Se connecter avec
S'enregistrer | Connectez-vous

virus photo msn

Dernière réponse : dans Sécurité

bonjour
j'ai choper le virus photo de msn
j'ai suivi le debut des instructions qu'il y a etai posté lors des autre poste

voici mon rapport
aidé moi svp

Logfile of HijackThis v1.99.1
Scan saved at 17:46:29, on 22/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Eric\doc.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\DOCUME~1\Eric\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 142.34.1.4:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Autres pages sur : virus photo msn

Lassé par la pub ? Créez un compte

Bonjour,

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

    voici le rapport de Vundo


    VundoFix V6.5.1

    Checking Java version...

    Java version is 1.5.0.8
    Old versions of java are exploitable and should be removed.

    Scan started at 18:00:20 22/06/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\stutv.bak1
    C:\WINDOWS\system32\stutv.ini
    C:\WINDOWS\system32\vtuts.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\stutv.bak1
    C:\WINDOWS\system32\stutv.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\stutv.ini
    C:\WINDOWS\system32\stutv.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtuts.dll
    C:\WINDOWS\system32\vtuts.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    et celui de Hijackthis


    Logfile of HijackThis v1.99.1
    Scan saved at 18:16:15, on 22/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\msnmgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Eric\doc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live Toolbar\msn_sl.exe
    C:\DOCUME~1\Eric\LOCALS~1\Temp\Répertoire temporaire 3 pour hijackthis[1].zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 142.34.1.4:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {82ECF54F-39A0-423D-AECE-7BA2066263B2} - C:\WINDOWS\system32\vtuts.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\iifggde.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: iifggde - C:\WINDOWS\SYSTEM32\iifggde.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe


    les nouvelles sont bonnes ? LOL

    Re,

    Télécharge Combofix
    Sauvegarde-le sur ton Bureau et pas ailleurs !

    Clique sur le menu Démarrer puis Executer, copie/colle ceci :
    "%userprofile%\Bureau\combofix.exe" /v iifggde
    Clique sur [OK]. Suis les invites.

    Attends que Combofix ait terminé, un rapport sera créé. Poste le rapport.

    voici le rapport de Combofixier

    et g executer combofix mais il n y a pas de ficher speciale combofix sur mon bureau
    ComboFix 07-06-21.3
    "Eric" - 2007-06-22 18:33:08 - Service Pack 2 NTFS


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\ssqrr.dll
    C:\WINDOWS\system32\rrqss.bak1
    C:\WINDOWS\system32\rrqss.ini


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\Eric\Bureau\internet.lnk
    C:\Documents and Settings\All Users.\documents\setup.exe
    C:\WINDOWS\system32\nvs2.inf
    C:\WINDOWS\system32\xrmpscr.dat
    C:\WINDOWS\system32\xrmpscr.exe
    C:\WINDOWS\system32\xrmpscr_nav.dat
    C:\WINDOWS\system32\xrmpscr_navps.dat


    ((((((((((((((((((((((((( Files Created from 2007-05-22 to 2007-06-22 )))))))))))))))))))))))))))))))


    2007-06-22 18:42 31,254 --a------ C:\WINDOWS\system32\mljighi.dll
    2007-06-22 18:37 31,254 --a------ C:\WINDOWS\system32\ljjjhef.dll
    2007-06-22 18:32 31,254 --a------ C:\WINDOWS\system32\pmnmlif.dll
    2007-06-22 18:27 31,254 --a------ C:\WINDOWS\system32\vtuttqr.dll
    2007-06-22 18:23 49,152 --a------ C:\WINDOWS\nircmd.exe
    2007-06-22 18:22 31,254 --a------ C:\WINDOWS\system32\byxvuuu.dll
    2007-06-22 18:17 31,254 --a------ C:\WINDOWS\system32\tuvursq.dll
    2007-06-22 18:12 31,254 --a------ C:\WINDOWS\system32\fccyyyv.dll
    2007-06-22 18:07 31,254 --a------ C:\WINDOWS\system32\tuvtqrp.dll
    2007-06-22 18:00 <REP> d-------- C:\VundoFix Backups
    2007-06-22 17:24 31,254 --a------ C:\WINDOWS\system32\opnkhfd.dll
    2007-06-22 17:19 31,254 --a------ C:\WINDOWS\system32\ljjjkii.dll
    2007-06-22 17:14 31,254 --a------ C:\WINDOWS\system32\tuvwtqq.dll
    2007-06-22 17:09 31,254 --a------ C:\WINDOWS\system32\tuvvvss.dll
    2007-06-22 17:04 31,254 --a------ C:\WINDOWS\system32\nnnllii.dll
    2007-06-22 16:59 31,254 --a------ C:\WINDOWS\system32\gebywus.dll
    2007-06-22 16:54 31,254 --a------ C:\WINDOWS\system32\yayaawu.dll
    2007-06-22 16:49 31,254 --a------ C:\WINDOWS\system32\qomjjjj.dll
    2007-06-22 16:44 31,254 --a------ C:\WINDOWS\system32\vtuuspq.dll
    2007-06-22 16:39 31,254 --a------ C:\WINDOWS\system32\xxyaxxy.dll
    2007-06-22 16:34 31,254 --a------ C:\WINDOWS\system32\ssqqpmn.dll
    2007-06-22 16:29 31,254 --a------ C:\WINDOWS\system32\fccaawt.dll
    2007-06-22 16:19 31,254 --a------ C:\WINDOWS\system32\gebyxwx.dll
    2007-06-22 13:40 31,254 --a------ C:\WINDOWS\system32\hggffgd.dll
    2007-06-22 13:35 31,254 --a------ C:\WINDOWS\system32\urqpnmk.dll
    2007-06-22 13:33 31,254 --a------ C:\WINDOWS\system32\tuvttus.dll
    2007-06-22 13:33 31,254 --a------ C:\WINDOWS\system32\fccdcay.dll
    2007-06-22 13:30 31,254 --a------ C:\WINDOWS\system32\opnliff.dll
    2007-06-22 13:28 31,254 --a------ C:\WINDOWS\system32\vtuvwxv.dll
    2007-06-22 13:28 31,254 --a------ C:\WINDOWS\system32\qomnmki.dll
    2007-06-22 13:25 31,254 --a------ C:\WINDOWS\system32\ddcbaaa.dll
    2007-06-22 13:23 31,254 --a------ C:\WINDOWS\system32\rqrrrrs.dll
    2007-06-22 13:23 31,254 --a------ C:\WINDOWS\system32\khfcabx.dll
    2007-06-22 13:20 31,254 --a------ C:\WINDOWS\system32\vtuvttu.dll
    2007-06-22 13:18 31,254 --a------ C:\WINDOWS\system32\gebyywv.dll
    2007-06-22 13:18 31,254 --a------ C:\WINDOWS\system32\ddccaxw.dll
    2007-06-22 13:15 31,254 --a------ C:\WINDOWS\system32\jkkjhgg.dll
    2007-06-22 13:13 31,254 --a------ C:\WINDOWS\system32\vtuvwur.dll
    2007-06-22 13:13 31,254 --a------ C:\WINDOWS\system32\iiffdab.dll
    2007-06-22 13:10 31,254 --a------ C:\WINDOWS\system32\ssqqqpm.dll
    2007-06-22 13:08 31,254 --a------ C:\WINDOWS\system32\qomkjjj.dll
    2007-06-22 13:08 31,254 --a------ C:\WINDOWS\system32\opnmljk.dll
    2007-06-22 13:05 31,254 --a------ C:\WINDOWS\system32\opnlkjj.dll
    2007-06-22 13:03 31,254 --a------ C:\WINDOWS\system32\ssqonon.dll
    2007-06-22 13:03 31,254 --a------ C:\WINDOWS\system32\pmnolkj.dll
    2007-06-22 13:00 31,254 --a------ C:\WINDOWS\system32\fccyawx.dll
    2007-06-22 12:58 31,254 --a------ C:\WINDOWS\system32\pmnmlkl.dll
    2007-06-22 12:58 31,254 --a------ C:\WINDOWS\system32\gebbxxw.dll
    2007-06-22 12:55 31,254 --a------ C:\WINDOWS\system32\awtusrq.dll
    2007-06-22 12:53 31,254 --a------ C:\WINDOWS\system32\xxyxwwx.dll
    2007-06-22 12:53 31,254 --a------ C:\WINDOWS\system32\cbxwtrs.dll
    2007-06-22 12:50 31,254 --a------ C:\WINDOWS\system32\vtusqnm.dll
    2007-06-22 12:48 31,254 --a------ C:\WINDOWS\system32\urqnonm.dll
    2007-06-22 12:48 31,254 --a------ C:\WINDOWS\system32\ddcdaax.dll
    2007-06-22 12:45 31,254 --a------ C:\WINDOWS\system32\gebabbx.dll
    2007-06-22 12:43 31,254 --a------ C:\WINDOWS\system32\opnmmnl.dll
    2007-06-22 12:43 31,254 --a------ C:\WINDOWS\system32\khfgede.dll
    2007-06-22 12:38 71,906 --a------ C:\DOCUME~1\Eric\mon.exe
    2007-06-22 12:38 31,254 --a------ C:\WINDOWS\system32\yaywtus.dll
    2007-06-22 12:38 31,254 --a------ C:\WINDOWS\system32\jkkhggf.dll
    2007-06-22 12:37 240,578 --a------ C:\DOCUME~1\Eric\doc.exe
    2007-06-21 19:09 31,254 --a------ C:\WINDOWS\system32\rqronll.dll
    2007-06-21 19:08 31,254 --a------ C:\WINDOWS\system32\efcbaww.dll
    2007-06-21 19:08 31,254 --a------ C:\WINDOWS\system32\cbxxurp.dll
    2007-06-21 19:06 31,254 --a------ C:\WINDOWS\system32\tuvwxyy.dll
    2007-06-21 19:04 31,254 --a------ C:\WINDOWS\system32\hgggfef.dll
    2007-06-21 19:03 31,254 --a------ C:\WINDOWS\system32\efcyyaw.dll
    2007-06-21 19:01 31,254 --a------ C:\WINDOWS\system32\nnnnmmn.dll
    2007-06-21 18:59 31,254 --a------ C:\WINDOWS\system32\wvuvwur.dll
    2007-06-21 18:56 71,906 --a------ C:\WINDOWS\system32\mon.exe
    2007-06-21 18:56 31,254 --a------ C:\WINDOWS\system32\efcbcbc.dll
    2007-06-21 18:56 240,578 --a------ C:\WINDOWS\system32\doc.exe
    2007-06-21 18:54 31,254 --a------ C:\WINDOWS\system32\ssqrqqn.dll
    2007-06-21 18:46 31,254 --a------ C:\WINDOWS\system32\iifggde.dll
    2007-06-10 19:59 <REP> d-------- C:\Program Files\Windows Live
    2007-05-28 20:08 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2007-05-27 21:20 126 --a------ C:\WINDOWS\system32\netwbix32.dll


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-22 16:58:32 31,254 ----a-w C:\WINDOWS\system32\awtqopn.dll
    2007-06-21 16:46:26 -------- d-----w C:\Program Files\MSN Messenger
    2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-04-29 19:11:44 -------- d-----w C:\DOCUME~1\Eric\APPLIC~1\Screenshot Sender
    2007-04-29 19:01:50 57,686 ----a-w C:\WINDOWS\system32\ntaaqrqhe.exe
    2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-03-26 18:11:07 64,052 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2007-03-26 18:11:07 445,672 ----a-w C:\WINDOWS\system32\perfh00C.dat


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 14:17]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll [2006-07-26 04:17]
    {82ECF54F-39A0-423D-AECE-7BA2066263B2}=C:\WINDOWS\system32\vtuts.dll []
    {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 21:33]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-20 00:56]
    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 18:45]
    {DC192567-65F9-4AB6-ADB7-E13575F81726}=C:\WINDOWS\system32\iifggde.dll [2007-06-21 18:46]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 19:44]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 19:43]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 18:07 C:\WINDOWS\system32\HdAShCut.exe]
    "nwiz"="nwiz.exe" [2005-05-18 23:02 C:\WINDOWS\system32\nwiz.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-05-04 18:28 C:\WINDOWS\RTHDCPL.EXE]
    "Alcmtr"="ALCMTR.EXE" [2005-05-03 19:43 C:\WINDOWS\Alcmtr.exe]
    "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-26 11:08]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00]
    "Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2007-02-08 13:19]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-06-21 18:45]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{DC192567-65F9-4AB6-ADB7-E13575F81726}"="C:\WINDOWS\system32\iifggde.dll" [2007-06-21 18:46]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifggde]
    iifggde.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Eric^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
    path=C:\Documents and Settings\Eric\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Eric^Menu Démarrer^Programmes^Démarrage^Y'z ToolBar.lnk]
    path=C:\Documents and Settings\Eric\Menu Démarrer\Programmes\Démarrage\Y'z ToolBar.lnk
    backup=C:\WINDOWS\pss\Y'z ToolBar.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
    "C:\Program Files\Pando Networks\Pando\Pando.exe" /Automation

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    "c:\Apps\Powercinema\PCMService.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d307133-c4ae-11da-b09f-00038a000015}]
    AutoRun\command- E:\setupSNK.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3fb4a7c-0eaa-11dc-b227-00038a000015}]
    Auto\command- E:\AdobeR.exe e
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e


    Contents of the 'Scheduled Tasks' folder
    2006-03-30 13:50:41 C:\WINDOWS\tasks\Rappel d'enregistrement 1.job
    2006-03-30 13:50:41 C:\WINDOWS\tasks\Rappel d'enregistrement 2.job
    2006-03-30 13:50:42 C:\WINDOWS\tasks\Rappel d'enregistrement 3.job
    2007-06-22 16:14:03 C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job

    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-22 18:55:26
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    C:\WINDOWS\system32\awtqopn.dll

    scan completed successfully
    hidden files: 1

    **************************************************************************

    Completion time: 2007-06-22 19:03:09 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-06-22 19:03

    --- E O F ---

    voici enfin mon ordi qui marche
    en tout cas suffisament pour faire parvenir le rapport de hijackthis

    Logfile of HijackThis v1.99.1
    Scan saved at 21:08:19, on 22/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\Explorer.EXE
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Eric\doc.exe
    C:\Program Files\MSN Messenger\msnmgr.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\DOCUME~1\Eric\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis[1].zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 142.34.1.4:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    Logfile of HijackThis v1.99.1
    Scan saved at 21:36:39, on 22/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\Explorer.EXE
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\msnmgr.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Eric\doc.exe
    C:\Documents and Settings\Eric\Bureau\Scanner\Scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 142.34.1.4:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {82ECF54F-39A0-423D-AECE-7BA2066263B2} - C:\WINDOWS\system32\vtuts.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\iifggde.dll
    O2 - BHO: (no name) - {E3918F20-38C6-4663-8FF2-14D7687D59F3} - C:\WINDOWS\system32\awvts.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: awvts - C:\WINDOWS\system32\awvts.dll
    O20 - Winlogon Notify: iifggde - C:\WINDOWS\SYSTEM32\iifggde.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    Re,

    1/ Télécharge The Avenger (par Swandog46) sur ton Bureau.
    Dézippe-le ensuite sur ton Bureau.

    2/ Copie tout le texte en rouge[/#f] ci-dessous :

    Citation :
    [#ff1c00]Registry keys to delete:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82ECF54F-39A0-423D-AECE-7BA2066263B2}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC192567-65F9-4AB6-ADB7-E13575F81726}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3918F20-38C6-4663-8FF2-14D7687D59F3}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awvts
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifggde

    Files to delete:
    C:\WINDOWS\System32\awvts.dll
    C:\WINDOWS\System32\stvwa.bak
    C:\WINDOWS\System32\stvwa.bak1
    C:\WINDOWS\System32\stvwa.bak2
    C:\WINDOWS\System32\stvwa.ini
    C:\WINDOWS\System32\stvwa.ini1
    C:\WINDOWS\System32\stvwa.ini2
    C:\WINDOWS\System32\stvwa.tmp
    C:\WINDOWS\System32\iifggde.dll
    C:\WINDOWS\System32\edggfii.bak
    C:\WINDOWS\System32\edggfii.bak1
    C:\WINDOWS\System32\edggfii.bak2
    C:\WINDOWS\System32\edggfii.ini
    C:\WINDOWS\System32\edggfii.ini1
    C:\WINDOWS\System32\edggfii.ini2
    C:\WINDOWS\System32\edggfii.tmp
    C:\WINDOWS\system32\mljighi.dll
    C:\WINDOWS\system32\ljjjhef.dll
    C:\WINDOWS\system32\pmnmlif.dll
    C:\WINDOWS\system32\vtuttqr.dll
    C:\WINDOWS\system32\byxvuuu.dll
    C:\WINDOWS\system32\tuvursq.dll
    C:\WINDOWS\system32\fccyyyv.dll
    C:\WINDOWS\system32\tuvtqrp.dll
    C:\WINDOWS\system32\opnkhfd.dll
    C:\WINDOWS\system32\ljjjkii.dll
    C:\WINDOWS\system32\tuvwtqq.dll
    C:\WINDOWS\system32\tuvvvss.dll
    C:\WINDOWS\system32\nnnllii.dll
    C:\WINDOWS\system32\gebywus.dll
    C:\WINDOWS\system32\yayaawu.dll
    C:\WINDOWS\system32\qomjjjj.dll
    C:\WINDOWS\system32\vtuuspq.dll
    C:\WINDOWS\system32\xxyaxxy.dll
    C:\WINDOWS\system32\ssqqpmn.dll
    C:\WINDOWS\system32\fccaawt.dll
    C:\WINDOWS\system32\gebyxwx.dll
    C:\WINDOWS\system32\hggffgd.dll
    C:\WINDOWS\system32\urqpnmk.dll
    C:\WINDOWS\system32\tuvttus.dll
    C:\WINDOWS\system32\fccdcay.dll
    C:\WINDOWS\system32\opnliff.dll
    C:\WINDOWS\system32\vtuvwxv.dll
    C:\WINDOWS\system32\qomnmki.dll
    C:\WINDOWS\system32\ddcbaaa.dll
    C:\WINDOWS\system32\rqrrrrs.dll
    C:\WINDOWS\system32\khfcabx.dll
    C:\WINDOWS\system32\vtuvttu.dll
    C:\WINDOWS\system32\gebyywv.dll
    C:\WINDOWS\system32\ddccaxw.dll
    C:\WINDOWS\system32\jkkjhgg.dll
    C:\WINDOWS\system32\vtuvwur.dll
    C:\WINDOWS\system32\iiffdab.dll
    C:\WINDOWS\system32\ssqqqpm.dll
    C:\WINDOWS\system32\qomkjjj.dll
    C:\WINDOWS\system32\opnmljk.dll
    C:\WINDOWS\system32\opnlkjj.dll
    C:\WINDOWS\system32\ssqonon.dll
    C:\WINDOWS\system32\pmnolkj.dll
    C:\WINDOWS\system32\fccyawx.dll
    C:\WINDOWS\system32\pmnmlkl.dll
    C:\WINDOWS\system32\gebbxxw.dll
    C:\WINDOWS\system32\awtusrq.dll
    C:\WINDOWS\system32\xxyxwwx.dll
    C:\WINDOWS\system32\cbxwtrs.dll
    C:\WINDOWS\system32\vtusqnm.dll
    C:\WINDOWS\system32\urqnonm.dll
    C:\WINDOWS\system32\ddcdaax.dll
    C:\WINDOWS\system32\gebabbx.dll
    C:\WINDOWS\system32\opnmmnl.dll
    C:\WINDOWS\system32\khfgede.dll
    C:\Documents and Settings\Eric\mon.exe
    C:\WINDOWS\system32\yaywtus.dll
    C:\WINDOWS\system32\jkkhggf.dll
    C:\Documents and Settings\Eric\doc.exe
    C:\WINDOWS\system32\rqronll.dll
    C:\WINDOWS\system32\efcbaww.dll
    C:\WINDOWS\system32\cbxxurp.dll
    C:\WINDOWS\system32\tuvwxyy.dll
    C:\WINDOWS\system32\hgggfef.dll
    C:\WINDOWS\system32\efcyyaw.dll
    C:\WINDOWS\system32\nnnnmmn.dll
    C:\WINDOWS\system32\wvuvwur.dll
    C:\WINDOWS\system32\mon.exe
    C:\WINDOWS\system32\efcbcbc.dll
    C:\WINDOWS\system32\doc.exe
    C:\WINDOWS\system32\ssqrqqn.dll
    C:\WINDOWS\system32\iifggde.dll


    ---> Clique-droit puis Copier

    Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
    si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.

    3/ Maintenant, lance The Avenger en cliquant sur l'icône présente sur le Bureau.
    Sous "Script file to execute" choisis "Input Script Manually".
    Puis clique sur l'icône en forme de loupe qui va ouvrir une nouvelle fenêtre "View/edit script"
    Dans cette fenêtre, colle le texte précedemment copié sur le bureau.
    Clique sur "Done"
    Ensuite clique sur l'icône en forme de Feu Vert pour démarrer l'exécution du script.
    Réponds par "Yes" deux fois quand cela te sera demandé.

    4/ The Avenger va automatiquement faire ce qui suit :
    Il va redémarrer le système. ( Dans les cas où le script contient un/des "Drivers to Unload", The Avenger redémarrera votre système 2 fois)
    Pendant le redémarrage, il apparaitra brièvement une fenêtre de commande de Windows noire sur votre bureau, ceci est NORMAL.
    Après le redémarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
    The Avenger aura également sauvegardé tous les fichiers, etc., que vous lui avez demandé de supprimer, les aura compactés (zipped) et tranféré l'archive zip ici : C:\avenger\backup.zip.

    5/ Pour finir copie/colle le contenu du ficher c:\avenger.txt dans votre réponse avec un nouveau rapport HijackThis.

    Voici le rapport de avenger

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\taxkarvr

    *******************

    Script file located at: \??\C:\Program Files\hcshkres.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    File C:\WINDOWS\System32\awvts.dll deleted successfully.


    File C:\WINDOWS\System32\stvwa.bak not found!
    Deletion of file C:\WINDOWS\System32\stvwa.bak failed!

    Could not process line:
    C:\WINDOWS\System32\stvwa.bak
    Status: 0xc0000034

    File C:\WINDOWS\System32\stvwa.bak1 deleted successfully.


    File C:\WINDOWS\System32\stvwa.bak2 not found!
    Deletion of file C:\WINDOWS\System32\stvwa.bak2 failed!

    Could not process line:
    C:\WINDOWS\System32\stvwa.bak2
    Status: 0xc0000034

    File C:\WINDOWS\System32\stvwa.ini deleted successfully.


    File C:\WINDOWS\System32\stvwa.ini1 not found!
    Deletion of file C:\WINDOWS\System32\stvwa.ini1 failed!

    Could not process line:
    C:\WINDOWS\System32\stvwa.ini1
    Status: 0xc0000034



    File C:\WINDOWS\System32\stvwa.ini2 not found!
    Deletion of file C:\WINDOWS\System32\stvwa.ini2 failed!

    Could not process line:
    C:\WINDOWS\System32\stvwa.ini2
    Status: 0xc0000034



    File C:\WINDOWS\System32\stvwa.tmp not found!
    Deletion of file C:\WINDOWS\System32\stvwa.tmp failed!

    Could not process line:
    C:\WINDOWS\System32\stvwa.tmp
    Status: 0xc0000034

    File C:\WINDOWS\System32\iifggde.dll deleted successfully.


    File C:\WINDOWS\System32\edggfii.bak not found!
    Deletion of file C:\WINDOWS\System32\edggfii.bak failed!

    Could not process line:
    C:\WINDOWS\System32\edggfii.bak
    Status: 0xc0000034



    File C:\WINDOWS\System32\edggfii.bak1 not found!
    Deletion of file C:\WINDOWS\System32\edggfii.bak1 failed!

    Could not process line:
    C:\WINDOWS\System32\edggfii.bak1
    Status: 0xc0000034



    File C:\WINDOWS\System32\edggfii.bak2 not found!
    Deletion of file C:\WINDOWS\System32\edggfii.bak2 failed!

    Could not process line:
    C:\WINDOWS\System32\edggfii.bak2
    Status: 0xc0000034



    File C:\WINDOWS\System32\edggfii.ini not found!
    Deletion of file C:\WINDOWS\System32\edggfii.ini failed!

    Could not process line:
    C:\WINDOWS\System32\edggfii.ini
    Status: 0xc0000034



    File C:\WINDOWS\System32\edggfii.ini1 not found!
    Deletion of file C:\WINDOWS\System32\edggfii.ini1 failed!

    Could not process line:
    C:\WINDOWS\System32\edggfii.ini1
    Status: 0xc0000034



    File C:\WINDOWS\System32\edggfii.ini2 not found!
    Deletion of file C:\WINDOWS\System32\edggfii.ini2 failed!

    Could not process line:
    C:\WINDOWS\System32\edggfii.ini2
    Status: 0xc0000034



    File C:\WINDOWS\System32\edggfii.tmp not found!
    Deletion of file C:\WINDOWS\System32\edggfii.tmp failed!

    Could not process line:
    C:\WINDOWS\System32\edggfii.tmp
    Status: 0xc0000034

    File C:\WINDOWS\system32\mljighi.dll deleted successfully.
    File C:\WINDOWS\system32\ljjjhef.dll deleted successfully.
    File C:\WINDOWS\system32\pmnmlif.dll deleted successfully.
    File C:\WINDOWS\system32\vtuttqr.dll deleted successfully.
    File C:\WINDOWS\system32\byxvuuu.dll deleted successfully.
    File C:\WINDOWS\system32\tuvursq.dll deleted successfully.
    File C:\WINDOWS\system32\fccyyyv.dll deleted successfully.
    File C:\WINDOWS\system32\tuvtqrp.dll deleted successfully.
    File C:\WINDOWS\system32\opnkhfd.dll deleted successfully.
    File C:\WINDOWS\system32\ljjjkii.dll deleted successfully.
    File C:\WINDOWS\system32\tuvwtqq.dll deleted successfully.
    File C:\WINDOWS\system32\tuvvvss.dll deleted successfully.
    File C:\WINDOWS\system32\nnnllii.dll deleted successfully.
    File C:\WINDOWS\system32\gebywus.dll deleted successfully.
    File C:\WINDOWS\system32\yayaawu.dll deleted successfully.
    File C:\WINDOWS\system32\qomjjjj.dll deleted successfully.
    File C:\WINDOWS\system32\vtuuspq.dll deleted successfully.
    File C:\WINDOWS\system32\xxyaxxy.dll deleted successfully.
    File C:\WINDOWS\system32\ssqqpmn.dll deleted successfully.
    File C:\WINDOWS\system32\fccaawt.dll deleted successfully.
    File C:\WINDOWS\system32\gebyxwx.dll deleted successfully.
    File C:\WINDOWS\system32\hggffgd.dll deleted successfully.
    File C:\WINDOWS\system32\urqpnmk.dll deleted successfully.
    File C:\WINDOWS\system32\tuvttus.dll deleted successfully.
    File C:\WINDOWS\system32\fccdcay.dll deleted successfully.
    File C:\WINDOWS\system32\opnliff.dll deleted successfully.
    File C:\WINDOWS\system32\vtuvwxv.dll deleted successfully.
    File C:\WINDOWS\system32\qomnmki.dll deleted successfully.
    File C:\WINDOWS\system32\ddcbaaa.dll deleted successfully.
    File C:\WINDOWS\system32\rqrrrrs.dll deleted successfully.
    File C:\WINDOWS\system32\khfcabx.dll deleted successfully.
    File C:\WINDOWS\system32\vtuvttu.dll deleted successfully.
    File C:\WINDOWS\system32\gebyywv.dll deleted successfully.
    File C:\WINDOWS\system32\ddccaxw.dll deleted successfully.
    File C:\WINDOWS\system32\jkkjhgg.dll deleted successfully.
    File C:\WINDOWS\system32\vtuvwur.dll deleted successfully.
    File C:\WINDOWS\system32\iiffdab.dll deleted successfully.
    File C:\WINDOWS\system32\ssqqqpm.dll deleted successfully.
    File C:\WINDOWS\system32\qomkjjj.dll deleted successfully.
    File C:\WINDOWS\system32\opnmljk.dll deleted successfully.
    File C:\WINDOWS\system32\opnlkjj.dll deleted successfully.
    File C:\WINDOWS\system32\ssqonon.dll deleted successfully.
    File C:\WINDOWS\system32\pmnolkj.dll deleted successfully.
    File C:\WINDOWS\system32\fccyawx.dll deleted successfully.
    File C:\WINDOWS\system32\pmnmlkl.dll deleted successfully.
    File C:\WINDOWS\system32\gebbxxw.dll deleted successfully.
    File C:\WINDOWS\system32\awtusrq.dll deleted successfully.
    File C:\WINDOWS\system32\xxyxwwx.dll deleted successfully.
    File C:\WINDOWS\system32\cbxwtrs.dll deleted successfully.
    File C:\WINDOWS\system32\vtusqnm.dll deleted successfully.
    File C:\WINDOWS\system32\urqnonm.dll deleted successfully.
    File C:\WINDOWS\system32\ddcdaax.dll deleted successfully.
    File C:\WINDOWS\system32\gebabbx.dll deleted successfully.
    File C:\WINDOWS\system32\opnmmnl.dll deleted successfully.
    File C:\WINDOWS\system32\khfgede.dll deleted successfully.
    File C:\Documents and Settings\Eric\mon.exe deleted successfully.
    File C:\WINDOWS\system32\yaywtus.dll deleted successfully.
    File C:\WINDOWS\system32\jkkhggf.dll deleted successfully.
    File C:\Documents and Settings\Eric\doc.exe deleted successfully.
    File C:\WINDOWS\system32\rqronll.dll deleted successfully.
    File C:\WINDOWS\system32\efcbaww.dll deleted successfully.
    File C:\WINDOWS\system32\cbxxurp.dll deleted successfully.
    File C:\WINDOWS\system32\tuvwxyy.dll deleted successfully.
    File C:\WINDOWS\system32\hgggfef.dll deleted successfully.
    File C:\WINDOWS\system32\efcyyaw.dll deleted successfully.
    File C:\WINDOWS\system32\nnnnmmn.dll deleted successfully.
    File C:\WINDOWS\system32\wvuvwur.dll deleted successfully.
    File C:\WINDOWS\system32\mon.exe deleted successfully.
    File C:\WINDOWS\system32\efcbcbc.dll deleted successfully.
    File C:\WINDOWS\system32\doc.exe deleted successfully.
    File C:\WINDOWS\system32\ssqrqqn.dll deleted successfully.


    File C:\WINDOWS\system32\iifggde.dll not found!
    Deletion of file C:\WINDOWS\system32\iifggde.dll failed!

    Could not process line:
    C:\WINDOWS\system32\iifggde.dll
    Status: 0xc0000034

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82ECF54F-39A0-423D-AECE-7BA2066263B2} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC192567-65F9-4AB6-ADB7-E13575F81726} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3918F20-38C6-4663-8FF2-14D7687D59F3} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awvts deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifggde deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.



    et voici

    celui de hijackthis


    Logfile of HijackThis v1.99.1
    Scan saved at 22:27:51, on 22/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\MSN Messenger\msnmgr.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Windows Live Toolbar\msn_sl.exe
    C:\Documents and Settings\Eric\doc.exe
    C:\DOCUME~1\Eric\LOCALS~1\Temp\Répertoire temporaire 1 pour Scanner.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 142.34.1.4:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: qommjge - C:\WINDOWS\SYSTEM32\qommjge.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 14:17]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll [2006-07-26 04:17]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 21:33]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-20 00:56]
    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 18:45]
    {DC192567-65F9-4AB6-ADB7-E13575F81726}=C:\WINDOWS\system32\qommjge.dll [2007-06-22 22:22]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 19:44]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 19:43]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 18:07 C:\WINDOWS\system32\HdAShCut.exe]
    "nwiz"="nwiz.exe" [2005-05-18 23:02 C:\WINDOWS\system32\nwiz.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-05-04 18:28 C:\WINDOWS\RTHDCPL.EXE]
    "Alcmtr"="ALCMTR.EXE" [2005-05-03 19:43 C:\WINDOWS\Alcmtr.exe]
    "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-26 11:08]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00]
    "Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2007-02-08 13:19]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-06-21 18:45]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{DC192567-65F9-4AB6-ADB7-E13575F81726}"="C:\WINDOWS\system32\qommjge.dll" [2007-06-22 22:22]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qommjge]
    qommjge.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Eric^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
    path=C:\Documents and Settings\Eric\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Eric^Menu Démarrer^Programmes^Démarrage^Y'z ToolBar.lnk]
    path=C:\Documents and Settings\Eric\Menu Démarrer\Programmes\Démarrage\Y'z ToolBar.lnk
    backup=C:\WINDOWS\pss\Y'z ToolBar.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
    "C:\Program Files\Pando Networks\Pando\Pando.exe" /Automation

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    "c:\Apps\Powercinema\PCMService.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d307133-c4ae-11da-b09f-00038a000015}]
    AutoRun\command- E:\setupSNK.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3fb4a7c-0eaa-11dc-b227-00038a000015}]
    Auto\command- E:\AdobeR.exe e
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e


    Contents of the 'Scheduled Tasks' folder
    2006-03-30 13:50:41 C:\WINDOWS\tasks\Rappel d'enregistrement 1.job
    2006-03-30 13:50:41 C:\WINDOWS\tasks\Rappel d'enregistrement 2.job
    2006-03-30 13:50:42 C:\WINDOWS\tasks\Rappel d'enregistrement 3.job
    2007-06-22 21:14:19 C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job

    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-22 23:10:46
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-06-22 23:14:50
    C:\ComboFix-quarantined-files.txt ... 2007-06-22 23:14
    C:\ComboFix2.txt ... 2007-06-22 19:03

    --- E O F ---

    je pense que autan toi que moi on en peut plus
    donc je vais me coucher
    je reviendrai demain dans l apres midi merci pour ton accueil sur le blog et pou m avoir expliquer les regle d'info du net
    a demain si tu est la sinon a bientot
    et encors merci pour ta patience et ton aide toute cette apres midi
    Lassé par la pub ? Créez un compte

    Créer un nouveau sujet

    Tom's guide dans le monde