-22 17:54 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Raxco
2008-07-22 17:54 . 2008-01-09 22:00 68,624 -ra------ I:\WINDOWS\system32\drivers\DefragFS.sys
2008-07-22 17:41 . 2008-07-22 17:48 <REP> d-------- I:\Program Files\InterVideo
2008-07-22 17:41 . 2005-11-16 00:42 45,056 --a------ I:\WINDOWS\system32\drivers\iviVD.sys
2008-06-20 13:51 . 2008-06-20 13:51 361,600 -----c--- I:\WINDOWS\system32\dllcache\tcpip.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-30 15:21 --------- d-----w I:\Program Files\Java
2008-07-24 15:59 --------- d--h--w I:\Program Files\InstallShield Installation Information
2008-07-24 15:52 --------- d-----w I:\Program Files\Fichiers communs\InstallShield
2008-07-22 17:00 66,736 ----a-w I:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-07-22 17:00 24,696 ----a-w I:\WINDOWS\system32\drivers\cdralw2k.sys
2008-07-22 11:59 --------- d-----w I:\Program Files\ASUS
2008-07-22 11:47 315,392 ----a-w I:\WINDOWS\HideWin.exe
2008-07-22 11:47 --------- d-----w I:\Program Files\Realtek
2008-07-22 11:45 --------- d-----w I:\Program Files\Vtune
2008-07-22 11:45 --------- d-----w I:\Program Files\Attansic
2008-07-22 11:43 --------- d-----w I:\Program Files\Intel
2008-07-22 11:35 --------- d-----w I:\Program Files\microsoft frontpage
2008-07-22 11:34 --------- d-----w I:\Program Files\Fichiers communs\Java
2008-07-22 11:33 --------- d-----w I:\Program Files\Microsoft Silverlight
2008-07-22 11:32 --------- d-----w I:\Program Files\Services en ligne
2008-07-22 11:29 --------- d-----w I:\Program Files\Windows Media Connect 2
2008-06-20 17:47 247,808 ----a-w I:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w I:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w I:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w I:\WINDOWS\system32\drivers\tcpip6.sys
2008-05-09 10:55 90,112 ----a-w I:\WINDOWS\system32\wshext.dll
2008-05-09 10:55 430,080 ----a-w I:\WINDOWS\system32\vbscript.dll
2008-05-09 10:55 180,224 ----a-w I:\WINDOWS\system32\scrobj.dll
2008-05-09 10:55 172,032 ----a-w I:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w I:\WINDOWS\system32\wscript.exe
2008-05-07 15:53 991,744 ----a-w I:\WINDOWS\system32\drmv2clt.dll
2008-05-07 15:51 26,112 ----a-w I:\WINDOWS\system32\idndl.dll
2008-05-07 15:51 24,576 ----a-w I:\WINDOWS\system32\nlsdl.dll
2008-05-07 15:51 23,552 ----a-w I:\WINDOWS\system32\normaliz.dll
2008-05-07 15:51 1,571,840 ----a-w I:\WINDOWS\system32\sfcfiles.dll
2008-05-07 15:50 78,336 ----a-w I:\WINDOWS\system32\ieencode.dll
2008-05-07 15:50 71,680 ----a-w I:\WINDOWS\system32\admparse.dll
2008-05-07 15:50 55,296 ----a-w I:\WINDOWS\system32\iesetup.dll
2008-05-07 15:50 48,128 ----a-w I:\WINDOWS\system32\mshtmler.dll
2008-05-07 15:50 45,568 ----a-w I:\WINDOWS\system32\mshta.exe
2008-05-07 15:50 40,960 ----a-w I:\WINDOWS\system32\licmgr10.dll
2008-05-07 15:50 36,352 ----a-w I:\WINDOWS\system32\imgutil.dll
2008-05-07 15:50 17,408 ----a-w I:\WINDOWS\system32\corpol.dll
2008-05-07 15:50 156,160 ----a-w I:\WINDOWS\system32\msls31.dll
2008-05-07 15:49 1,013,248 ----a-w I:\WINDOWS\system32\syssetup.dll
2008-05-07 15:13 219,648 ----a-w I:\WINDOWS\system32\uxtheme.dll
2008-05-07 09:07 135,168 ----a-w I:\WINDOWS\system32\cscript.exe
2008-05-07 05:11 1,294,336 ----a-w I:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w I:\WINDOWS\system32\wininet.dll
2008-04-13 19:33 76,800 ----a-w I:\WINDOWS\system32\storprop.dll
2008-04-13 19:33 30,208 ----a-w I:\WINDOWS\system32\bthserv.dll
2008-04-13 19:33 29,184 ----a-w I:\WINDOWS\system32\sdhcinst.dll
2008-04-13 19:33 21,504 ----a-w I:\WINDOWS\system32\hidserv.dll
2008-04-13 19:33 20,992 ----a-w I:\WINDOWS\system32\bthci.dll
2008-04-13 17:34 294,912 ----a-w I:\WINDOWS\system32\msh263.drv
2008-04-13 17:34 23,552 ----a-w I:\WINDOWS\system32\wdmaud.drv
2008-04-13 17:33 77,312 ----a-w I:\WINDOWS\system32\usbui.dll
2008-04-13 17:33 54,784 ----a-w I:\WINDOWS\system32\vfwwdm32.dll
2008-04-13 17:33 47,616 ----a-w I:\WINDOWS\system32\iyuv_32.dll
2008-04-13 17:33 4,096 ----a-w I:\WINDOWS\system32\ksuser.dll
2008-04-13 17:33 16,896 ----a-w I:\WINDOWS\system32\msyuv.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="I:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
"WOOKIT"="I:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"EasyFlirt Messenger"="I:\Program Files\EasyFlirt Messenger\EasyFlirt Messenger.exe" [2008-02-12 10:36 847872]
"msnmsgr"="I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="I:\WINDOWS\system32\ctfmon.exe" [2008-04-14 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="I:\Program Files\Vtune\TBPanel.exe" [2007-11-27 14:38 2162688]
"NvCplDaemon"="I:\WINDOWS\system32\NvCpl.dll" [2007-11-28 10:02 8523776]
"NvMediaCenter"="I:\WINDOWS\system32\NvMcTray.dll" [2007-11-28 10:02 81920]
"JMB36X IDE Setup"="I:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-21 16:36 36864]
"36X Raid Configurer"="I:\WINDOWS\system32\xRaidSetup.exe" [2007-05-08 18:06 1953792]
"RoxioEngineUtility"="I:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [2008-07-22 19:00 65536]
"RoxioDragToDisc"="I:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-02-27 04:36 757760]
"RoxioAudioCentral"="I:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-02-26 16:50 253952]
"Creative Mouse Software"="I:\Program Files\Creative\Shared Files\CIDS\CTStray.exe" [2005-10-24 14:52 65536]
"Creative Mouse Software 1"="I:\Program Files\Creative\Input Devices\MOUSE\CTPoint.exe" [2005-03-15 13:18 221184]
"Creative Keyboard Software"="I:\Program Files\Creative\Shared Files\CIDS\CTStray.exe" [2005-10-24 14:52 65536]
"Creative Keyboard Software 1"="I:\Program Files\Creative\Input Devices\Keyboard\CTType.exe" [2005-04-05 01:11 229376]
"avast!"="I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"WOOWATCH"="I:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="I:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"BigDog305"="I:\WINDOWS\VM305_STI.EXE" [2005-08-05 09:15 61440]
"SunJavaUpdateSched"="I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 17:28 16126464 I:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-04-06 19:22 1822720 I:\WINDOWS\SkyTel.exe]
"nwiz"="nwiz.exe" [2007-11-28 10:02 1626112 I:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"DisablePagingExecutive"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"I:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"I:\\Program Files\\DNA\\btdna.exe"=
"I:\\Program Files\\BitTorrent\\bittorrent.exe"=
"I:\\Program Files\\Messenger\\msmsgs.exe"=
"I:\\Program Files\\Shareaza\\Shareaza.exe"=
"I:\\Program Files\\Azureus\\Azureus.exe"=
"I:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"I:\\WINDOWS\\system32\\dpnsvr.exe"=
"I:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 aswSP;avast! Self Protection;I:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;I:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 PD91Agent;PD91Agent;I:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-01-16 10:52]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;I:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-16 00:12]
R3 ZSMC0305;VIMICRO USB PC Camera V;I:\WINDOWS\system32\Drivers\usbVM305.sys [2006-04-05 08:14]
S3 PD91Engine;PD91Engine;I:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-01-16 10:52]

*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-RoxAssistant - C:\Program Files\Common Files\Roxio Shared\Upgrade\RoxAssist.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/keyword/%s
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKCU-Main,Start Page = hxxp://www.orange.fr
O8 -: E&xporter vers Microsoft Excel - I:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 -: { - I:\Program Files\Messenger\msmsgs.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 18:47:14
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\I:\DOCUME~1\SIVRYG~1\LOCALS~1\Temp\mc21.tmp"
.
Temps d'accomplissement: 2008-07-30 18:48:52
ComboFix-quarantined-files.txt 2008-07-30 16:48:38

Pre-Run: 36,792,639,488 octets libres
Post-Run: 36,781,801,472 octets libres

272 --- E O F --- 2008-07-27 08:42:50

et le rapport hijackthis :




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:11:40, on 30/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\RTHDCPL.EXE
I:\Program Files\Creative\Input Devices\MOUSE\CTPoint.exe
I:\Program Files\Creative\Input Devices\Keyboard\CTType.exe
I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
I:\WINDOWS\VM305_STI.EXE
I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
I:\PROGRA~1\Wanadoo\TaskBarIcon.exe
I:\WINDOWS\system32\ctfmon.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\explorer.exe
I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\Program Files\Wanadoo\GestionnaireInternet.exe
I:\Program Files\Wanadoo\ComComp.exe
I:\PROGRA~1\Wanadoo\Toaster.exe
I:\PROGRA~1\Wanadoo\Inactivity.exe
I:\PROGRA~1\Wanadoo\PollingModule.exe
I:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
I:\Program Files\Wanadoo\Watch.exe
I:\Program Files\Windows Live\Messenger\usnsvc.exe
I:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
I:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - I:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Gainward] "I:\Program Files\Vtune\TBPanel.exe" /A
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [JMB36X IDE Setup] I:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] "I:\WINDOWS\system32\xRaidSetup.exe" boot
O4 - HKLM\..\Run: [RoxioEngineUtility] "I:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "I:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "I:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Creative Mouse Software] "I:\Program Files\Creative\Shared Files\CIDS\CTStray.exe"
O4 - HKLM\..\Run: [Creative Mouse Software 1] "I:\Program Files\Creative\Input Devices\MOUSE\CTPoint.exe"
O4 - HKLM\..\Run: [Creative Keyboard Software] "I:\Program Files\Creative\Shared Files\CIDS\CTStray.exe"
O4 - HKLM\..\Run: [Creative Keyboard Software 1] "I:\Program Files\Creative\Input Devices\Keyboard\CTType.exe"
O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WOOWATCH] I:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] "I:\PROGRA~1\Wanadoo\GestMaj.exe" TaskBarIcon.exe
O4 - HKLM\..\Run: [BigDog305] "I:\WINDOWS\VM305_STI.EXE" VIMICRO USB PC Camera V
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] I:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [WOOKIT] "I:\PROGRA~1\Wanadoo\Shell.exe" appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [EasyFlirt Messenger] "I:\Program Files\EasyFlirt Messenger\EasyFlirt Messenger.exe" /M
O4 - HKCU\..\Run: [msnmsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - I:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - I:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe

ma boite mail a toujours le meme souci, je ne vois plus mes messages sur ce site

voici les rapports

ComboFix 08-07-29.1 - Sivry Gérald 2008-07-30 21:47:14.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1565 [GMT 2:00]
Endroit: I:\Documents and Settings\Sivry Gérald\Bureau\C-fix.exe
Command switches used :: I:\Documents and Settings\Sivry Gérald\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
I:\upload_moi_A6-B3EE1E109E08.tar.gz
I:\WINDOWS\system32\syssetup.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

I:\upload_moi_A6-B3EE1E109E08.tar.gz
I:\WINDOWS\system32\syssetup.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-28 to 2008-07-30 ))))))))))))))))))))))))))))))))))))
.

2008-07-30 20:37 . 2008-07-30 20:37 <REP> d--h----- I:\WINDOWS\PIF
2008-07-30 17:20 . 2008-07-30 17:20 <REP> d-------- I:\Program Files\Sun
2008-07-29 22:08 . 2008-07-29 22:08 <REP> d-------- I:\Program Files\CCleaner
2008-07-29 19:23 . 2008-07-29 19:23 <REP> d-------- I:\_OTMoveIt
2008-07-29 17:50 . 2008-07-29 22:09 <REP> d-------- I:\Program Files\Navilog1
2008-07-29 10:04 . 2008-07-29 10:43 <REP> d-------- I:\Toolbar SD
2008-07-28 23:45 . 2008-07-28 23:45 <REP> d-------- I:\Program Files\Trend Micro
2008-07-28 22:01 . 2008-07-28 22:01 <REP> d-------- I:\Program Files\Malwarebytes' Anti-Malware
2008-07-28 22:01 . 2008-07-28 22:01 <REP> d-------- I:\Documents and Settings\Sivry Gérald\Application Data\Malwarebytes
2008-07-28 22:01 . 2008-07-28 22:01 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-28 22:01 . 2008-07-23 20:09 38,472 --a------ I:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-28 22:01 . 2008-07-23 20:09 17,144 --a------ I:\WINDOWS\system32\drivers\mbam.sys
2008-07-28 20:13 . 2008-07-28 20:13 164 --a------ I:\install.dat
2008-07-28 20:07 . 2008-07-28 20:12 <REP> d-------- I:\Documents and Settings\Sivry Gérald\Application Data\GetRightToGo
2008-07-28 19:55 . 2008-07-28 20:01 <REP> d-a------ I:\Documents and Settings\All Users\Application Data\TEMP
2008-07-27 11:06 . 2008-07-29 17:11 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-27 10:54 . 2008-07-27 17:59 <REP> d-------- I:\Documents and Settings\Sivry Gérald\Application Data\LimeWire
2008-07-27 10:50 . 2008-07-27 10:50 <REP> d-------- I:\Program Files\LimeWire
2008-07-25 10:24 . 2008-07-25 10:24 <REP> d-------- I:\Program Files\Microsoft Games
2008-07-24 17:52 . 2008-07-24 17:52 <REP> d-------- I:\Program Files\Codemasters
2008-07-24 17:38 . 2003-10-27 14:06 140,488 --a------ I:\WINDOWS\system32\comdlg32.ocx
2008-07-24 17:38 . 2003-10-27 14:06 115,016 --a------ I:\WINDOWS\system32\MSINET.OCX
2008-07-24 17:38 . 2003-10-27 14:06 89,360 --a------ I:\WINDOWS\system32\VB5DB.DLL
2008-07-24 17:38 . 2003-10-27 14:06 69,632 --a------ I:\WINDOWS\system32\xmltok.dll
2008-07-24 17:38 . 2003-10-27 14:06 36,864 --a------ I:\WINDOWS\system32\xmlparse.dll
2008-07-24 17:38 . 2003-10-27 14:06 35,840 --a------ I:\WINDOWS\system32\comdlg32.oca
2008-07-24 17:38 . 2003-10-27 14:06 26,096 --a------ I:\WINDOWS\system32\xmlinst.exe
2008-07-24 17:38 . 2003-10-27 14:06 24,576 --a------ I:\WINDOWS\system32\msxml3a.dll
2008-07-24 17:32 . 2008-07-24 17:38 <REP> d-------- I:\Program Files\UBISOFT
2008-07-23 23:11 . 2008-07-28 19:37 <REP> d-------- I:\Documents and Settings\Sivry Gérald\Application Data\Azureus
2008-07-23 23:11 . 2008-07-23 23:11 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Azureus
2008-07-23 23:10 . 2008-07-25 07:05 <REP> d-------- I:\Program Files\Azureus
2008-07-23 22:09 . 2008-07-23 22:09 <REP> d-------- I:\Documents and Settings\All Users\Application Data\GRETECH
2008-07-23 22:07 . 2008-07-23 22:07 <REP> d-------- I:\Program Files\GRETECH
2008-07-23 22:07 . 2008-07-23 22:07 <REP> d-------- I:\Documents and Settings\Sivry Gérald\Application Data\GRETECH
2008-07-23 21:47 . 2008-07-23 21:47 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-07-23 21:45 . 2008-07-23 21:49 <REP> d-------- I:\Program Files\Messenger Plus! Live
2008-07-23 21:01 . 2006-04-05 08:14 391,099 -ra------ I:\WINDOWS\system32\drivers\usbVM305.sys
2008-07-23 08:34 . 2008-07-23 08:34 <REP> d-------- I:\WINDOWS\system32\AlertModule
2008-07-23 08:34 . 2004-08-23 14:49 40,960 --a------ I:\WINDOWS\system32\FTRTSVC.exe
2008-07-23 08:34 . 2005-10-06 14:55 36,864 --a------ I:\WINDOWS\system32\IfHelper.dll
2008-07-23 08:32 . 2008-07-23 08:32 <REP> d-------- I:\Program Files\Securitoo
2008-07-22 23:28 . 2008-07-22 23:28 <REP> d-------- I:\Program Files\EasyFlirt Messenger
2008-07-22 23:05 . 2008-06-14 19:33 272,768 --------- I:\WINDOWS\system32\drivers\bthport.sys
2008-07-22 23:05 . 2008-06-14 19:33 272,768 -----c--- I:\WINDOWS\system32\dllcache\bthport.sys
2008-07-22 23:02 . 2005-02-25 05:35 22,752 --a------ I:\WINDOWS\system32\spupdsvc.exe
2008-07-22 22:58 . 2008-07-22 22:58 <REP> d-------- I:\Program Files\Shareaza
2008-07-22 22:58 . 2008-07-22 22:58 <REP> d-------- I:\Documents and Settings\Sivry Gérald\Application Data\Shareaza
2008-07-22 22:45 . 2007-07-30 19:19 271,224 --a------ I:\WINDOWS\system32\mucltui.dll
2008-07-22 22:45 . 2007-07-30 19:19 207,736 --a------ I:\WINDOWS\system32\muweb.dll
2008-07-22 22:45 . 2007-07-30 19:18 30,072 --a------ I:\WINDOWS\system32\mucltui.dll.mui
2008-07-22 21:13 . 2003-08-04 14:22 94,208 --a------ I:\WINDOWS\system32\W32n50.dll
2008-07-22 21:13 . 2004-08-23 14:50 32,768 --a------ I:\WINDOWS\system32\WooDial2000.dll
2008-07-22 21:13 . 2003-08-04 14:22 16,128 --------- I:\WINDOWS\system32\PCANDIS5.SYS
2008-07-22 21:12 . 2008-07-30 21:44 <REP> d-------- I:\Program Files\Wanadoo
2008-07-22 21:08 . 2008-07-22 21:08 <REP> d-------- I:\Program Files\Inventel
2008-07-22 20:58 . 2008-07-22 22:12 <REP> d-------- I:\Documents and Settings\Sivry Gérald\Contacts
2008-07-22 20:58 . 2008-07-22 22:12 <REP> d-------- I:\Documents and Settings\Sivry Gérald\Contacts
2008-07-22 20:36 . 2008-07-22 20:36 <REP> d-------- I:\Program Files\VideoLAN
2008-07-22 20:36 . 2008-07-22 20:36 <REP> d-------- I:\Documents and Settings\Sivry Gérald\Application Data\vlc
2008-07-22 20:19 . 2008-07-22 20:19 <REP> d-------- I:\Program Files\DNA
2008-07-22 20:19 . 2008-07-22 20:19 <REP> d-------- I:\Program Files\BitTorrent
2008-07-22 20:19 . 2008-07-29 22:45 <REP> d-------- I:\Documents and Settings\Sivry Gérald\Application Data\DNA
2008-07-22 20:19 . 2008-07-25 03:02 <REP> d-------- I:\Documents and Settings\Sivry Gérald\Application Data\BitTorrent
2008-07-22 20:05 . 2008-07-22 20:05 268 --ah----- I:\sqmdata00.sqm
2008-07-22 20:05 . 2008-07-22 20:05 244 --ah----- I:\sqmnoopt00.sqm
2008-07-22 19:59 . 2008-07-22 19:59 <REP> d-------- I:\Program Files\Alwil Software
2008-07-22 19:57 . 2008-07-22 19:57 1,160 --a------ I:\WINDOWS\mozver.dat
2008-07-22 19:55 . 2008-07-22 20:01 <REP> d-------- I:\Program Files\Windows Live
2008-07-22 19:55 . 2008-07-22 20:01 <REP> d--hsc--- I:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-22 19:55 . 2008-07-22 19:55 <REP> d-------- I:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-22 19:42 . 2000-05-22 10:58 647,872 --------- I:\WINDOWS\system32\Mscomct2.ocx
2008-07-22 19:42 . 1999-10-10 19:00 41,984 --------- I:\WINDOWS\Ctregrun.exe
2008-07-22 19:40 . 2008-07-22 19:42 <REP> d-------- I:\Program Files\Creative
2008-07-22 19:00 . 2008-07-25 11:26 <REP> d-------- I:\Documents and Settings\Sivry Gérald\Application Data\Roxio
2008-07-22 19:00 . 2003-02-27 16:16 135,168 --------- I:\WINDOWS\system32\l3codecx.acm
2008-07-22 18:58 . 2008-07-22 18:58 <REP> d-------- I:\Program Files\Roxio
2008-07-22 18:55 . 2008-07-22 19:00 <REP> d-------- I:\Program Files\Fichiers communs\Roxio Shared
2008-07-22 18:32 . 2008-07-22 18:53 <REP> d-------- I:\Program Files\Fichiers communs\Nero
2008-07-22 18:29 . 2008-07-22 18:29 0 --a------ I:\WINDOWS\nsreg.dat
2008-07-22 18:17 . 2008-07-22 18:17 <REP> d-------- I:\Program Files\AIDA32 - Enterprise System Information
2008-07-22 18:11 . 2008-07-22 18:11 385 --a------ I:\WINDOWS\ODBC.INI
2008-07-22 18:10 . 2007-04-09 12:23 28,040 --a------ I:\WINDOWS\system32\mdimon.dll
2008-07-22 18:08 . 2008-07-22 18:08 <REP> d-------- I:\WINDOWS\SHELLNEW
2008-07-22 18:07 . 2008-07-22 18:07 <REP> d-------- I:\Program Files\Microsoft.NET
2008-07-22 17:57 . 2008-07-22 18:16 <REP> d-------- I:\WINDOWS\system32\NtmsData
2008-07-22 17:55 . 2008-07-22 17:55 <REP> d-------- I:\Program Files\SuperCopier2
2008-07-22 17:54 . 2008-07-22 17:54 <REP> d----c--- I:\WINDOWS\system32\DRVSTORE
2008-07-22 17:54 . 2008-07-22 17:54 <REP> d-------- I:\Program Files\Raxco
2008-07-22 17:54 . 2008-07-22 17:54 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Raxco
2008-07-22 17:54 . 2008-01-09 22:00 68,624 -ra------ I:\WINDOWS\system32\drivers\DefragFS.sys
2008-07-22 17:41 . 2008-07-22 17:48 <REP> d-------- I:\Program Files\InterVideo
2008-07-22 17:41 . 2005-11-16 00:42 45,056 --a------ I:\WINDOWS\system32\drivers\iviVD.sys
2008-06-20 13:51 . 2008-06-20 13:51 361,600 -----c--- I:\WINDOWS\system32\dllcache\tcpip.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-30 15:21 --------- d-----w I:\Program Files\Java
2008-07-24 15:59 --------- d--h--w I:\Program Files\InstallShield Installation Information
2008-07-24 15:52 --------- d-----w I:\Program Files\Fichiers communs\InstallShield
2008-07-22 17:00 66,736 ----a-w I:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-07-22 17:00 24,696 ----a-w I:\WINDOWS\system32\drivers\cdralw2k.sys
2008-07-22 11:59 --------- d-----w I:\Program Files\ASUS
2008-07-22 11:47 315,392 ----a-w I:\WINDOWS\HideWin.exe
2008-07-22 11:47 --------- d-----w I:\Program Files\Realtek
2008-07-22 11:45 --------- d-----w I:\Program Files\Vtune
2008-07-22 11:45 --------- d-----w I:\Program Files\Attansic
2008-07-22 11:43 --------- d-----w I:\Program Files\Intel
2008-07-22 11:35 --------- d-----w I:\Program Files\microsoft frontpage
2008-07-22 11:34 --------- d-----w I:\Program Files\Fichiers communs\Java
2008-07-22 11:33 --------- d-----w I:\Program Files\Microsoft Silverlight
2008-07-22 11:32 --------- d-----w I:\Program Files\Services en ligne
2008-07-22 11:29 --------- d-----w I:\Program Files\Windows Media Connect 2
2008-06-20 17:47 247,808 ----a-w I:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w I:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w I:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w I:\WINDOWS\system32\drivers\tcpip6.sys
2008-05-09 10:55 90,112 ----a-w I:\WINDOWS\system32\wshext.dll
2008-05-09 10:55 430,080 ----a-w I:\WINDOWS\system32\vbscript.dll
2008-05-09 10:55 180,224 ----a-w I:\WINDOWS\system32\scrobj.dll
2008-05-09 10:55 172,032 ----a-w I:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w I:\WINDOWS\system32\wscript.exe
2008-05-07 15:53 991,744 ----a-w I:\WINDOWS\system32\drmv2clt.dll
2008-05-07 15:51 26,112 ----a-w I:\WINDOWS\system32\idndl.dll
2008-05-07 15:51 24,576 ----a-w I:\WINDOWS\system32\nlsdl.dll
2008-05-07 15:51 23,552 ----a-w I:\WINDOWS\system32\normaliz.dll
2008-05-07 15:51 1,571,840 ----a-w I:\WINDOWS\system32\sfcfiles.dll
2008-05-07 15:50 78,336 ----a-w I:\WINDOWS\system32\ieencode.dll
2008-05-07 15:50 71,680 ----a-w I:\WINDOWS\system32\admparse.dll
2008-05-07 15:50 55,296 ----a-w I:\WINDOWS\system32\iesetup.dll
2008-05-07 15:50 48,128 ----a-w I:\WINDOWS\system32\mshtmler.dll
2008-05-07 15:50 45,568 ----a-w I:\WINDOWS\system32\mshta.exe
2008-05-07 15:50 40,960 ----a-w I:\WINDOWS\system32\licmgr10.dll
2008-05-07 15:50 36,352 ----a-w I:\WINDOWS\system32\imgutil.dll
2008-05-07 15:50 17,408 ----a-w I:\WINDOWS\system32\corpol.dll
2008-05-07 15:50 156,160 ----a-w I:\WINDOWS\system32\msls31.dll
2008-05-07 15:13 219,648 ----a-w I:\WINDOWS\system32\uxtheme.dll
2008-05-07 09:07 135,168 ----a-w I:\WINDOWS\system32\cscript.exe
2008-05-07 05:11 1,294,336 ----a-w I:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w I:\WINDOWS\system32\wininet.dll
2008-04-13 19:33 76,800 ----a-w I:\WINDOWS\system32\storprop.dll
2008-04-13 19:33 30,208 ----a-w I:\WINDOWS\system32\bthserv.dll
2008-04-13 19:33 29,184 ----a-w I:\WINDOWS\system32\sdhcinst.dll
2008-04-13 19:33 21,504 ----a-w I:\WINDOWS\system32\hidserv.dll
2008-04-13 19:33 20,992 ----a-w I:\WINDOWS\system32\bthci.dll
2008-04-13 17:34 294,912 ----a-w I:\WINDOWS\system32\msh263.drv
2008-04-13 17:34 23,552 ----a-w I:\WINDOWS\system32\wdmaud.drv
2008-04-13 17:33 77,312 ----a-w I:\WINDOWS\system32\usbui.dll
2008-04-13 17:33 54,784 ----a-w I:\WINDOWS\system32\vfwwdm32.dll
2008-04-13 17:33 47,616 ----a-w I:\WINDOWS\system32\iyuv_32.dll
2008-04-13 17:33 4,096 ----a-w I:\WINDOWS\system32\ksuser.dll
2008-04-13 17:33 16,896 ----a-w I:\WINDOWS\system32\msyuv.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="I:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
"WOOKIT"="I:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"EasyFlirt Messenger"="I:\Program Files\EasyFlirt Messenger\EasyFlirt Messenger.exe" [2008-02-12 10:36 847872]
"msnmsgr"="I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="I:\WINDOWS\system32\ctfmon.exe" [2008-04-14 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="I:\Program Files\Vtune\TBPanel.exe" [2007-11-27 14:38 2162688]
"NvCplDaemon"="I:\WINDOWS\system32\NvCpl.dll" [2007-11-28 10:02 8523776]
"NvMediaCenter"="I:\WINDOWS\system32\NvMcTray.dll" [2007-11-28 10:02 81920]
"JMB36X IDE Setup"="I:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-21 16:36 36864]
"36X Raid Configurer"="I:\WINDOWS\system32\xRaidSetup.exe" [2007-05-08 18:06 1953792]
"RoxioEngineUtility"="I:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [2008-07-22 19:00 65536]
"RoxioDragToDisc"="I:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-02-27 04:36 757760]
"RoxioAudioCentral"="I:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-02-26 16:50 253952]
"Creative Mouse Software"="I:\Program Files\Creative\Shared Files\CIDS\CTStray.exe" [2005-10-24 14:52 65536]
"Creative Mouse Software 1"="I:\Program Files\Creative\Input Devices\MOUSE\CTPoint.exe" [2005-03-15 13:18 221184]
"Creative Keyboard Software"="I:\Program Files\Creative\Shared Files\CIDS\CTStray.exe" [2005-10-24 14:52 65536]
"Creative Keyboard Software 1"="I:\Program Files\Creative\Input Devices\Keyboard\CTType.exe" [2005-04-05 01:11 229376]
"avast!"="I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"WOOWATCH"="I:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="I:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"BigDog305"="I:\WINDOWS\VM305_STI.EXE" [2005-08-05 09:15 61440]
"SunJavaUpdateSched"="I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 17:28 16126464 I:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-04-06 19:22 1822720 I:\WINDOWS\SkyTel.exe]
"nwiz"="nwiz.exe" [2007-11-28 10:02 1626112 I:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"DisablePagingExecutive"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"I:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"I:\\Program Files\\DNA\\btdna.exe"=
"I:\\Program Files\\BitTorrent\\bittorrent.exe"=
"I:\\Program Files\\Messenger\\msmsgs.exe"=
"I:\\Program Files\\Shareaza\\Shareaza.exe"=
"I:\\Program Files\\Azureus\\Azureus.exe"=
"I:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"I:\\WINDOWS\\system32\\dpnsvr.exe"=
"I:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 aswSP;avast! Self Protection;I:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;I:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 PD91Agent;PD91Agent;I:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-01-16 10:52]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;I:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-16 00:12]
R3 ZSMC0305;VIMICRO USB PC Camera V;I:\WINDOWS\system32\Drivers\usbVM305.sys [2006-04-05 08:14]
S3 PD91Engine;PD91Engine;I:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-01-16 10:52]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 21:47:51
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\I:\DOCUME~1\SIVRYG~1\LOCALS~1\Temp\mc21.tmp"
.
Temps d'accomplissement: 2008-07-30 21:48:17
ComboFix-quarantined-files.txt 2008-07-30 19:48:15
ComboFix2.txt 2008-07-30 16:48:53

Pre-Run: 36,747,128,832 octets libres
Post-Run: 36,743,667,712 octets libres

268 --- E O F --- 2008-07-27 08:42:50


et hijackthis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:56:14, on 30/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\RTHDCPL.EXE
I:\Program Files\Creative\Input Devices\MOUSE\CTPoint.exe
I:\Program Files\Creative\Input Devices\Keyboard\CTType.exe
I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
I:\WINDOWS\VM305_STI.EXE
I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
I:\PROGRA~1\Wanadoo\TaskBarIcon.exe
I:\WINDOWS\system32\ctfmon.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Windows Live\Messenger\usnsvc.exe
I:\WINDOWS\system32\notepad.exe
I:\WINDOWS\explorer.exe
I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\Program Files\Wanadoo\GestionnaireInternet.exe
I:\Program Files\Wanadoo\ComComp.exe
I:\PROGRA~1\Wanadoo\Toaster.exe
I:\PROGRA~1\Wanadoo\Inactivity.exe
I:\PROGRA~1\Wanadoo\PollingModule.exe
I:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
I:\Program Files\Wanadoo\Watch.exe
I:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - I:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Gainward] "I:\Program Files\Vtune\TBPanel.exe" /A
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [JMB36X IDE Setup] I:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] "I:\WINDOWS\system32\xRaidSetup.exe" boot
O4 - HKLM\..\Run: [RoxioEngineUtility] "I:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "I:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "I:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Creative Mouse Software] "I:\Program Files\Creative\Shared Files\CIDS\CTStray.exe"
O4 - HKLM\..\Run: [Creative Mouse Software 1] "I:\Program Files\Creative\Input Devices\MOUSE\CTPoint.exe"
O4 - HKLM\..\Run: [Creative Keyboard Software] "I:\Program Files\Creative\Shared Files\CIDS\CTStray.exe"
O4 - HKLM\..\Run: [Creative Keyboard Software 1] "I:\Program Files\Creative\Input Devices\Keyboard\CTType.exe"
O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WOOWATCH] I:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] "I:\PROGRA~1\Wanadoo\GestMaj.exe" TaskBarIcon.exe
O4 - HKLM\..\Run: [BigDog305] "I:\WINDOWS\VM305_STI.EXE" VIMICRO USB PC Camera V
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] I:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [WOOKIT] "I:\PROGRA~1\Wanadoo\Shell.exe" appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [EasyFlirt Messenger] "I:\Program Files\EasyFlirt Messenger\EasyFlirt Messenger.exe" /M
O4 - HKCU\..\Run: [msnmsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - I:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - I:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe