Bonjour, rapport hijacksky pour analyse

Merci pour le conseil je t'envoie le rapport vundofix : (puis hijack this v1.99.1)

VundoFix V6.3.18

Checking Java version...

Java version is 1.5.0.11

Scan started at 20:08:25 31/03/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtqoll.dll
C:\WINDOWS\system32\cbxxxyy.dll
C:\WINDOWS\system32\ddcdayv.dll
C:\WINDOWS\system32\fccccbx.dll
C:\WINDOWS\system32\hggdbxv.dll
C:\WINDOWS\system32\hggfeby.dll
C:\WINDOWS\system32\hkawdlfl.dll
C:\WINDOWS\system32\iagtgiul.ini
C:\WINDOWS\system32\iiffcca.dll
C:\WINDOWS\system32\jkkjjjg.dll
C:\WINDOWS\system32\khfdaax.dll
C:\WINDOWS\system32\luigtgai.dll
C:\WINDOWS\system32\nnnkiij.dll
C:\WINDOWS\system32\nnnmp.bak1
C:\WINDOWS\system32\nnnmp.bak2
C:\WINDOWS\system32\nnnmp.ini
C:\WINDOWS\system32\nnnmp.ini2
C:\WINDOWS\system32\nnnmp.tmp
C:\WINDOWS\system32\pmnljkk.dll
C:\WINDOWS\System32\pmnnn.dll
C:\WINDOWS\system32\qommkkj.dll
C:\WINDOWS\system32\rqrqnlm.dll
C:\WINDOWS\system32\ssqqnki.dll
C:\WINDOWS\system32\tuvvuvs.dll
C:\WINDOWS\system32\urqqpno.dll
C:\WINDOWS\system32\vtusqpo.dll
C:\WINDOWS\system32\vtuurpm.dll
C:\WINDOWS\system32\vtuvust.dll
C:\WINDOWS\system32\wvusqqr.dll
C:\WINDOWS\system32\wvusspm.dll
C:\WINDOWS\system32\wvutqqp.dll
C:\WINDOWS\system32\wvuvvvs.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtqoll.dll
C:\WINDOWS\system32\awtqoll.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxxxyy.dll
C:\WINDOWS\system32\cbxxxyy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcdayv.dll
C:\WINDOWS\system32\ddcdayv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fccccbx.dll
C:\WINDOWS\system32\fccccbx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggdbxv.dll
C:\WINDOWS\system32\hggdbxv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggfeby.dll
C:\WINDOWS\system32\hggfeby.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hkawdlfl.dll
C:\WINDOWS\system32\hkawdlfl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iagtgiul.ini
C:\WINDOWS\system32\iagtgiul.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\iiffcca.dll
C:\WINDOWS\system32\iiffcca.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkjjjg.dll
C:\WINDOWS\system32\jkkjjjg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfdaax.dll
C:\WINDOWS\system32\khfdaax.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\luigtgai.dll
C:\WINDOWS\system32\luigtgai.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnkiij.dll
C:\WINDOWS\system32\nnnkiij.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnmp.bak1
C:\WINDOWS\system32\nnnmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnmp.bak2
C:\WINDOWS\system32\nnnmp.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnmp.ini
C:\WINDOWS\system32\nnnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnmp.ini2
C:\WINDOWS\system32\nnnmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnmp.tmp
C:\WINDOWS\system32\nnnmp.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnljkk.dll
C:\WINDOWS\system32\pmnljkk.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\pmnnn.dll
C:\WINDOWS\System32\pmnnn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qommkkj.dll
C:\WINDOWS\system32\qommkkj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqrqnlm.dll
C:\WINDOWS\system32\rqrqnlm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqqnki.dll
C:\WINDOWS\system32\ssqqnki.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvvuvs.dll
C:\WINDOWS\system32\tuvvuvs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqqpno.dll
C:\WINDOWS\system32\urqqpno.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtusqpo.dll
C:\WINDOWS\system32\vtusqpo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtuurpm.dll
C:\WINDOWS\system32\vtuurpm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtuvust.dll
C:\WINDOWS\system32\vtuvust.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvusqqr.dll
C:\WINDOWS\system32\wvusqqr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvusspm.dll
C:\WINDOWS\system32\wvusspm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvutqqp.dll
C:\WINDOWS\system32\wvutqqp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvuvvvs.dll
C:\WINDOWS\system32\wvuvvvs.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...


et le rapport hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 20:25:14, on 31/03/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\windows\system32\uvcx.exe
C:\WINDOWS\System32\logon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\xfygfqz.exe
C:\WINDOWS\System32\aspi275933.exe
C:\WINDOWS\System32\doom3d.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\tcpipmon.exe
C:\WINDOWS\System32\explorer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\System\MSIWA32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\urdvxc.exe
C:\WINDOWS\System32\tcpipmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\winsvcmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\System32\escurb.exe
C:\WINDOWS\System32\lyzwx.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\System32\hkawdlfl.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {94C9F315-D29A-4175-A1D0-01C1EF1DA2DF} - C:\WINDOWS\System32\pmnnn.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D717931A-4447-45ED-8B2B-2675DE7EBEF8} - C:\WINDOWS\System32\lfadahia.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [uvnx] c:\windows\system32\uvcx.exe
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32\luigtgai.dll",setvm
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Update] ns75.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\System32\lyzwx.exe
O4 - HKLM\..\Run: [doom 3d] doom3d.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe
O4 - HKLM\..\RunServices: [Update] ns75.exe
O4 - HKLM\..\RunServices: [doom 3d] doom3d.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Symantec Antivirus professional] dyndns.exe
O4 - HKCU\..\Run: [Windows-Xordate] wuauclt9.exe
O4 - HKCU\..\Run: [Update] ns75.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a13d58f884c04bcdb27d6c36e4b5cc3c
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a13d58f884c04bcdb27d6c36e4b5cc3c
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\netfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\netfilter.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E73E0923-6F04-4DEF-9813-1CAC33A18BDE}: NameServer = 192.168.1.3,0.0.0.0
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cbxwuss - C:\WINDOWS\SYSTEM32\cbxwuss.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\System32\aspi275933.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Integrated Windows Authentication - Unknown owner - C:\Program Files\Fichiers communs\System\MSIWA32.exe
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Windows Service Monitor (winsvcmon) - Unknown owner - C:\WINDOWS\System32\winsvcmon.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

voici les rapport de sdfix et un nouveau hijackthis
SDFix: Version 1.75

Run by pc - 31/03/2007 - 22:34:09,31

Microsoft Windows XP [version 5.1.2600]

Running From: C:\Documents and Settings\pc\Bureau\sdfix

Safe Mode:
Checking Services:

Name:
aspi113210
kprof
MSWindows
poof
winsvcmon

ImagePath:
C:\WINDOWS\System32\aspi275933.exe
\??\C:\WINDOWS\System32\kprof
"C:\WINDOWS\System32\urdvxc.exe" /service
\??\C:\WINDOWS\System32\poof
C:\WINDOWS\System32\winsvcmon.exe

aspi113210 Deleted
kprof Deleted
MSWindows Deleted
poof Deleted
winsvcmon Deleted

Killing PID 200 'smss.exe'
Killing PID 272 'winlogon.exe'

Restoring Windows Registry Entries
Restoring Default Hosts File

et hijack this

Logfile of HijackThis v1.99.1
Scan saved at 22:40:32, on 31/03/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\pjwcxown.exe
C:\WINDOWS\System32\doom3d.exe
C:\Program Files\Fichiers communs\System\MSIWA32.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\System32\hkawdlfl.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {94C9F315-D29A-4175-A1D0-01C1EF1DA2DF} - C:\WINDOWS\System32\pmnnn.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D717931A-4447-45ED-8B2B-2675DE7EBEF8} - C:\WINDOWS\System32\lfadahia.dll
O2 - BHO: (no name) - {E1DAC82B-1C81-41B2-AC1B-6AE2653965E0} - C:\WINDOWS\System32\cbxwuss.dll
O2 - BHO: (no name) - {E9A9900B-EE67-465B-B512-95831FAD0695} - C:\WINDOWS\System32\mllmj.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [uvnx] c:\windows\system32\uvcx.exe
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32\luigtgai.dll",setvm
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Update] ns75.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\System32\pjwcxown.exe
O4 - HKLM\..\Run: [doom 3d] doom3d.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe
O4 - HKLM\..\RunServices: [Update] ns75.exe
O4 - HKLM\..\RunServices: [doom 3d] doom3d.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Symantec Antivirus professional] dyndns.exe
O4 - HKCU\..\Run: [Windows-Xordate] wuauclt9.exe
O4 - HKCU\..\Run: [Update] ns75.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a13d58f884c04bcdb27d6c36e4b5cc3c
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a13d58f884c04bcdb27d6c36e4b5cc3c
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\netfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\netfilter.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E73E0923-6F04-4DEF-9813-1CAC33A18BDE}: NameServer = 192.168.1.3,0.0.0.0
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cbxwuss - C:\WINDOWS\SYSTEM32\cbxwuss.dll
O20 - Winlogon Notify: mllmj - C:\WINDOWS\System32\mllmj.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll (file missing)
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\System32\aspi275933.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Integrated Windows Authentication - Unknown owner - C:\Program Files\Fichiers communs\System\MSIWA32.exe
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Windows Service Monitor (winsvcmon) - Unknown owner - C:\WINDOWS\System32\winsvcmon.exe (file missing)
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

merci pour ton aide

ok je t'envoie le rapport de smith fraud

SmitFraudFix v2.162

Rapport fait à 22:59:32,17, 31/03/2007
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\pjwcxown.exe
C:\WINDOWS\System32\doom3d.exe
C:\Program Files\Fichiers communs\System\MSIWA32.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\

ok et remerci pour ton aide

je crois qu'il n'etait pas sur la racine donc j'ai relancé un rapport aprés avoir déplacé smith fraud dans c:

et voici le nouveau rapport

SmitFraudFix v2.162

Rapport fait à 23:16:32,42, 31/03/2007
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\pjwcxown.exe
C:\WINDOWS\System32\doom3d.exe
C:\Program Files\Fichiers communs\System\MSIWA32.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\pc


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\pc\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\pc\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

pe386 détecté, utilisez un scanner de Rootkit


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{43887D4B-2967-46E8-9354-491A66DA5CD4}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E73E0923-6F04-4DEF-9813-1CAC33A18BDE}: NameServer=192.168.1.3,0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{43887D4B-2967-46E8-9354-491A66DA5CD4}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E73E0923-6F04-4DEF-9813-1CAC33A18BDE}: NameServer=192.168.1.3,0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{43887D4B-2967-46E8-9354-491A66DA5CD4}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E73E0923-6F04-4DEF-9813-1CAC33A18BDE}: NameServer=192.168.1.3,0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

voici le nouveau rapport hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 23:29:53, on 31/03/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\pjwcxown.exe
C:\WINDOWS\System32\doom3d.exe
C:\Program Files\Fichiers communs\System\MSIWA32.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\System32\hkawdlfl.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {94C9F315-D29A-4175-A1D0-01C1EF1DA2DF} - C:\WINDOWS\System32\pmnnn.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D717931A-4447-45ED-8B2B-2675DE7EBEF8} - C:\WINDOWS\System32\lfadahia.dll
O2 - BHO: (no name) - {E1DAC82B-1C81-41B2-AC1B-6AE2653965E0} - C:\WINDOWS\System32\cbxwuss.dll
O2 - BHO: (no name) - {E9A9900B-EE67-465B-B512-95831FAD0695} - C:\WINDOWS\System32\mllmj.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [uvnx] c:\windows\system32\uvcx.exe
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32\luigtgai.dll",setvm
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Update] ns75.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\System32\pjwcxown.exe
O4 - HKLM\..\Run: [doom 3d] doom3d.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe
O4 - HKLM\..\RunServices: [Update] ns75.exe
O4 - HKLM\..\RunServices: [doom 3d] doom3d.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Symantec Antivirus professional] dyndns.exe
O4 - HKCU\..\Run: [Windows-Xordate] wuauclt9.exe
O4 - HKCU\..\Run: [Update] ns75.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a13d58f884c04bcdb27d6c36e4b5cc3c
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a13d58f884c04bcdb27d6c36e4b5cc3c
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\netfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\netfilter.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E73E0923-6F04-4DEF-9813-1CAC33A18BDE}: NameServer = 192.168.1.3,0.0.0.0
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cbxwuss - C:\WINDOWS\SYSTEM32\cbxwuss.dll
O20 - Winlogon Notify: mllmj - C:\WINDOWS\System32\mllmj.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll (file missing)
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\System32\aspi275933.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Integrated Windows Authentication - Unknown owner - C:\Program Files\Fichiers communs\System\MSIWA32.exe
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Windows Service Monitor (winsvcmon) - Unknown owner - C:\WINDOWS\System32\winsvcmon.exe (file missing)
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

et reremerci pour ton aide

bon j'ai lancé rustbfix.exe il a redemaré 2 x le pc mais un seul rapport est apparu je te l'envoie + un nouveau hijackthis.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\n^brcbep

*******************

Script file located at: xamtlpbe

Could not open script file! Error

Could not open script file! Status: 0xc000003b Abort!

comme tu peu le voir il est très court donc dit moi si tu veux que je le relance

+le nouveau hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 23:52:56, on 31/03/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\System\MSIWA32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\pjwcxown.exe
C:\WINDOWS\System32\doom3d.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4B374862-0AB6-471B-A66D-1BD891699784} - C:\WINDOWS\System32\mllmj.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\System32\hkawdlfl.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {94C9F315-D29A-4175-A1D0-01C1EF1DA2DF} - C:\WINDOWS\System32\pmnnn.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D717931A-4447-45ED-8B2B-2675DE7EBEF8} - C:\WINDOWS\System32\lfadahia.dll
O2 - BHO: (no name) - {E1DAC82B-1C81-41B2-AC1B-6AE2653965E0} - C:\WINDOWS\System32\cbxwuss.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [uvnx] c:\windows\system32\uvcx.exe
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32\luigtgai.dll",setvm
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Update] ns75.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\System32\pjwcxown.exe
O4 - HKLM\..\Run: [doom 3d] doom3d.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe
O4 - HKLM\..\RunServices: [Update] ns75.exe
O4 - HKLM\..\RunServices: [doom 3d] doom3d.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Symantec Antivirus professional] dyndns.exe
O4 - HKCU\..\Run: [Windows-Xordate] wuauclt9.exe
O4 - HKCU\..\Run: [Update] ns75.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a13d58f884c04bcdb27d6c36e4b5cc3c
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a13d58f884c04bcdb27d6c36e4b5cc3c
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\netfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\netfilter.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E73E0923-6F04-4DEF-9813-1CAC33A18BDE}: NameServer = 192.168.1.3,0.0.0.0
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cbxwuss - C:\WINDOWS\SYSTEM32\cbxwuss.dll
O20 - Winlogon Notify: mllmj - C:\WINDOWS\System32\mllmj.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll (file missing)
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\System32\aspi275933.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Integrated Windows Authentication - Unknown owner - C:\Program Files\Fichiers communs\System\MSIWA32.exe
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Windows Service Monitor (winsvcmon) - Unknown owner - C:\WINDOWS\System32\winsvcmon.exe (file missing)
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

et rereremerci

Nouveau rapport de rustbfix

************************* Rustock.b-fix -- By ejvindh *************************
01/04/2007 0:44:54,26

Rustock.b-driver on the system: NONE!

Rustock.b-ADS attached to the System32-folder:
:lzx32.sys 73098
Total size: 73098 bytes.
Attempting to remove ADS...
system32: deleted 73098 bytes in 1 streams.

Looking for Rustock.b-files in the System32-folder:
No Rustock.b-files found in system32


******************* Post-run Status of system *******************

Rustock.b-driver on the system: NONE!

Rustock.b-ADS attached to the System32-folder:
No System32-ADS found.

Looking for Rustock.b-files in the System32-folder:
No Rustock.b-files found in system32


******************************* End of Logfile ********************************

Bon j'ai quand meme fait un remove sur vundofix voici le nouveau rapport



VundoFix V6.3.18

Checking Java version...

Java version is 1.5.0.11

Scan started at 20:08:25 31/03/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtqoll.dll
C:\WINDOWS\system32\cbxxxyy.dll
C:\WINDOWS\system32\ddcdayv.dll
C:\WINDOWS\system32\fccccbx.dll
C:\WINDOWS\system32\hggdbxv.dll
C:\WINDOWS\system32\hggfeby.dll
C:\WINDOWS\system32\hkawdlfl.dll
C:\WINDOWS\system32\iagtgiul.ini
C:\WINDOWS\system32\iiffcca.dll
C:\WINDOWS\system32\jkkjjjg.dll
C:\WINDOWS\system32\khfdaax.dll
C:\WINDOWS\system32\luigtgai.dll
C:\WINDOWS\system32\nnnkiij.dll
C:\WINDOWS\system32\nnnmp.bak1
C:\WINDOWS\system32\nnnmp.bak2
C:\WINDOWS\system32\nnnmp.ini
C:\WINDOWS\system32\nnnmp.ini2
C:\WINDOWS\system32\nnnmp.tmp
C:\WINDOWS\system32\pmnljkk.dll
C:\WINDOWS\System32\pmnnn.dll
C:\WINDOWS\system32\qommkkj.dll
C:\WINDOWS\system32\rqrqnlm.dll
C:\WINDOWS\system32\ssqqnki.dll
C:\WINDOWS\system32\tuvvuvs.dll
C:\WINDOWS\system32\urqqpno.dll
C:\WINDOWS\system32\vtusqpo.dll
C:\WINDOWS\system32\vtuurpm.dll
C:\WINDOWS\system32\vtuvust.dll
C:\WINDOWS\system32\wvusqqr.dll
C:\WINDOWS\system32\wvusspm.dll
C:\WINDOWS\system32\wvutqqp.dll
C:\WINDOWS\system32\wvuvvvs.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtqoll.dll
C:\WINDOWS\system32\awtqoll.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxxxyy.dll
C:\WINDOWS\system32\cbxxxyy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcdayv.dll
C:\WINDOWS\system32\ddcdayv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fccccbx.dll
C:\WINDOWS\system32\fccccbx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggdbxv.dll
C:\WINDOWS\system32\hggdbxv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggfeby.dll
C:\WINDOWS\system32\hggfeby.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hkawdlfl.dll
C:\WINDOWS\system32\hkawdlfl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iagtgiul.ini
C:\WINDOWS\system32\iagtgiul.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\iiffcca.dll
C:\WINDOWS\system32\iiffcca.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkjjjg.dll
C:\WINDOWS\system32\jkkjjjg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfdaax.dll
C:\WINDOWS\system32\khfdaax.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\luigtgai.dll
C:\WINDOWS\system32\luigtgai.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnkiij.dll
C:\WINDOWS\system32\nnnkiij.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnmp.bak1
C:\WINDOWS\system32\nnnmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnmp.bak2
C:\WINDOWS\system32\nnnmp.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnmp.ini
C:\WINDOWS\system32\nnnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnmp.ini2
C:\WINDOWS\system32\nnnmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnmp.tmp
C:\WINDOWS\system32\nnnmp.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnljkk.dll
C:\WINDOWS\system32\pmnljkk.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\pmnnn.dll
C:\WINDOWS\System32\pmnnn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qommkkj.dll
C:\WINDOWS\system32\qommkkj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqrqnlm.dll
C:\WINDOWS\system32\rqrqnlm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqqnki.dll
C:\WINDOWS\system32\ssqqnki.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvvuvs.dll
C:\WINDOWS\system32\tuvvuvs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqqpno.dll
C:\WINDOWS\system32\urqqpno.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtusqpo.dll
C:\WINDOWS\system32\vtusqpo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtuurpm.dll
C:\WINDOWS\system32\vtuurpm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtuvust.dll
C:\WINDOWS\system32\vtuvust.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvusqqr.dll
C:\WINDOWS\system32\wvusqqr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvusspm.dll
C:\WINDOWS\system32\wvusspm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvutqqp.dll
C:\WINDOWS\system32\wvutqqp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvuvvvs.dll
C:\WINDOWS\system32\wvuvvvs.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\wvuvvvs.dll
C:\WINDOWS\system32\wvuvvvs.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\System32\cbxwuss.dll
C:\WINDOWS\System32\cbxwuss.dll Could not be deleted.

Attempting to delete C:\WINDOWS\System32\lfadahia.dll
C:\WINDOWS\System32\lfadahia.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\mllmj.dll
C:\WINDOWS\System32\mllmj.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.18

Checking Java version...

Java version is 1.5.0.11

Scan started at 02:08:25 01/04/2007

Listing files found while scanning....

C:\WINDOWS\system32\cbxwuss.dll
C:\WINDOWS\system32\ddcyxuv.dll
C:\WINDOWS\System32\edeeg.bak1
C:\WINDOWS\System32\edeeg.ini
C:\WINDOWS\system32\fccabaw.dll
C:\WINDOWS\System32\geede.dll
C:\WINDOWS\system32\ixyiwrsy.ini
C:\WINDOWS\system32\nsjpglok.dll
C:\WINDOWS\system32\ysrwiyxi.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\cbxwuss.dll
C:\WINDOWS\system32\cbxwuss.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcyxuv.dll
C:\WINDOWS\system32\ddcyxuv.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\edeeg.bak1
C:\WINDOWS\System32\edeeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\edeeg.ini
C:\WINDOWS\System32\edeeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fccabaw.dll
C:\WINDOWS\system32\fccabaw.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\geede.dll
C:\WINDOWS\System32\geede.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ixyiwrsy.ini
C:\WINDOWS\system32\ixyiwrsy.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\nsjpglok.dll
C:\WINDOWS\system32\nsjpglok.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ysrwiyxi.dll
C:\WINDOWS\system32\ysrwiyxi.dll Has been deleted!

Performing Repairs to the registry.
Done!


puis un nouveau hijackthis


Logfile of HijackThis v1.99.1
Scan saved at 02:41:41, on 01/04/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\System\MSIWA32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\System32\nsjpglok.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C9BBA2DF-95A1-4ABB-B978-9FD962619FC7} - C:\WINDOWS\System32\geede.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32\ysrwiyxi.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a13d58f884c04bcdb27d6c36e4b5cc3c
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a13d58f884c04bcdb27d6c36e4b5cc3c
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E73E0923-6F04-4DEF-9813-1CAC33A18BDE}: NameServer = 192.168.1.3,0.0.0.0
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\System32\aspi275933.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Integrated Windows Authentication - Unknown owner - C:\Program Files\Fichiers communs\System\MSIWA32.exe
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Windows Service Monitor (winsvcmon) - Unknown owner - C:\WINDOWS\System32\winsvcmon.exe (file missing)

merci

bonsoir,

Katoo, stp, peux tu te créer un nouveau sujet, sinon on ne s'en sortira jamais. Merci

oki je m'y colle et je te donne des news plus tard je vien juste de rentrer du taf

Je te dit ce que je n'ais pas pu faire :

1 ) Integrated Windows Authentication
et le chemin
C:\Program Files\Fichiers communs\System\MSIWA32.exe
>> selectionner "Arreter" car bouton grisé pas acces a cette modif

2 )
C:\WINDOWS\System32\winsvcmon.exe
C:\WINDOWS\System32\urdvxc.exe
C:\Program Files\Fichiers communs\System\MSIWA32.exe

>> n'etaient pas présent comme tu l'as dit plutôt.

3 ) après tout c'est bien passé donc cijoint les rapport AVG et hijack this

Avant les rappport je te donne une autre présion j'ai toujours le problème pour ouvrir internet explorer >> msvcrl.dll introuvable, je ne sai pas si c encore normal a ce stade ?

Sinon voici les deux rapport et toujours et encore merci pour ce que tu fais :-)

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 21:37:26 02/04/2007

+ Résultat de l'analyse:



F:\Program Files\Hotbar\bin\4.4.5.0\HbCoreSrv.dll -> Adware.HotBar : Nettoyé et sauvegardé (mise en quarantaine).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Windows installer -> Adware.PestTrap : Nettoyé et sauvegardé (mise en quarantaine).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Windows installer -> Adware.PestTrap : Erreur lors du nettoyage.
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP272\A0039887.exe -> Adware.SpySheriff : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP272\A0039888.dll -> Adware.SpySheriff : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP272\A0039890.dll -> Adware.SpySheriff : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\Hijackthis Version Française\backups\backup-20070401-015226-210.dll -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP278\A0057019.dll -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP278\A0057020.dll -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP278\A0057021.dll -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\awtqoll.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\cbxwuss.dll .bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\cbxwuss.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\cbxxxyy.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\ddcdayv.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\ddcyxuv.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\fccabaw.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\fccccbx.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\hggdbxv.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\hggfeby.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\iiffcca.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\jkkjjjg.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\khfdaax.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\nnnkiij.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\pmnljkk.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\qommkkj.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\rqrqnlm.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\ssqqnki.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\tuvvuvs.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\urqqpno.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\vtusqpo.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\vtuurpm.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\vtuvust.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\wvusqqr.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\wvusspm.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\wvutqqp.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP275\A0050928.exe -> Adware.WinFixer : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\pc\Bureau\sdfix\backups\explorer.exe -> Backdoor.PoeBot.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP278\A0054935.exe -> Backdoor.PoeBot.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\pc\Bureau\sdfix\backups\logon.exe -> Backdoor.Rbot.bug : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP278\A0054938.exe -> Backdoor.Rbot.bug : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\Fichiers communs\System\MSIWA32.exe -> Downloader.Agent.bkh : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\pc\Bureau\sdfix\backups\uvcx.exe -> Downloader.Small.cul : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP272\A0037806.exe -> Downloader.Small.cul : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP272\A0037807.exe -> Downloader.Small.cul : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP272\A0037876.exe -> Downloader.Small.cul : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP272\A0038876.exe -> Downloader.Small.cul : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP272\A0039876.exe -> Downloader.Small.cul : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP272\A0040875.exe -> Downloader.Small.cul : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP272\A0040876.exe -> Downloader.Small.cul : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP272\A0040888.exe -> Downloader.Small.cul : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP272\A0040891.exe -> Downloader.Small.cul : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP272\A0042941.exe -> Downloader.Small.cul : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP278\A0054942.exe -> Downloader.Small.cul : Nettoyé et sauvegardé (mise en quarantaine).
F:\Mes documents\stephanie.mary2\MsgPlus-300.exe/sponsor2.exe -> Downloader.Swizzor.ag : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\install.exe -> Dropper.Small.awt : Nettoyé et sauvegardé (mise en quarantaine).
C:\!KillBox\doom3d.exe -> Heuristic.Win32.Morphine-Crypted : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP278\A0057004.exe -> Heuristic.Win32.Morphine-Crypted : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\pc\Bureau\sdfix\backups\tcpipmon.exe -> Hijacker.Agent.is : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP278\A0054940.exe -> Hijacker.Agent.is : Nettoyé et sauvegardé (mise en quarantaine).
C:\rrvfi.exe -> Hijacker.Agent.is : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\installer.exe -> Logger.BZub.ik : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP277\A0052925.dll -> Logger.Goldun.ms : Nettoyé et sauvegardé (mise en quarantaine).
C:\!KillBox\pjwcxown.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP278\A0057003.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\cescgv.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\dwvzalc.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\ekjep.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\empta.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\escurb.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\gatced.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\impm.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\jaqfd.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\kqaui.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\lyzwx.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\ofempnhj.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\opzw.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\qfwe.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\qgswyv.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\qhcl.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\qkvhxae.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\rkds.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\txlx.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\upknx.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\uson.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\uumfzteh.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\vvvfz.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\wtfa.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\xfygfqz.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\xmygno.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\zdqvui.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\pc\Bureau\sdfix\backups\rpcc.dll -> Proxy.Dlena.cb : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP272\A0039884.dll -> Proxy.Dlena.cb : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP278\A0054939.dll -> Proxy.Dlena.cb : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0123VNOY\ve0wh[1].jpg -> Proxy.Ranky : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\pc\Bureau\sdfix\backups\19.tmp -> Proxy.Ranky : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\pc\Bureau\sdfix\backups\3.tmp -> Proxy.Ranky : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\pc\Bureau\sdfix\backups\8.tmp -> Proxy.Ranky : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\Alwil Software\Avast4\DATA\moved\[FSG].vir -> Proxy.Ranky : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\pc\Bureau\sdfix\backups\11.tmp -> Proxy.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\pc\Bureau\sdfix\backups\15.tmp -> Proxy.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\pc\Bureau\sdfix\backups\16.tmp -> Proxy.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\pc\Bureau\sdfix\backups\1A.tmp -> Proxy.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\pc\Bureau\sdfix\backups\F.tmp -> Proxy.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\netfilter.dll -> Proxy.Small : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WinOpts -> Proxy.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\pc\Bureau\sdfix\backups\koos.exe -> Proxy.Wopla.ag : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\pc\Bureau\sdfix\backups\kprof -> Proxy.Wopla.ag : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\pc\Bureau\sdfix\backups\poof -> Proxy.Wopla.ag : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP278\A0054937.exe -> Proxy.Wopla.ag : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\pc\Bureau\sdfix\backups\s.exe -> Rootkit.Agent.ea : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP278\A0054934.exe -> Rootkit.Agent.ea : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP280\A0059065.sys -> Rootkit.Agent.ea : Nettoyé et sauvegardé (mise en quarantaine).
:mozilla.8:C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\qxjsgbcx.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\pc\Bureau\sdfix\backups\aspi275933.exe -> Trojan.Agent.acz : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP278\A0054931.exe -> Trojan.Agent.acz : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\aspi271403.exe -> Trojan.Agent.acz : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP272\A0038881.exe -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP272\A0039881.exe -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1C807D6F-AB31-4520-96B7-A4ECD2B2555D}\RP272\A0039889.dll -> Trojan.Zlob : Nettoyé et sauvegardé (mise en quarantaine).


Fin du rapport

et hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 21:51:27, on 02/04/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a13d58f884c04bcdb27d6c36e4b5cc3c
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a13d58f884c04bcdb27d6c36e4b5cc3c
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E73E0923-6F04-4DEF-9813-1CAC33A18BDE}: NameServer = 192.168.1.3,0.0.0.0
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\System32\aspi275933.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

je pense que c'est ce que je vais faire réinstaller IE.

En tout cas je te remercie énormément pour l'aide que tu m'a apporté et surtout pour le temps que tu y a passé.

Je dois dire que je ne m'attendais pas à avoir une réponse aussi poussée.
et je te souhaite de recevoir autant que ce que tu donne aux autres.


Salutations et bonne continuation.

ok je vais faire ce que tu m'as dit,

Salutations