Gros ralententissement + fenêtre intempestive

bonjour tout le monde ! Depuis prés de trois jours, je suis harceler d efenêtre intempestive me disant que mon PC court de graves dangers etc... et d'autres pub en tout genre !

Je posséde Windows XP professional pack 2 et j'utilise Internet explorer.

Depuis peu mon ordinateurs est trés fortement ralenti. Je vous en suppli aidez moi !

Merci de ton aide !! Voici ce que Hijackthis me dit dans le rapport :


Logfile of HijackThis v1.99.1
Scan saved at 17:56:50, on 26/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\PROGRA~1\SECURI~1\174112\Program\BACKWE~1.EXE
C:\Program Files\F-Secure\fswsclds.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\sstray.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Florence\Bureau\KillBox.exe
C:\Documents and Settings\Florence\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {066A2CDC-319E-4460-BA45-C24562CD51AA} - C:\WINDOWS\system32\fcccyxv.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CED9E23-0CEF-4553-A347-78FA25CAAE0B} - C:\WINDOWS\system32\awtqn.dll
O2 - BHO: (no name) - {18C167C2-B0AE-4155-A4FE-52EB17DDAD35} - C:\WINDOWS\system32\pmkhe.dll (file missing)
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\tmp58E.tmp.dll
O2 - BHO: (no name) - {404edc1a-0ad2-45ff-b5c4-5daafadf5c48} - C:\WINDOWS\system32\editib1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {EC746A54-D715-487D-997D-1B1AA3E896B0} - C:\WINDOWS\system32\awvtq.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [wjlathqqa] c:\windows\system32\wjlathqqa.exe wjlathqqa
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [winehq.org] rundll32.exe "C:\WINDOWS\opooll.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/p [...] nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/We [...] 536C585C9}
O17 - HKLM\System\CCS\Services\Tcpip\..\{933D6120-03DB-416C-8BFF-3A53BCCC5890}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\jkkjiji.dll
O20 - Winlogon Notify: awtqn - C:\WINDOWS\system32\awtqn.dll
O20 - Winlogon Notify: editib1 - C:\WINDOWS\SYSTEM32\editib1.dll
O20 - Winlogon Notify: fcccyxv - C:\WINDOWS\SYSTEM32\fcccyxv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Securitoo AntiVirus (BackWeb Client - 174112) - Unknown owner - C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE
O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\Johann\Application Data\tmp5D6.tmp.exe (file missing)
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure\fswsclds.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

Je colle les chemins d'accés qu'il me dit Vundo ?

Re ! désolé de la réponse complétement idioté que j'ai marqué


Voila rapoort de Vundo:

VundoFix V6.5.1

Checking Java version...

Scan started at 15:23:41 26/06/2007

Listing files found while scanning....

C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\qtvwa.bak1
C:\WINDOWS\system32\qtvwa.bak2
C:\WINDOWS\system32\qtvwa.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\awvtq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qtvwa.bak1
C:\WINDOWS\system32\qtvwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qtvwa.bak2
C:\WINDOWS\system32\qtvwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qtvwa.ini
C:\WINDOWS\system32\qtvwa.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.1

Checking Java version...

Scan started at 15:57:06 26/06/2007

Listing files found while scanning....

C:\WINDOWS\system32\ehkmp.bak1
C:\WINDOWS\system32\ehkmp.ini
C:\WINDOWS\system32\pmkhe.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ehkmp.bak1
C:\WINDOWS\system32\ehkmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ehkmp.ini
C:\WINDOWS\system32\ehkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkhe.dll
C:\WINDOWS\system32\pmkhe.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.1

Checking Java version...

Scan started at 18:06:13 26/06/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\nqtwa.bak1
C:\WINDOWS\system32\nqtwa.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\awtqn.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\nqtwa.bak1
C:\WINDOWS\system32\nqtwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\nqtwa.ini
C:\WINDOWS\system32\nqtwa.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\awtqn.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.1

Checking Java version...

Scan started at 18:16:13 26/06/2007

Listing files found while scanning....

Et le rapport de Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 18:19:05, on 26/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\fswsclds.exe
C:\PROGRA~1\SECURI~1\174112\Program\BACKWE~1.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\F-Secure\Common\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\sstray.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Florence\Bureau\VundoFix.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Florence\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {066A2CDC-319E-4460-BA45-C24562CD51AA} - C:\WINDOWS\system32\fcccyxv.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CED9E23-0CEF-4553-A347-78FA25CAAE0B} - C:\WINDOWS\system32\awtqn.dll (file missing)
O2 - BHO: (no name) - {18C167C2-B0AE-4155-A4FE-52EB17DDAD35} - C:\WINDOWS\system32\pmkhe.dll (file missing)
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\tmp58E.tmp.dll
O2 - BHO: (no name) - {404edc1a-0ad2-45ff-b5c4-5daafadf5c48} - C:\WINDOWS\system32\editib1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {EC746A54-D715-487D-997D-1B1AA3E896B0} - C:\WINDOWS\system32\awvtq.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [wjlathqqa] c:\windows\system32\wjlathqqa.exe wjlathqqa
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [winehq.org] rundll32.exe "C:\WINDOWS\opooll.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/p [...] nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/We [...] 536C585C9}
O17 - HKLM\System\CCS\Services\Tcpip\..\{933D6120-03DB-416C-8BFF-3A53BCCC5890}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\jkkjiji.dll
O20 - Winlogon Notify: editib1 - C:\WINDOWS\SYSTEM32\editib1.dll
O20 - Winlogon Notify: fcccyxv - C:\WINDOWS\SYSTEM32\fcccyxv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Securitoo AntiVirus (BackWeb Client - 174112) - Unknown owner - C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE
O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\Johann\Application Data\tmp5D6.tmp.exe (file missing)
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure\fswsclds.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

En éspérant que je pourrais évite la catastrophe.

Re!

Voila le rapport de combofix:


"Florence" - 2007-06-26 18:23:16 - ComboFix 07-06-26.8 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\jkkjiji.dll
C:\WINDOWS\system32\ssqrp.dll
C:\WINDOWS\system32\vtusttr.dll
C:\WINDOWS\system32\prqss.bak1
C:\WINDOWS\system32\prqss.ini
C:\WINDOWS\system32\fcccyxv.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Florence\APPLIC~1\tmp568.tmp.exe
C:\DOCUME~1\Florence\APPLIC~1\tmp56A.tmp.exe
C:\DOCUME~1\Florence\APPLIC~1\tmp57D.tmp.exe
C:\DOCUME~1\Florence\APPLIC~1\tmp58E.tmp.exe
C:\DOCUME~1\Florence\APPLIC~1\tmp58F.tmp.exe
C:\DOCUME~1\Florence\APPLIC~1\tmp596.tmp.exe
C:\DOCUME~1\Florence\APPLIC~1\tmp597.tmp.exe
C:\DOCUME~1\Florence\APPLIC~1\tmp598.tmp.exe
C:\DOCUME~1\Florence\APPLIC~1\tmp59A.tmp.exe
C:\DOCUME~1\Florence\APPLIC~1\tmp59B.tmp.exe
C:\DOCUME~1\Florence\APPLIC~1\tmp59C.tmp.exe
C:\Documents and Settings\Florence\ravmonlog
C:\Program Files\internet explorer\iekey.dll
C:\Program Files\winpop
C:\WINDOWS\system32\iafqdocg.exe
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\wjlathqqa.dat
C:\WINDOWS\system32\wjlathqqa_nav.dat
C:\WINDOWS\system32\wjlathqqa_navps.dat


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NPF
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-05-26 to 2007-06-26 )))))))))))))))))))))))))))))))


2007-06-26 18:29 <REP> d-------- C:\Temp\WPDNSE
2007-06-26 18:22 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-26 16:37 59,480 --a------ C:\WINDOWS\system32\tmp58E.tmp.dll
2007-06-26 16:07 <REP> d-------- C:\!KillBox
2007-06-26 15:31 135,052 --a------ C:\WINDOWS\opooll.dll
2007-06-26 15:23 <REP> d-------- C:\VundoFix Backups
2007-06-26 13:31 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-26 13:31 <REP> d-------- C:\Temp\KAV Updater update files
2007-06-26 13:13 59,480 --a------ C:\WINDOWS\system32\tmp59B.tmp.dll
2007-06-26 13:09 59,480 --a------ C:\WINDOWS\system32\tmp597.tmp.dll
2007-06-26 12:29 128,152 --a------ C:\DOCUME~1\Johann\APPLIC~1\tmp591.tmp.exe
2007-06-26 12:20 73,931 --a------ C:\DOCUME~1\Johann\APPLIC~1\tmp577.tmp.exe
2007-06-26 12:20 59,480 --a------ C:\WINDOWS\system32\tmp577.tmp.dll
2007-06-26 12:20 2,560 --a------ C:\DOCUME~1\Johann\APPLIC~1\tmp578.tmp.exe
2007-06-26 12:20 122,880 --a------ C:\DOCUME~1\Johann\APPLIC~1\tmp576.tmp.exe
2007-06-26 11:00 73,931 --a------ C:\DOCUME~1\JEAN-M~1\APPLIC~1\tmp573.tmp.exe
2007-06-26 11:00 59,480 --a------ C:\WINDOWS\system32\tmp573.tmp.dll
2007-06-26 11:00 2,560 --a------ C:\DOCUME~1\JEAN-M~1\APPLIC~1\tmp574.tmp.exe
2007-06-26 11:00 128,152 --a------ C:\DOCUME~1\JEAN-M~1\APPLIC~1\tmp572.tmp.exe
2007-06-26 11:00 122,880 --a------ C:\DOCUME~1\JEAN-M~1\APPLIC~1\tmp571.tmp.exe
2007-06-26 10:39 128,152 --a------ C:\DOCUME~1\Johann\APPLIC~1\tmp56C.tmp.exe
2007-06-26 10:14 2,560 --a------ C:\DOCUME~1\Johann\APPLIC~1\tmp5C1.tmp.exe
2007-06-26 10:13 73,931 --a------ C:\DOCUME~1\Johann\APPLIC~1\tmp5BD.tmp.exe
2007-06-26 10:13 59,480 --a------ C:\WINDOWS\system32\tmp5BD.tmp.dll
2007-06-26 10:13 122,880 --a------ C:\DOCUME~1\Johann\APPLIC~1\tmp5B1.tmp.exe
2007-06-26 09:14 128,152 --a------ C:\DOCUME~1\Johann\APPLIC~1\tmp56A.tmp.exe
2007-06-26 08:34 2,560 --a------ C:\DOCUME~1\JEAN-M~1\APPLIC~1\tmp56F.tmp.exe
2007-06-26 08:33 73,931 --a------ C:\DOCUME~1\JEAN-M~1\APPLIC~1\tmp56B.tmp.exe
2007-06-26 08:33 59,480 --a------ C:\WINDOWS\system32\tmp56B.tmp.dll
2007-06-26 08:33 128,152 --a------ C:\DOCUME~1\JEAN-M~1\APPLIC~1\tmp567.tmp.exe
2007-06-26 08:33 122,880 --a------ C:\DOCUME~1\JEAN-M~1\APPLIC~1\tmp564.tmp.exe
2007-06-25 23:27 <REP> d-------- C:\DOCUME~1\Johann\APPLIC~1\Lavasoft
2007-06-25 23:22 73,931 --a------ C:\DOCUME~1\Johann\APPLIC~1\tmp7AC.tmp.exe
2007-06-25 23:22 59,480 --a------ C:\WINDOWS\system32\tmp7AC.tmp.dll
2007-06-25 20:52 <REP> d-------- C:\Temp\ewido_quarantine
2007-06-25 19:33 <REP> d-------- C:\DOCUME~1\Florence\APPLIC~1\Lavasoft
2007-06-25 19:28 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-06-25 19:28 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-06-25 19:28 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-06-25 19:28 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-06-25 19:28 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-06-25 19:28 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-06-25 19:28 <REP> d-------- C:\Temp\is-D2Q2F.tmp
2007-06-25 19:28 <REP> d-------- C:\Program Files\Spyware Doctor
2007-06-25 19:28 <REP> d-------- C:\DOCUME~1\Florence\APPLIC~1\PC Tools
2007-06-25 19:24 <REP> d-------- C:\Program Files\SpywareBlaster
2007-06-25 19:24 <REP> d-------- C:\Program Files\Lavasoft
2007-06-25 19:11 <REP> d-------- C:\Temp\Google Toolbar
2007-06-25 19:10 59,480 --a------ C:\WINDOWS\system32\tmp56A.tmp.dll
2007-06-25 19:09 <REP> d-------- C:\Temp
2007-06-25 19:07 135,052 --a------ C:\WINDOWS\jkjigf.dll
2007-06-25 19:07 128,152 --a------ C:\DOCUME~1\Johann\APPLIC~1\tmp563.tmp.exe
2007-06-25 15:43 73,931 --a------ C:\DOCUME~1\Johann\APPLIC~1\tmp5D7.tmp.exe
2007-06-25 15:43 59,480 --a------ C:\WINDOWS\system32\tmp5D7.tmp.dll
2007-06-25 15:33 <REP> d-------- C:\bintheredunthat
2007-06-25 15:32 127,918 --a------ C:\WINDOWS\system32\dn2417a95d.dat
2007-06-25 15:31 92,554 --a------ C:\WINDOWS\system32\editib1.dll
2007-06-25 15:29 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-06-25 15:23 <REP> d-------- C:\DOCUME~1\Johann\Incomplete
2007-06-24 17:01 164 --a------ C:\install.dat
2007-06-24 17:01 <REP> d-------- C:\DOCUME~1\Johann\APPLIC~1\Webroot
2007-06-24 17:00 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-24 16:45 <REP> d-------- C:\WINDOWS\system32\GroupPolicy
2007-06-24 16:45 <REP> d-------- C:\Program Files\Hitman Pro
2007-06-23 11:59 <REP> d-------- C:\Program Files\Slayers Online
2007-06-22 09:42 541,448 --a------ C:\WINDOWS\EconomiseurFranquin.exe
2007-06-22 09:42 40,960 --a------ C:\WINDOWS\EconomiseurFranquin.dll
2007-06-22 09:42 398,316 --a------ C:\WINDOWS\EconomiseurFranquin.scr
2007-06-22 09:42 18,192 --a------ C:\WINDOWS\EconomiseurFranquin.dat
2007-06-21 19:58 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-06-16 19:08 <REP> d-------- C:\DOCUME~1\JEAN-M~1\APPLIC~1\ESTsoft
2007-06-15 18:40 <REP> d-------- C:\DOCUME~1\Johann\APPLIC~1\U3
2007-06-13 15:04 335 --a------ C:\WINDOWS\mozregistry.dat
2007-06-11 23:08 <REP> d-------- C:\Program Files\MessengerSkinner
2007-06-11 23:08 <REP> d-------- C:\DOCUME~1\Johann\APPLIC~1\MessengerSkinner
2007-06-11 13:55 <REP> d-------- C:\DOCUME~1\Florence\Contacts
2007-06-08 12:18 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FreeTest
2007-06-05 17:04 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-05 17:04 <REP> d-------- C:\DOCUME~1\Johann\APPLIC~1\Talkback
2007-06-04 18:23 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-06-02 15:08 3,244 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-02 14:25 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-06-02 12:00 <REP> d-------- C:\DOCUME~1\Johann\APPLIC~1\AdobeUM
2007-05-26 14:46 <REP> d-------- C:\DOCUME~1\Johann\Contacts
2007-05-26 14:30 <REP> d---s---- C:\DOCUME~1\Johann\UserData


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-26 16:29:18 -------- d-----w C:\Program Files\Wanadoo
2007-06-26 16:18:21 75,266 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-06-26 16:18:21 468,072 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-06-25 19:12:32 -------- d-----w C:\Program Files\eMule
2007-06-25 13:38:10 -------- d-----w C:\Program Files\EA GAMES
2007-06-20 20:18:44 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-18 08:24:58 -------- d-----w C:\DOCUME~1\Florence\APPLIC~1\U3
2007-05-21 11:00:10 4 ----a-w C:\WINDOWS\IEdate.dll
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-14 12:31:05 82,640 ----a-w C:\DOCUME~1\Florence\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-05-11 19:21:59 -------- d-----w C:\Program Files\Teamspeak2_RC2
2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-15 07:19:57 0 ----a-r C:\logwmemory.bin
2007-04-04 13:38:55 99,904 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-04-04 13:38:50 63,040 ----a-w C:\WINDOWS\system32\PnkBstrA.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=c:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 15:17]
{0CED9E23-0CEF-4553-A347-78FA25CAAE0B}=C:\WINDOWS\system32\awtqn.dll []
{18C167C2-B0AE-4155-A4FE-52EB17DDAD35}=C:\WINDOWS\system32\pmkhe.dll []
{1F6581D5-AA53-4b73-A6F9-41420C6B61F1}=C:\WINDOWS\system32\tmp58E.tmp.dll [2007-06-26 16:37]
{404edc1a-0ad2-45ff-b5c4-5daafadf5c48}=C:\WINDOWS\system32\editib1.dll [2007-06-25 15:31]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=c:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 12:29]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar4.dll [2007-01-20 00:56]
{EC746A54-D715-487D-997D-1B1AA3E896B0}=C:\WINDOWS\system32\awvtq.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YeppStudioAgent"="C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe" []
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2003-05-23 08:46]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2003-05-23 08:46]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2003-05-23 08:46]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-10-25 14:00]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-06-06 11:15]
"NWEReboot"="" []
"nForce Tray Options"="sstray.exe" [2002-11-13 09:34 C:\WINDOWS\system32\sstray.exe]
"MessagerStarter Wanadoo"="C:\PROGRA~1\MESSAG~1\StartMessager.exe" [2003-04-04 16:47]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2002-07-22 18:34]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-14 12:44]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\editib1]
editib1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\system32\jkkjiji.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14a55da1-c7d4-11db-8bc9-0090d0b39625}]
Auto\command- F:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-26 18:28:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-26 18:30:10 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-26 18:30

--- E O F ---

Voila le rapport que tu m'a demandé:



Logfile of HijackThis v1.99.1
Scan saved at 18:47:48, on 26/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\PROGRA~1\SECURI~1\174112\Program\BACKWE~1.EXE
C:\Program Files\F-Secure\fswsclds.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\sstray.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\AdobeR.exe
G:\AdobeR.exe
F:\AdobeR.exe
C:\Documents and Settings\Florence\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CED9E23-0CEF-4553-A347-78FA25CAAE0B} - C:\WINDOWS\system32\awtqn.dll (file missing)
O2 - BHO: (no name) - {18C167C2-B0AE-4155-A4FE-52EB17DDAD35} - C:\WINDOWS\system32\pmkhe.dll (file missing)
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\tmp58E.tmp.dll
O2 - BHO: (no name) - {404edc1a-0ad2-45ff-b5c4-5daafadf5c48} - C:\WINDOWS\system32\editib1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {EC746A54-D715-487D-997D-1B1AA3E896B0} - C:\WINDOWS\system32\awvtq.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\editib1.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/p [...] nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/We [...] 536C585C9}
O17 - HKLM\System\CCS\Services\Tcpip\..\{933D6120-03DB-416C-8BFF-3A53BCCC5890}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\jkkjiji.dll
O20 - Winlogon Notify: editib1 - C:\WINDOWS\SYSTEM32\editib1.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Securitoo AntiVirus (BackWeb Client - 174112) - Unknown owner - C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure\fswsclds.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

On va faire un nettoyage avant de s'attaquer une nouvelle fois à Vundo.

Télécharge puis installe AVG Anti-Spyware (AVG AS)
Fais les mises à jour mais ne lance pas de scan pour le moment.
AIDE : Tuto sur AVG Anti-Spyware (Malekal)

Redémarre en mode sans échec

Relance AVG AS :
- Choisis l'onglet "Analyse"
- Puis l'onglet "Paramètres"
- Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
- Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

Si un fichier est infecté en fin d'analyse, clique sur "Appliquer toutes les actions"

Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.

Redémarre normalement.
Poste le rapport AVG AS ainsi qu'un rapport Hijackthis.

Re !! Voila les résultats:
Tout d'abord le rapport de AVG AS:


---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 20:47:39 26/06/2007

+ Résultat de l'analyse:



C:\RECYCLER\S-1-5-21-606747145-1677128483-1801674531-1011\Dc4.exe -> Hijacker.StartPage.aop : Nettoyé.
C:\Documents and Settings\Johann\Cookies\johann@fnac.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Florence\Cookies\florence@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Florence\Cookies\florence@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Jean-Marie\Cookies\jean-marie@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Johann\Cookies\johann@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Florence\Cookies\florence@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyé.
C:\Documents and Settings\Johann\Cookies\johann@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyé.
C:\Documents and Settings\Florence\Cookies\florence@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Jean-Marie\Cookies\jean-marie@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Florence\Cookies\florence@enhance[2].txt -> TrackingCookie.Enhance : Nettoyé.
C:\Documents and Settings\Florence\Cookies\florence@findwhat[1].txt -> TrackingCookie.Findwhat : Nettoyé.
C:\Documents and Settings\Florence\Cookies\florence@banner.goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Nettoyé.
C:\Documents and Settings\Florence\Cookies\florence@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Nettoyé.
C:\Documents and Settings\Florence\Cookies\florence@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Jean-Marie\Cookies\jean-marie@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Johann\Cookies\johann@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Florence\Cookies\florence@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Nettoyé.
C:\Documents and Settings\Johann\Cookies\johann@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.
C:\Documents and Settings\Florence\Cookies\florence@overture[2].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Jean-Marie\Cookies\jean-marie@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Johann\Cookies\johann@overture[2].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Johann\Cookies\johann@www.paypal[1].txt -> TrackingCookie.Paypal : Nettoyé.
C:\Documents and Settings\Florence\Cookies\florence@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Nettoyé.
C:\Documents and Settings\Jean-Marie\Cookies\jean-marie@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Nettoyé.
C:\Documents and Settings\Florence\Cookies\florence@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Florence\Cookies\florence@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Jean-Marie\Cookies\jean-marie@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Jean-Marie\Cookies\jean-marie@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Florence\Cookies\florence@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Johann\Cookies\johann@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Florence\Cookies\florence@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Johann\Cookies\johann@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Florence\Cookies\florence@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and Settings\Florence\Cookies\florence@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé.
C:\Documents and Settings\Jean-Marie\Application Data\tmp56F.tmp.exe -> Trojan.Agent.anr : Nettoyé.
C:\Documents and Settings\Jean-Marie\Application Data\tmp574.tmp.exe -> Trojan.Agent.anr : Nettoyé.
C:\Documents and Settings\Johann\Application Data\tmp578.tmp.exe -> Trojan.Agent.anr : Nettoyé.
C:\Documents and Settings\Johann\Application Data\tmp5C1.tmp.exe -> Trojan.Agent.anr : Nettoyé.
C:\QooBox\Quarantine\C\DOCUME~1\Florence\APPLIC~1\tmp58F.tmp.exe.vir -> Trojan.Agent.anr : Nettoyé.
C:\QooBox\Quarantine\C\DOCUME~1\Florence\APPLIC~1\tmp598.tmp.exe.vir -> Trojan.Agent.anr : Nettoyé.
C:\QooBox\Quarantine\C\DOCUME~1\Florence\APPLIC~1\tmp59C.tmp.exe.vir -> Trojan.Agent.anr : Nettoyé.
C:\System Volume Information\_restore{E46A95CE-4EC3-4C5D-A6CF-0846A3EB847A}\RP281\A0215602.exe -> Trojan.Agent.anr : Nettoyé.
C:\System Volume Information\_restore{E46A95CE-4EC3-4C5D-A6CF-0846A3EB847A}\RP281\A0215605.exe -> Trojan.Agent.anr : Nettoyé.
C:\System Volume Information\_restore{E46A95CE-4EC3-4C5D-A6CF-0846A3EB847A}\RP281\A0215608.exe -> Trojan.Agent.anr : Nettoyé.
C:\Documents and Settings\Jean-Marie\Application Data\tmp564.tmp.exe -> Trojan.Agent.aoy : Nettoyé.
C:\Documents and Settings\Jean-Marie\Application Data\tmp571.tmp.exe -> Trojan.Agent.aoy : Nettoyé.
C:\Documents and Settings\Johann\Application Data\tmp576.tmp.exe -> Trojan.Agent.aoy : Nettoyé.
C:\Documents and Settings\Johann\Application Data\tmp5B1.tmp.exe -> Trojan.Agent.aoy : Nettoyé.
C:\QooBox\Quarantine\C\DOCUME~1\Florence\APPLIC~1\tmp57D.tmp.exe.vir -> Trojan.Agent.aoy : Nettoyé.
C:\QooBox\Quarantine\C\DOCUME~1\Florence\APPLIC~1\tmp596.tmp.exe.vir -> Trojan.Agent.aoy : Nettoyé.
C:\QooBox\Quarantine\C\DOCUME~1\Florence\APPLIC~1\tmp59A.tmp.exe.vir -> Trojan.Agent.aoy : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\iafqdocg.exe.vir -> Trojan.Agent.aoy : Nettoyé.
C:\System Volume Information\_restore{E46A95CE-4EC3-4C5D-A6CF-0846A3EB847A}\RP281\A0215600.exe -> Trojan.Agent.aoy : Nettoyé.
C:\System Volume Information\_restore{E46A95CE-4EC3-4C5D-A6CF-0846A3EB847A}\RP281\A0215603.exe -> Trojan.Agent.aoy : Nettoyé.
C:\System Volume Information\_restore{E46A95CE-4EC3-4C5D-A6CF-0846A3EB847A}\RP281\A0215606.exe -> Trojan.Agent.aoy : Nettoyé.
C:\System Volume Information\_restore{E46A95CE-4EC3-4C5D-A6CF-0846A3EB847A}\RP281\A0215609.exe -> Trojan.Agent.aoy : Nettoyé.


Fin du rapport





Et le rapport de Hijackthis:



Logfile of HijackThis v1.99.1
Scan saved at 20:50:38, on 26/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\PROGRA~1\SECURI~1\174112\Program\BACKWE~1.EXE
C:\Program Files\F-Secure\fswsclds.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\AdobeR.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Florence\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CED9E23-0CEF-4553-A347-78FA25CAAE0B} - C:\WINDOWS\system32\awtqn.dll (file missing)
O2 - BHO: (no name) - {18C167C2-B0AE-4155-A4FE-52EB17DDAD35} - C:\WINDOWS\system32\pmkhe.dll (file missing)
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\tmp58E.tmp.dll
O2 - BHO: (no name) - {404edc1a-0ad2-45ff-b5c4-5daafadf5c48} - C:\WINDOWS\system32\editib1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {EC746A54-D715-487D-997D-1B1AA3E896B0} - C:\WINDOWS\system32\awvtq.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe
O4 - HKLM\..\Run: [winehq.org] rundll32.exe "C:\WINDOWS\ljgghi.dll",realset
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\editib1.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/p [...] nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/We [...] 536C585C9}
O17 - HKLM\System\CCS\Services\Tcpip\..\{933D6120-03DB-416C-8BFF-3A53BCCC5890}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\jkkjiji.dll
O20 - Winlogon Notify: editib1 - C:\WINDOWS\SYSTEM32\editib1.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Securitoo AntiVirus (BackWeb Client - 174112) - Unknown owner - C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure\fswsclds.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

Euh un message de AVG me demande de redemarrer mon ordinateur pour me debarasser definitvement des logiciels malicieux. Je fais quoi ?

J'ai redémarré comme tu m'as dit , et je suis en train de faire un scan avec combofix.

Période d'essai mais tu pourras toujours l'utiliser comme scanner.

Re,

Télécharge LopResearch.zip
Dézippe-le sur ton Bureau uniquement.
Ouvre le dossier LopResearch puis double-clique sur le Scan.bat.
Un rapport sera généré, poste son contenu ici.

Re,

Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de ComboFix-Do.txt

Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.

Tu prends le fichier texte et tu le glisse dans Combofix.

Bon mon PC s'est finalement reboot , voici donc le rapport:



"Florence" - 2007-06-26 21:45:35 - ComboFix 07-06-26.8 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Florence\Bureau\ComboFix-Do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Jean-Marie\Application Data\tmp567.tmp.exe
C:\Documents and Settings\Jean-Marie\Application Data\tmp56B.tmp.exe
C:\Documents and Settings\Jean-Marie\Application Data\tmp572.tmp.exe
C:\Documents and Settings\Jean-Marie\Application Data\tmp573.tmp.exe
C:\Documents and Settings\Johann\Application Data\MessengerSkinner
C:\Documents and Settings\Johann\Application Data\MessengerSkinner\Userdata\languages_v2.xml
C:\Documents and Settings\Johann\Application Data\MessengerSkinner\Userdata\pack1.cab
C:\Documents and Settings\Johann\Application Data\tmp563.tmp.exe
C:\Documents and Settings\Johann\Application Data\tmp56A.tmp.exe
C:\Documents and Settings\Johann\Application Data\tmp56C.tmp.exe
C:\Documents and Settings\Johann\Application Data\tmp577.tmp.exe
C:\Documents and Settings\Johann\Application Data\tmp591.tmp.exe
C:\Documents and Settings\Johann\Application Data\tmp5BD.tmp.exe
C:\Documents and Settings\Johann\Application Data\tmp5D7.tmp.exe
C:\Documents and Settings\Johann\Application Data\tmp7AC.tmp.exe
C:\Program Files\MessengerSkinner
C:\Program Files\MessengerSkinner\download\defaultPack.cab
C:\Program Files\MessengerSkinner\MessengerSkinner.exe
C:\Program Files\MessengerSkinner\MessengerSkinner.url
C:\Program Files\MessengerSkinner\MessengerSkinnerDll.dll
C:\Program Files\MessengerSkinner\resources\appconfig.xml
C:\Program Files\MessengerSkinner\resources\btn.rgn
C:\Program Files\MessengerSkinner\resources\btnBnr.rgn
C:\Program Files\MessengerSkinner\resources\btnIn.rgn
C:\Program Files\MessengerSkinner\resources\btnInNormal.bmp
C:\Program Files\MessengerSkinner\resources\btnInOver.bmp
C:\Program Files\MessengerSkinner\resources\btnNormal.bmp
C:\Program Files\MessengerSkinner\resources\btnNormal.gif
C:\Program Files\MessengerSkinner\resources\btnNormalBnr.bmp
C:\Program Files\MessengerSkinner\resources\btnNormalBnr.gif
C:\Program Files\MessengerSkinner\resources\btnOver.bmp
C:\Program Files\MessengerSkinner\resources\btnOver.gif
C:\Program Files\MessengerSkinner\resources\btnOverBnr.bmp
C:\Program Files\MessengerSkinner\resources\btnOverBnr.gif
C:\Program Files\MessengerSkinner\resources\languages_v2.xml
C:\Program Files\MessengerSkinner\uninst.exe
C:\WINDOWS\jkjigf.dll
C:\WINDOWS\ljgghi.dll
C:\WINDOWS\opooll.dll
C:\WINDOWS\system32\editib1.dll
C:\WINDOWS\system32\tmp56A.tmp.dll
C:\WINDOWS\system32\tmp56B.tmp.dll
C:\WINDOWS\system32\tmp573.tmp.dll
C:\WINDOWS\system32\tmp577.tmp.dll
C:\WINDOWS\system32\tmp58E.tmp.dll
C:\WINDOWS\system32\tmp597.tmp.dll
C:\WINDOWS\system32\tmp59B.tmp.dll
C:\WINDOWS\system32\tmp5BD.tmp.dll
C:\WINDOWS\system32\tmp5D7.tmp.dll
C:\WINDOWS\system32\tmp7AC.tmp.dll


((((((((((((((((((((((((( Files Created from 2007-05-26 to 2007-06-26 )))))))))))))))))))))))))))))))


2007-06-26 21:54 <REP> d-------- C:\Temp\WPDNSE
2007-06-26 21:18 <REP> d-------- C:\Temp\Google Toolbar
2007-06-26 21:15 <REP> d-------- C:\Temp
2007-06-26 19:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-26 18:22 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-26 16:07 <REP> d-------- C:\!KillBox
2007-06-26 15:23 <REP> d-------- C:\VundoFix Backups
2007-06-26 13:31 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-25 23:27 <REP> d-------- C:\DOCUME~1\Johann\APPLIC~1\Lavasoft
2007-06-25 19:33 <REP> d-------- C:\DOCUME~1\Florence\APPLIC~1\Lavasoft
2007-06-25 19:28 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-06-25 19:28 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-06-25 19:28 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-06-25 19:28 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-06-25 19:28 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-06-25 19:28 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-06-25 19:28 <REP> d-------- C:\Program Files\Spyware Doctor
2007-06-25 19:28 <REP> d-------- C:\DOCUME~1\Florence\APPLIC~1\PC Tools
2007-06-25 19:24 <REP> d-------- C:\Program Files\SpywareBlaster
2007-06-25 19:24 <REP> d-------- C:\Program Files\Lavasoft
2007-06-25 15:33 <REP> d-------- C:\bintheredunthat
2007-06-25 15:32 128,021 --a------ C:\WINDOWS\system32\dn2417a95d.dat
2007-06-25 15:29 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-06-25 15:23 <REP> d-------- C:\DOCUME~1\Johann\Incomplete
2007-06-24 17:01 164 --a------ C:\install.dat
2007-06-24 17:01 <REP> d-------- C:\DOCUME~1\Johann\APPLIC~1\Webroot
2007-06-24 17:00 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-24 16:45 <REP> d-------- C:\WINDOWS\system32\GroupPolicy
2007-06-24 16:45 <REP> d-------- C:\Program Files\Hitman Pro
2007-06-23 11:59 <REP> d-------- C:\Program Files\Slayers Online
2007-06-22 09:42 541,448 --a------ C:\WINDOWS\EconomiseurFranquin.exe
2007-06-22 09:42 40,960 --a------ C:\WINDOWS\EconomiseurFranquin.dll
2007-06-22 09:42 398,316 --a------ C:\WINDOWS\EconomiseurFranquin.scr
2007-06-22 09:42 18,192 --a------ C:\WINDOWS\EconomiseurFranquin.dat
2007-06-21 19:58 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-06-16 19:08 <REP> d-------- C:\DOCUME~1\JEAN-M~1\APPLIC~1\ESTsoft
2007-06-15 18:40 <REP> d-------- C:\DOCUME~1\Johann\APPLIC~1\U3
2007-06-13 15:04 335 --a------ C:\WINDOWS\mozregistry.dat
2007-06-11 13:55 <REP> d-------- C:\DOCUME~1\Florence\Contacts
2007-06-08 12:18 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FreeTest
2007-06-05 17:04 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-05 17:04 <REP> d-------- C:\DOCUME~1\Johann\APPLIC~1\Talkback
2007-06-04 18:23 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-06-02 15:08 3,244 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-02 14:25 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-06-02 12:00 <REP> d-------- C:\DOCUME~1\Johann\APPLIC~1\AdobeUM
2007-05-26 14:46 <REP> d-------- C:\DOCUME~1\Johann\Contacts
2007-05-26 14:30 <REP> d---s---- C:\DOCUME~1\Johann\UserData


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-26 19:55:05 -------- d-----w C:\Program Files\Wanadoo
2007-06-26 19:16:48 75,266 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-06-26 19:16:48 468,072 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-06-26 16:48:07 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-06-25 19:12:32 -------- d-----w C:\Program Files\eMule
2007-06-25 13:38:10 -------- d-----w C:\Program Files\EA GAMES
2007-06-20 20:18:44 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-18 08:24:58 -------- d-----w C:\DOCUME~1\Florence\APPLIC~1\U3
2007-05-21 11:00:10 4 ----a-w C:\WINDOWS\IEdate.dll
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-14 12:31:05 82,640 ----a-w C:\DOCUME~1\Florence\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-05-11 19:21:59 -------- d-----w C:\Program Files\Teamspeak2_RC2
2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-15 07:19:57 0 ----a-r C:\logwmemory.bin
2007-04-04 13:38:55 99,904 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-04-04 13:38:50 63,040 ----a-w C:\WINDOWS\system32\PnkBstrA.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=c:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 15:17]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=c:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 12:29]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar4.dll [2007-01-20 00:56]
{EC746A54-D715-487D-997D-1B1AA3E896B0}=C:\WINDOWS\system32\awvtq.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"YeppStudioAgent"="C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe" []
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2003-05-23 08:46]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2003-05-23 08:46]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2003-05-23 08:46]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-10-25 14:00]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-06-06 11:15]
"NWEReboot"="" []
"nForce Tray Options"="sstray.exe" [2002-11-13 09:34 C:\WINDOWS\system32\sstray.exe]
"MessagerStarter Wanadoo"="C:\PROGRA~1\MESSAG~1\StartMessager.exe" [2003-04-04 16:47]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2002-07-22 18:34]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-14 12:44]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\system32\jkkjiji.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14a55da1-c7d4-11db-8bc9-0090d0b39625}]
Auto\command- G:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{662b8998-93f0-11db-8a68-0090d0b39625}]
Auto\command- F:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-26 21:54:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-26 21:56:34 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-26 21:56
C:\ComboFix2.txt ... 2007-06-26 21:15
C:\ComboFix3.txt ... 2007-06-26 18:30

--- E O F ---



En éspérant que tu m'annoncera une bonne nouvelle ^^

Voila le rapport Hijackthis:



Logfile of HijackThis v1.99.1
Scan saved at 12:48:24, on 27/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\fswsclds.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\PROGRA~1\SECURI~1\174112\Program\BACKWE~1.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\sstray.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Florence\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {EC746A54-D715-487D-997D-1B1AA3E896B0} - C:\WINDOWS\system32\awvtq.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/p [...] nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/We [...] 536C585C9}
O17 - HKLM\System\CCS\Services\Tcpip\..\{933D6120-03DB-416C-8BFF-3A53BCCC5890}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\jkkjiji.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Securitoo AntiVirus (BackWeb Client - 174112) - Unknown owner - C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure\fswsclds.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe



J'ai remrqué que mon PC trainer moin sur les pages web, par contre securitoo n'arréte pas d eme dire: _fichier dangereux dans IE5
_ trojan dans AVG

D'accord, voici le rapoport:



Search Navipromo version 2.0.3 commencé le 27/06/2007 à 18:41:25,98

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes ***


MessengerSkinner


*** Recherche dossiers dans C:\WINDOWS ***




*** Recherche dossiers dans C:\Program Files ***




*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\Johann\Application Data ***



*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
http://www.f-secure.com/blacklight [...] _help.html


F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1061.

[+] Started on 06/27/07 at 18:41:28.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items ................................................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 06/27/07 at 18:48:02 (return code = 0).


*** Recherche fichiers ***


C:\WINDOWS\pack.epk trouvé !


*** Recherche cles registre ***


Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]



Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]



Recherche Clé Magic Control



*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:


2)Recherche Heuristique :
*
**
***
****
*****
******
*******
********


*** Analyse Terminé le 27/06/2007 à 18:48:24,39 ***


J'ai bien copié collé comme tu m'a dit de faire !

D'accord je m'en vais suivre tes précieux ordres !!

J'ai fait comme tu a smarqué et je n'ai toruvé que electronic-groupe dans editeurs approuvé, j'ai supprimé comme tu me l'a demandé.

Je ne sais si c'est normal d'avoir un rapport aussi petit (vu les autres ^^):



28/06/2007 a 9:41:25,64

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\mcrh.tmp FOUND

*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\system\" FOUND
*** Fin du rapport !

Re !
Voici le scan combofix:



"Florence" - 2007-06-28 15:18:26 - ComboFix 07-06-26.8 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-28 )))))))))))))))))))))))))))))))


2007-06-28 15:02 <REP> d-------- C:\Temp\WPDNSE
2007-06-27 18:40 <REP> d-------- C:\Program Files\Navilog1
2007-06-26 22:22 <REP> d-------- C:\Temp\Google Toolbar
2007-06-26 21:56 <REP> d-------- C:\Temp
2007-06-26 19:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-26 18:22 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-26 16:07 <REP> d-------- C:\!KillBox
2007-06-26 15:23 <REP> d-------- C:\VundoFix Backups
2007-06-26 13:31 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-25 23:27 <REP> d-------- C:\DOCUME~1\Johann\APPLIC~1\Lavasoft
2007-06-25 19:33 <REP> d-------- C:\DOCUME~1\Florence\APPLIC~1\Lavasoft
2007-06-25 19:28 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-06-25 19:28 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-06-25 19:28 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-06-25 19:28 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-06-25 19:28 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-06-25 19:28 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-06-25 19:28 <REP> d-------- C:\Program Files\Spyware Doctor
2007-06-25 19:28 <REP> d-------- C:\DOCUME~1\Florence\APPLIC~1\PC Tools
2007-06-25 19:24 <REP> d-------- C:\Program Files\SpywareBlaster
2007-06-25 19:24 <REP> d-------- C:\Program Files\Lavasoft
2007-06-25 15:33 <REP> d-------- C:\bintheredunthat
2007-06-25 15:32 128,021 --a------ C:\WINDOWS\system32\dn2417a95d.dat
2007-06-25 15:29 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-06-25 15:23 <REP> d-------- C:\DOCUME~1\Johann\Incomplete
2007-06-24 17:01 164 --a------ C:\install.dat
2007-06-24 17:01 <REP> d-------- C:\DOCUME~1\Johann\APPLIC~1\Webroot
2007-06-24 17:00 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-24 16:45 <REP> d-------- C:\WINDOWS\system32\GroupPolicy
2007-06-24 16:45 <REP> d-------- C:\Program Files\Hitman Pro
2007-06-23 11:59 <REP> d-------- C:\Program Files\Slayers Online
2007-06-22 09:42 541,448 --a------ C:\WINDOWS\EconomiseurFranquin.exe
2007-06-22 09:42 40,960 --a------ C:\WINDOWS\EconomiseurFranquin.dll
2007-06-22 09:42 398,316 --a------ C:\WINDOWS\EconomiseurFranquin.scr
2007-06-22 09:42 18,192 --a------ C:\WINDOWS\EconomiseurFranquin.dat
2007-06-21 19:58 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-06-16 19:08 <REP> d-------- C:\DOCUME~1\JEAN-M~1\APPLIC~1\ESTsoft
2007-06-15 18:40 <REP> d-------- C:\DOCUME~1\Johann\APPLIC~1\U3
2007-06-13 15:04 335 --a------ C:\WINDOWS\mozregistry.dat
2007-06-11 13:55 <REP> d-------- C:\DOCUME~1\Florence\Contacts
2007-06-08 12:18 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FreeTest
2007-06-05 17:04 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-05 17:04 <REP> d-------- C:\DOCUME~1\Johann\APPLIC~1\Talkback
2007-06-04 18:23 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-06-02 15:08 3,244 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-02 14:25 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-06-02 12:00 <REP> d-------- C:\DOCUME~1\Johann\APPLIC~1\AdobeUM


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-28 13:15:51 -------- d-----w C:\Program Files\Wanadoo
2007-06-28 13:06:49 75,266 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-06-28 13:06:49 468,072 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-06-26 16:48:07 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-06-25 19:12:32 -------- d-----w C:\Program Files\eMule
2007-06-25 13:38:10 -------- d-----w C:\Program Files\EA GAMES
2007-06-20 20:18:44 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-18 08:24:58 -------- d-----w C:\DOCUME~1\Florence\APPLIC~1\U3
2007-05-21 11:00:10 4 ----a-w C:\WINDOWS\IEdate.dll
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-14 12:31:05 82,640 ----a-w C:\DOCUME~1\Florence\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-05-11 19:21:59 -------- d-----w C:\Program Files\Teamspeak2_RC2
2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-15 07:19:57 0 ----a-r C:\logwmemory.bin
2007-04-04 13:38:55 99,904 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-04-04 13:38:50 63,040 ----a-w C:\WINDOWS\system32\PnkBstrA.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=c:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 15:17]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=c:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 12:29]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar4.dll [2007-01-20 00:56]
{EC746A54-D715-487D-997D-1B1AA3E896B0}=C:\WINDOWS\system32\awvtq.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"YeppStudioAgent"="C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe" []
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2003-05-23 08:46]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2003-05-23 08:46]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2003-05-23 08:46]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-10-25 14:00]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-06-06 11:15]
"NWEReboot"="" []
"nForce Tray Options"="sstray.exe" [2002-11-13 09:34 C:\WINDOWS\system32\sstray.exe]
"MessagerStarter Wanadoo"="C:\PROGRA~1\MESSAG~1\StartMessager.exe" [2003-04-04 16:47]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2002-07-22 18:34]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-14 12:44]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\system32\jkkjiji.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14a55da1-c7d4-11db-8bc9-0090d0b39625}]
Auto\command- G:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{662b8998-93f0-11db-8a68-0090d0b39625}]
Auto\command- F:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-28 15:20:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-28 15:21:15
C:\ComboFix-quarantined-files.txt ... 2007-06-28 15:21
C:\ComboFix2.txt ... 2007-06-26 21:56
C:\ComboFix3.txt ... 2007-06-26 21:15

--- E O F ---

Re!
Voici le rapport de combofix:


Oui c'est meiux, plus de probléme, grand merci à toi angeldark pour ton aide!!!!!

J'éspére à bientôt !!!
(pas parce que j'aurai un nouveau probléme)

Oui pour ta question!