Ordinateur infecté

poste un rapport hijack this

je vais te proposer un outil super puissant, qu'il ne faut utiliser que sous contrôle d'un helper qualifié, il te faudra le supprimer sans faute dès que la désinfection sera terminée

désactive ton UAC

1. Télécharger The Avenger par Swandog46 sur votre Bureau.
http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/

* Clique sur Avenger.zip pour ouvrir le fichier
* Extraire avenger.exe sur votre bureau

2. Copier tout le texte de la citation ci-dessous (Ctrl+C):

Begin copying here:
Drivers to delete:
Windows Tribute Service
Files to delete:
C:\Windows\system32\kdhwn.exe
C:\Users\AMLIE~1\AppData\Local\Temp\ddcAsPIX.dll
c:\program files\asksbar\bar\1.bin\asksbar.dll
c:\users\amlie~1\appdata\local\temp\awtqnnew.dll
c:\users\amlie~1\appdata\local\temp\cgrfhwnn.dll
Folders to delete:
c:\program files\asksbar
Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}
Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar } | {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}

Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.

3. Maintenant, lancer The Avenger en cliquant sur son icône du bureau.

* Sous "Script file to execute" choisir "Input Script Manually".
* Puis cliquer sur l'icône en forme de loupe qui va ouvrir une nouvelle fenêtre "View/edit script"
* Dans cette fenêtre, coller le texte précedemment copié sur le bureau par les touches (Ctrl+V).
* Cliquer Done
* ensuite cliquer sur l'icône en forme de Feu Vert pour démarrer l'exécution du script
* Répondre "Yes" deux fois quand demandé.

4. The Avenger va automatiquement faire ce qui suit:

* Il va Re-démarrer le système. ( Dans les cas où le script contient un/des "Drivers to Unload", The Avenger re-démarrera votre système 2 fois.)
* Pendant le re-démarrage, il apparaitra brièvement une fenêtre de commande de windows noire sur votre bureau, ceci est NORMAL.
* Après le re-démarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
* The Avenger aura également sauvegardé tous les fichiers, etc., que vous lui avez demandé de supprimer, les aura compactés (zipped) et tranféré l'archive zip ici C:\avenger\backup.zip.

5. Pour finir copier/coller le contenu du ficher c:\avenger.txt dans votre réponse avec un nouveau rapport HijackThis

ben ya du monde au balcon!!!
on y va!!
Télécharge ToolBar-S&D de Eric_71, Angeldark, Sham_Rock et XmichouX
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
tuto
https://sites.google.com/site/toolbarsd/aideenimages
relance le choisis l'option 2 et laisse faire le nettoyage, ensuite tu me postes le rapport

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

oups SDFix incompatible vista, donc ensuite tu ne fais que Combofix

et enfin
Télécharge ComboFix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Tutoriel officiel de ComboFix, afin de l’utiliser correctement
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Désactive ton antivirus, antispyware, et Spybot-S&D (résident) durant l'utilisation de ComboFix. Merci. Tu le réactiveras ensuite, en fin de désinfection.
Voir ici comment désactiver tes protections
https://forum.pcastuces.com/default.asp
Double clique sur ComboFix.exe (ComboFix)
Tape 1 puis tape sur Entrée
A noter: une fois que ComboFix est lancé, il ne faut pas cliquer dans la fenêtre de ComboFix car cela pourrait entraîner un plantage du programme.
Il est recommandé de laisser l'outil analyser et nettoyer le PC sans utiliser quoi que ce soit d'autre...
A la fin de l’analyse, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse
Si le rapport n'apparaît pas, tu le trouves ici, à la racine de ton Système, en principe : C:\ComboFix.txt

Bonjour,

Il y a plusieurs infections sur ton ordinateur, il va falloir utiliser plusieurs programmes pour désinfecter, merci de revenir régulièrement jusqu'au bout de la désinfection.

# Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection) :
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
- Redémarre l'ordinateur

# Télécharge FixWareout depuis cette adresse : http://downloads.subratam.org/Fixwareout.exe

Installe le, lance le, puis suis les consignes jusqu'au nettoyage. Un rapport doit s'ouvrir, poste le ici stp.

Il y a un tutoriel en image pour t'aider à cette adresse : http://www.malekal.com/tutorial_FixWareout.php

# Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

Fais un clic-droit sur le raccourci de Toolbar-S&D sur le Bureau et choisis " Exécuter en tant qu' Administrateur"
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)

slt pour suivre car il y a du wareout en plus de tout le reste... ici et cela m'interesse (rq: fixwareout et sdfix incompatibles avec vista)

cela vient de ceci le wareout:
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdhwn.exe

oui slt papyber effectivement cela est possible avec un script , sinon j'ai fais aussi avec malwarebyte qui avais reussi a désactiver et virer le service et virer le 85..... mais on verra c'est pour cela que je suis ce post interessant

Tout d'abord, merci de bien vouloir m'aider.
J'ai télécharger Toolbar S&D et suivi les instructions, voici le rapport obtenu :

-----------\\ ToolBar S&D 1.2.2 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : amélie ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 7.0.0.2
(Activated)
Firewall : COMODO Firewall Pro 3.0 (Activated)
C:\ (Local Disk) - NTFS - Total : 455 Go Free : 333 Go
D:\ (USB)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (CD or DVD)
I:\ (Local Disk) - NTFS - Total : 232 Go Free : 119 Go
J:\ (CD or DVD)
K:\ (CD or DVD) - UDF - Total : 3 Go Free : 0 Go
L:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 )
Option : [2] ( 06/10/2008|16:36 )

[ UAC => 1 ]
C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\AskSBar\bar
Supprime! - C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
Supprime! - C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll
Supprime! - C:\Program Files\AskSBar
Supprime! - C:\Program Files\DAEMON Tools Toolbar

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="http://www1.mini20.com/?tm=1&kw=Secure+Web+Search+Engine&KW1=Secure%20Web%20Search%20Engine&KW2=Best%20Malware%20Detection%20And%20Removal%20Software&searchbox=0&domainname=0&backfill=0"
"Default_Page_URL"="http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

--------------------\\ Recherche d'autres infections

[HKLM\SYSTEM\CurrentControlSet\..\{5E256102-96DA-406B-8F83-423128AAD651}]
NameServer REG_SZ 85.255.115.22,85.255.112.190
[HKLM\SYSTEM\ControlSet001\..\{5E256102-96DA-406B-8F83-423128AAD651}]
NameServer REG_SZ 85.255.115.22,85.255.112.190
[HKLM\SYSTEM\ControlSet002\..\{5E256102-96DA-406B-8F83-423128AAD651}]
NameServer REG_SZ 85.255.115.22,85.255.112.190
[b]==> WAREOUT <==/b

--------------------\\ Cracks & Keygens ..

C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn\ArchiCAD_v10fr\ArchiCAD 10\Cracktro.exe
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe ACROBAT Professional 8.1.2 FULL + KEYGEN [Working as of Sept 2008].torrent
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe ACROBAT Professional 8.1.2 FULL + KEYGEN [Working as of Sept 2008].xml
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe Premiere Pro CS3 Multi-Language + Crack + Tutorials.torrent
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe Premiere Pro CS3 Multi-Language + Crack + Tutorials.xml
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Crack.torrent
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Crack.xml
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn\ArchiCAD_v10fr\ArchiCAD 10\Cracktro.exe
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe ACROBAT Professional 8.1.2 FULL + KEYGEN [Working as of Sept 2008].torrent
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe ACROBAT Professional 8.1.2 FULL + KEYGEN [Working as of Sept 2008].xml
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe Premiere Pro CS3 Multi-Language + Crack + Tutorials.torrent
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe Premiere Pro CS3 Multi-Language + Crack + Tutorials.xml
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Crack.torrent
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Crack.xml
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn\ArchiCAD_v10fr\ArchiCAD 10\Cracktro.exe
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe ACROBAT Professional 8.1.2 FULL + KEYGEN [Working as of Sept 2008].torrent
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe ACROBAT Professional 8.1.2 FULL + KEYGEN [Working as of Sept 2008].xml
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe Premiere Pro CS3 Multi-Language + Crack + Tutorials.torrent
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe Premiere Pro CS3 Multi-Language + Crack + Tutorials.xml
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Crack.torrent
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Crack.xml
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn\ArchiCAD_v10fr\ArchiCAD 10\Cracktro.exe
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe ACROBAT Professional 8.1.2 FULL + KEYGEN [Working as of Sept 2008].torrent
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe ACROBAT Professional 8.1.2 FULL + KEYGEN [Working as of Sept 2008].xml
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe Premiere Pro CS3 Multi-Language + Crack + Tutorials.torrent
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe Premiere Pro CS3 Multi-Language + Crack + Tutorials.xml
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Crack.torrent
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Crack.xml
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn\ArchiCAD_v10fr\ArchiCAD 10\Cracktro.exe
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe ACROBAT Professional 8.1.2 FULL + KEYGEN [Working as of Sept 2008].torrent
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe ACROBAT Professional 8.1.2 FULL + KEYGEN [Working as of Sept 2008].xml
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe Premiere Pro CS3 Multi-Language + Crack + Tutorials.torrent
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe Premiere Pro CS3 Multi-Language + Crack + Tutorials.xml
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Crack.torrent
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Crack.xml

[ UAC => 1 ]

1 - "C:\ToolBar SD\TB_1.txt" - 06/10/2008|16:45 - Option : [2]

-----------\\ Fin du rapport a 16:45:35,03

Cependant, pour l'instant, je n'arrive pas à télécharger comboFix, les pages internet m'affichent une erreur de chargement.

Avec autant de cracks et keygens, pas étonnant que ton ordinateur soit infecté ! Les cracks sont dangereux, ils installent souvent des infections : https://forum.malekal.com/viewtopic.php?f=33&t=893
Il faut les bannir complément... Si tu ne les supprimes pas, inutile de continuer la désinfection, ils risquent de réinfecter ton ordinateur à chaque fois que tu les utiliseras...

Si tu acceptes de les supprimer, fais comme ceci :

Télécharge OTMoveIt (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

Double-clique sur OTMoveIt.exe pour le lancer.
Assure toi que la case "Unregister Dll's and Ocx's" soit bien cochée !!!
Copie le texte ci-dessous et colle-le dans le cadre de gauche de OTMoveIt nommé Paste List of Files/Folders to be moved.

C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn\ArchiCAD_v10fr\ArchiCAD 10\Cracktro.exe 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe ACROBAT Professional 8.1.2 FULL + KEYGEN [Working as of Sept 2008].torrent 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe ACROBAT Professional 8.1.2 FULL + KEYGEN [Working as of Sept 2008].xml 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe Premiere Pro CS3 Multi-Language + Crack + Tutorials.torrent 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe Premiere Pro CS3 Multi-Language + Crack + Tutorials.xml 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Crack.torrent 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Crack.xml 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn\ArchiCAD_v10fr\ArchiCAD 10\Cracktro.exe 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe ACROBAT Professional 8.1.2 FULL + KEYGEN [Working as of Sept 2008].torrent 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe ACROBAT Professional 8.1.2 FULL + KEYGEN [Working as of Sept 2008].xml 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe Premiere Pro CS3 Multi-Language + Crack + Tutorials.torrent 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe Premiere Pro CS3 Multi-Language + Crack + Tutorials.xml 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Crack.torrent 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Crack.xml 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn\ArchiCAD_v10fr\ArchiCAD 10\Cracktro.exe 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe ACROBAT Professional 8.1.2 FULL + KEYGEN [Working as of Sept 2008].torrent 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe ACROBAT Professional 8.1.2 FULL + KEYGEN [Working as of Sept 2008].xml 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe Premiere Pro CS3 Multi-Language + Crack + Tutorials.torrent 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe Premiere Pro CS3 Multi-Language + Crack + Tutorials.xml 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Crack.torrent 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Crack.xml 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn\ArchiCAD_v10fr\ArchiCAD 10\Cracktro.exe 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe ACROBAT Professional 8.1.2 FULL + KEYGEN [Working as of Sept 2008].torrent 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe ACROBAT Professional 8.1.2 FULL + KEYGEN [Working as of Sept 2008].xml 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe Premiere Pro CS3 Multi-Language + Crack + Tutorials.torrent 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe Premiere Pro CS3 Multi-Language + Crack + Tutorials.xml 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Crack.torrent 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Crack.xml 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn\ArchiCAD_v10fr\ArchiCAD 10\Cracktro.exe 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe ACROBAT Professional 8.1.2 FULL + KEYGEN [Working as of Sept 2008].torrent 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe ACROBAT Professional 8.1.2 FULL + KEYGEN [Working as of Sept 2008].xml 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe Premiere Pro CS3 Multi-Language + Crack + Tutorials.torrent 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Adobe Premiere Pro CS3 Multi-Language + Crack + Tutorials.xml 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Crack.torrent 
C:\Users\AMLIE~1\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\Program Files\BitComet\torrents\Crack.xml 

Clique sur MoveIt! pour lancer la suppression.
Lorsque un résultat apparaît dans le cadre Results, clique sur Exit et redémarre ton PC.
Copie-colle le rapport dans ta réponse : il est situé sur --> C:\_OTMoveIt\MovedFiles.

ensuite

scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

merci d'avoir pris la suite, des imprévus familiaux m'ont obligés à m'absenter toute la soirée

ok je te laisse poursuivre

comme tu veux, tu peux continuer, si tu veux..si le demandeur reviens!

Désolé, je n'avais pas vu que vous aviez répondu.. Comme ça me paraît plus raisonnable de suivre vos conseils, j'ai tenté de télécharger OTMoveIt... mais même problème qu'avec ComboFix, Firefox ne trouve pas le serveur à l'adresse download.bleepingcomputer.com. Je ne comprends pas !!??
Merci encore de m'aider, et maintenant, je resterais plus attentive à vos réponses.

scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­

voilà cela été indiqué
par la suite papyber prendra le relais

.

ComboFix ne se telecharge pas plus avec ce lien.. Voilà le rapport obtenu avec MalwareByte's Anti-Malware :

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1239
Windows 6.0.6001 Service Pack 1

07/10/2008 15:59:47
mbam-log-2008-10-07 (15-59-47).txt

Type de recherche: Examen complet (C:\|I:\|)
Eléments examinés: 206716
Temps écoulé: 43 minute(s), 11 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 63

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Users\amélie\AppData\Local\Temp\ddcAsPIX.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b93e8974-e9ef-4a48-989a-8e331819b6a2} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{b93e8974-e9ef-4a48-989a-8e331819b6a2} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dafff3cc-eb91-4b8e-a303-ed0156ebb970} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dafff3cc-eb91-4b8e-a303-ed0156ebb970} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{09c72999-5c10-41a3-a524-24661d942003} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm37425968 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{09c72999-5c10-41a3-a524-24661d942003} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSSMSGS (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\34716af4 (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\users\amlie~1\appdata\local\temp\ddcaspix -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5e256102-96da-406b-8f83-423128aad651}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.22,85.255.112.190 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5e256102-96da-406b-8f83-423128aad651}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.22,85.255.112.190 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5e256102-96da-406b-8f83-423128aad651}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.22,85.255.112.190 -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Users\amélie\AppData\Local\Temp\ddcAsPIX.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Users\amélie\AppData\Local\Temp\XIPsAcdd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\XIPsAcdd.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\fpdrkb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\cgrfhwnn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\vtUkjKcy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\eMule\LinkCreator.exe (Rogue.Fake!emule.exe) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2FLGBUL9\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5P94LESW\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5P94LESW\nd82m0[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5P94LESW\t655[1].dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9V3MMS3A\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9V3MMS3A\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5GWBF0T\kb678031[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\afhhyvsj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\fnotjxlr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\grhmkqkp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\hfwdrrsu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\hgbtmeux.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\htbaspwj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\ljJArSlI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\lwyovsjm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\meppcthf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\ovjsxbrr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\qoahkjvx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\robtdrbc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\tmp00007b27 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\tmp00007b47 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\tmp00007cbd (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\tmp0000840d (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\tmp0000861f (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\tmp00008841 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\tmp000088af (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\tmp0000891c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\tmp00008999 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\tmp000089b8 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\tmp00008e0b (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\tmp0000926f (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\tmp00009665 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\tmp000097db (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\tmp0000980a (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\tmp00009887 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\tmp000098d5 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\tmp00009923 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\tmp0000999f (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\tmp0000af8f (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\tmp0000afaf (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\tmp0000b8d3 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\tmp0000b9eb (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\tmp0000bf39 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\tmp0000ec70 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\tmp0000f249 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\tmp00010f7a (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\tmp00011718 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\tsblproj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\xqasgxlp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\Temp\yhrhiyqw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\VirtualStore\Windows\System32\wingdx32.rom (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\amélie\AppData\Local\VirtualStore\Windows\System32\winkxe32.rom (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\odachwst.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\Temp\1FD.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\Temp\TMP0000000208DE623A33738382 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Voilà :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:54:11, on 07/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\AStiDog1210.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\WIBUKEY\Server\WkSvMgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Packard bell\SAXO24\HIDSERVICE.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Packard Bell\SrvCDEject.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\UI0Detect.exe
I:\resycled\boot.com
C:\Windows\explorer.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\amélie\Desktop\blabla.exe.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.mini20.com/?tm=1&kw=Secure+Web+Search+Engine&KW1=Secure%20Web%20Search%20Engine&KW2=Best%20Malware%20Detection%20And%20Removal%20Software&searchbox=0&domainname=0&backfill=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Waiting1210] C:\Windows\AStiDog1210.exe
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Serveur réseau.lnk = C:\Program Files\WIBUKEY\Server\WkSvMgr.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E256102-96DA-406B-8F83-423128AAD651}: NameServer = 85.255.115.22,85.255.112.190
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll C:\Windows\system32\cssdll32.dll fpdrkb.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Packard Bell BV - C:\Program Files\Packard bell\SAXO24\HIDSERVICE.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SrvCDEject - Unknown owner - C:\Program Files\Packard Bell\SrvCDEject.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdhwn.exe

essaye tout ceci

si tu ne peux pas faire la premiere étape tu dira et on utilisera unlocker pour virer le fichier

0/ fixe la ligne 17 avec hijackthis (faire do a system scan only puis selectionne la 17 puis fais FIX CHEKED)

O17 - HKLM\System\CCS\Services\Tcpip\..\{5E256102-96DA-406B-8F83-423128AAD651}: NameServer = 85.255.115.22,85.255.112.190

1/
telecharge de nouveau combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

Driver ::
Windows Tribute Service

File::
C:\Windows\system32\kdhwn.exe

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

_____________

2/
vire le service Windows Tribute Service:

https://www.pcastuces.com/pratique/windows/services/page2.htm

puis

https://www.pcastuces.com/pratique/windows/services/page3.htm

______________

3/

smit fraud fix (colle le rapport)

A/ telecharger :

http://siri.urz.free.fr/Fix/SmitfraudFix.php

B/ redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général) puis lance smitfraudfix , sélectionne l'option 5 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée

___________________

4/ fixe ces lignes avec hijakchtis si presentes

O17 - HKLM\System\CCS\Services\Tcpip\..\{A98E1F3A-050C-486F-8373-BBA9D9773170}: NameServer = 85.255.113.147,85.255.112.138

O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdhwn.exe
_____________________

5/
* Aller dans Démarrer > Panneau de configuration > Connexions > clique droit sur la connexion > Propriétés > onglet Gestion de réseau
* Mettre en surbrillance Protocole Internet (tcp/ip) puis cliquer sur le bouton Propriétés.
* Dans les options (serveur DNS préféré et serveur DNS auxiliaire) on trouvera une de ces adresses présentes dans le rapport hijackthis en ligne 017 ( exemple : 85.255.116.37 85.255.112.85 )
* Pour les éliminer, cocher : Obtenir les adresses des serveurs DNS automatiquement puis cliquer 2 fois sur Ok et redémarrer le PC. Merci à Incognito02 pour cette astuce

______________________

remets rapport hijakchits pour verifier et dis tes problèmes actuels

Ca bloque effectivement dès la première étape..

alors télécharge unlocker

et installe le

et clique avec le bouton droit sur ce fichier (kdhwn.exe ) et vire le avec unlocker
http://www.commentcamarche.net/telecharger/telecharger 34055141 unlocker

en allant dans psote de travail puis

C:\Windows\system32\kdhwn.exe

_____________

2/
vire le service Windows Tribute Service:

https://www.pcastuces.com/pratique/windows/services/page2.htm

puis

https://www.pcastuces.com/pratique/windows/services/page3.htm

______________

3/

smit fraud fix (colle le rapport)

A/ telecharger :

http://siri.urz.free.fr/Fix/SmitfraudFix.php

B/ redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général) puis lance smitfraudfix , sélectionne l'option 5 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée

___________________

4/ fixe ces lignes avec hijakchtis si presentes

O17 - HKLM\System\CCS\Services\Tcpip\..\{A98E1F3A-050C-486F-8373-BBA9D9773170}: NameServer = 85.255.113.147,85.255.112.138

O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdhwn.exe
_____________________

5/
* Aller dans Démarrer > Panneau de configuration > Connexions > clique droit sur la connexion > Propriétés > onglet Gestion de réseau
* Mettre en surbrillance Protocole Internet (tcp/ip) puis cliquer sur le bouton Propriétés.
* Dans les options (serveur DNS préféré et serveur DNS auxiliaire) on trouvera une de ces adresses présentes dans le rapport hijackthis en ligne 017 ( exemple : 85.255.116.37 85.255.112.85 )
* Pour les éliminer, cocher : Obtenir les adresses des serveurs DNS automatiquement puis cliquer 2 fois sur Ok et redémarrer le PC. Merci à Incognito02 pour cette astuce

______________________

remets rapport hijakchits pour verifier et dis tes problèmes actuels