Your computer is infected by unknown trojan

slt,



Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

O2 - BHO: Rates - {6CA6DDF4-8904-4179-A45D-91438342F83A} - C:\WINDOWS\toprates.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

_______________________


télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\WINDOWS\toprates.dll


clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

___________________________

combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

____________________________

colle le rapport d'un scan en ligne
avec un des suivants: ou avec ton antivirus kaspersky


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://www.pandasoftware.fr/Activescan/Activescan.html

secuser en ligne :
http://www.secuser.com/outils/antivirus.htm

_____________________________

recolle hijackhtis et dis tes soucis

Merci ça marche maintenant, j'ai pas fé le sacn de l'antivirus :-)



Rapports OtMoveIt:

C:\WINDOWS\toprates.dll unregistered successfully.
File move failed. C:\WINDOWS\toprates.dll scheduled to be moved on reboot.

Created on 01/15/2008 09:01:16

File/Folder C:\WINDOWS\toprates.dll not found.

Created on 01/15/2008 09:05:23






Rapport Combifix:

ComboFix 08-01-15.4 - Mohamed 2008-01-15 9:54:35.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.636 [GMT 0:00]
Running from: C:\Documents and Settings\Mohamed\Bureau\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Mohamed\Bureau\IE Defender 2.4.lnk
C:\Program Files\IE Defender
C:\Program Files\IE Defender\iedefender.db1
C:\Program Files\IE Defender\iedefender.db2
C:\Program Files\IE Defender\iedefender.db3
C:\Program Files\IE Defender\iedefender.db4
C:\Program Files\IE Defender\iedefender.db5
C:\Program Files\IE Defender\iedefender.exe
C:\Program Files\IE Defender\Uninstall.exe
C:\Program Files\internet explorer\keygen.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_WINDOWNETPKER




((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-15 to 2008-01-15 ))))))))))))))))))))))))))))))))))))
.

2008-01-15 09:07 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-14 17:10 . 2008-01-14 17:10 <REP> d-------- C:\Documents and Settings\Mohamed\Application DataPDFcreator
2008-01-14 14:13 . 2008-01-14 14:13 244 --ah----- C:\sqmnoopt06.sqm
2008-01-14 14:13 . 2008-01-14 14:13 232 --ah----- C:\sqmdata06.sqm
2008-01-14 11:53 . 2008-01-14 11:53 <REP> d-------- C:\Program Files\Investintech.com Inc
2008-01-14 11:52 . 2008-01-15 09:12 <REP> d--hs---- C:\WINDOWS\system32\Sys
2008-01-14 11:04 . 2008-01-14 11:04 244 --ah----- C:\sqmnoopt05.sqm
2008-01-14 11:04 . 2008-01-14 11:04 232 --ah----- C:\sqmdata05.sqm
2008-01-14 10:18 . 2008-01-14 10:18 35,016,489 --a------ C:\WINDOWS\VPTNFILE.943
2008-01-14 10:18 . 2008-01-14 10:18 35,016,489 --a------ C:\WINDOWS\LPT$VPN.943
2008-01-14 10:13 . 2008-01-14 10:18 <REP> d-------- C:\WINDOWS\AU_Temp
2008-01-14 10:05 . 2008-01-14 10:05 524,094 --a------ C:\upload_moi_THM.tar.gz
2008-01-14 09:44 . 2008-01-14 09:44 244 --ah----- C:\sqmnoopt04.sqm
2008-01-14 09:44 . 2008-01-14 09:44 232 --ah----- C:\sqmdata04.sqm
2008-01-14 09:11 . 2008-01-14 09:11 244 --ah----- C:\sqmnoopt03.sqm
2008-01-14 09:11 . 2008-01-14 09:11 232 --ah----- C:\sqmdata03.sqm
2008-01-09 17:35 . 2008-01-14 10:07 1,682 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-09 17:32 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-09 17:32 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-09 17:32 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-09 17:06 . 2008-01-09 17:11 50 --a------ C:\tmp.bat
2008-01-09 08:53 . 2008-01-15 10:02 4,112,672 --ahs---- C:\WINDOWS\system32\drivers\fidbox­.dat
2008-01-09 08:53 . 2008-01-09 09:06 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-01-09 08:53 . 2008-01-09 09:06 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat­
2008-01-09 08:53 . 2008-01-15 10:00 58,196 --ahs---- C:\WINDOWS\system32\drivers\fidbox.id­x
2008-01-09 08:53 . 2008-01-15 10:00 27,680 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.d­at
2008-01-09 08:53 . 2008-01-15 10:00 5,732 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.id­x
2008-01-09 08:52 . 2008-01-09 08:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-01-08 11:51 . 2008-01-08 11:52 <REP> d-------- C:\Documents and Settings\Mohamed\Application Data\Prelude
2008-01-08 11:51 . 2008-01-08 11:51 48 --a------ C:\WINDOWS\RRW.INI
2008-01-08 11:50 . 2008-01-08 11:50 <REP> d-------- C:\Program Files\Prelude
2008-01-03 12:40 . 2008-01-03 12:40 <REP> d-------- C:\Program Files\CCleaner
2008-01-03 12:35 . 2008-01-03 12:35 <REP> d-------- C:\WINDOWS\$regcmp$
2008-01-03 12:34 . 2008-01-03 12:38 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-03 12:33 . 2008-01-03 12:33 <REP> d-------- C:\Program Files\CleanMyPC
2008-01-03 09:10 . 2008-01-03 09:10 <REP> d-------- C:\Program Files\ma-config.com
2008-01-03 09:10 . 2008-01-03 09:10 <REP> d-------- C:\Documents and Settings\Mohamed\Application Data\ma-config.com
2008-01-02 14:35 . 2008-01-02 14:35 <REP> d-------- C:\Documents and Settings\Mohamed\Application Data\Apple Computer
2008-01-02 14:32 . 2008-01-02 14:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-02 14:32 . 2008-01-02 14:32 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-02 14:31 . 2008-01-02 14:32 <REP> d-------- C:\Program Files\QuickTime
2008-01-02 14:31 . 2008-01-02 14:31 <REP> d-------- C:\Program Files\Apple Software Update
2008-01-02 14:31 . 2008-01-02 14:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-02 14:31 . 2008-01-02 14:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-26 09:21 . 2007-12-26 09:22 <REP> d-------- C:\Program Files\T‚l‚chargeur de Colin Mc Rae 2005
2007-12-26 09:18 . 2007-12-26 09:18 <REP> d-------- C:\Program Files\T‚l‚chargeur de Toca RD3
2007-12-25 15:49 . 2007-12-27 17:33 <REP> d-------- C:\partage MOMO
2007-12-25 08:47 . 2007-12-25 08:47 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared
2007-12-25 08:47 . 2007-12-25 08:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2007-12-25 08:47 . 2007-12-25 08:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
2007-12-24 16:01 . 2007-12-24 16:01 <REP> d-------- C:\Program Files\Prospective
2007-12-24 16:01 . 2007-12-24 16:01 <REP> d-------- C:\Documents and Settings\Mohamed\Application Data\Xenocode
2007-12-24 15:10 . 2005-09-27 14:11 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2007-12-24 15:10 . 2006-11-10 10:55 120,952 --a------ C:\WINDOWS\system32\PandoraCtrl2.dll­
2007-12-24 15:10 . 2005-03-11 17:06 102,400 --a------ C:\WINDOWS\system32\PandoraCtrl.dll
2007-12-24 15:06 . 2007-12-26 09:21 <REP> d-------- C:\Program Files\BoontyGames
2007-12-24 15:06 . 2007-12-24 15:10 <REP> d-------- C:\Program Files\Boonty
2007-12-24 14:31 . 2007-12-24 14:31 <REP> d-------- C:\WINDOWS\Sun
2007-12-24 14:31 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-24 14:30 . 2007-12-24 14:31 <REP> d-------- C:\Program Files\Java
2007-12-24 14:26 . 2007-12-24 14:26 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-12-24 12:02 . 1998-01-23 13:22 304,128 --a------ C:\WINDOWS\IsUninst.exe
2007-12-24 12:01 . 2007-12-24 12:01 <REP> d-------- C:\Documents and Settings\Mohamed\WINDOWS
2007-12-24 10:31 . 2007-12-24 10:31 <REP> d-------- C:\Program Files\TranscatPLM
2007-12-24 10:29 . 2007-12-24 10:29 <REP> d-------- C:\Documents and Settings\Mohamed\Application Data\InstallShield
2007-12-17 13:42 . 2008-01-14 10:18 <REP> d-------- C:\WINDOWS\report
2007-12-17 13:42 . 2008-01-14 10:18 <REP> d-------- C:\WINDOWS\AU_Backup
2007-12-17 13:42 . 2008-01-14 10:18 1,909,671 --a------ C:\WINDOWS\tsc.ptn
2007-12-17 13:42 . 2008-01-14 10:18 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-12-17 13:42 . 2008-01-14 10:18 267,845 --a------ C:\WINDOWS\tsc.exe
2007-12-17 13:42 . 2008-01-14 10:18 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-12-17 13:42 . 2008-01-14 10:18 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-12-17 13:42 . 2008-01-14 11:03 823 --a------ C:\WINDOWS\tsc.ini
2007-12-17 13:32 . 2007-12-17 13:32 <REP> d-------- C:\WINDOWS\AU_Log
2007-12-17 13:32 . 2007-12-17 13:32 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-12-17 13:32 . 2007-12-17 13:32 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-12-17 13:32 . 2007-12-17 13:32 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-12-17 13:32 . 2008-01-14 10:13 170 --a------ C:\WINDOWS\GetServer.ini
2007-12-17 12:12 . 2008-01-09 16:02 <REP> d-------- C:\Documents and Settings\Mohamed\Application Data\U3

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 10:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-15 09:16 --------- d-----w C:\Documents and Settings\Mohamed\Application Data\DMCache
2008-01-09 08:53 --------- d-----w C:\Program Files\Kaspersky Lab
2007-12-26 09:22 --------- d-----w C:\Program Files\Téléchargeur de Colin Mc Rae 2005
2007-12-26 09:18 --------- d-----w C:\Program Files\Téléchargeur de Toca RD3
2007-12-24 14:35 --------- d-----w C:\Documents and Settings\Mohamed\Application Data\DassaultSystemes
2007-12-24 12:02 --------- d-----w C:\Program Files\Dassault Systemes
2007-12-24 10:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-24 10:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-12-12 09:32 --------- d-----w C:\Documents and Settings\Mohamed\Application Data\uTorrent
2007-12-10 09:41 --------- d-----w C:\Documents and Settings\Mohamed\Application Data\Media Player Classic
2007-12-10 09:40 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-04 11:15 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-12-04 11:15 --------- d-----w C:\Documents and Settings\Mohamed\Application Data\InterTrust
2007-12-03 14:22 --------- d-----w C:\Program Files\Virtools
2007-12-03 12:59 51,304 ----a-w C:\WINDOWS\system32\drivers\atnt40k.sys­
2007-12-03 12:59 202,826 ----a-w C:\WINDOWS\system32\atasnt40.dll
2007-12-03 12:59 --------- d-----w C:\Documents and Settings\Mohamed\Application Data\WebEx
2007-11-29 13:52 --------- d-----w C:\Program Files\DivX
2007-11-29 13:50 --------- d-----w C:\Documents and Settings\Mohamed\Application Data\DivX
2007-11-28 09:47 --------- d-----w C:\Program Files\Alwil Software
2007-11-27 15:06 --------- d-----w C:\Program Files\Fichiers communs\Acronis
2007-11-27 14:41 --------- d-----w C:\Program Files\FLVPlayer
2007-11-27 09:26 --------- d--h--w C:\Program Files\Zenographics
2007-11-27 09:26 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-26 12:14 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-26 12:13 --------- d-----w C:\Program Files\Google
2007-11-26 11:58 --------- d-----w C:\Program Files\uTorrent
2007-11-26 11:49 --------- d-----w C:\Documents and Settings\Mohamed\Application Data\Ahead
2007-11-25 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\IBM
2007-11-25 19:06 99,776 ----a-w C:\WINDOWS\system32\drivers\snapman.sys­
2007-11-25 19:06 --------- d-----w C:\Program Files\Acronis
2007-11-25 18:59 --------- d-----w C:\Program Files\Winamp
2007-11-25 18:54 --------- d-----w C:\Program Files\Real
2007-11-25 18:54 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2007-11-25 18:54 --------- d-----w C:\Program Files\Fichiers communs\Real
2007-11-25 18:53 --------- d-----w C:\Program Files\PDFCreator
2007-11-25 18:53 --------- d-----w C:\Documents and Settings\Mohamed\Application Data\PDFCreator
2007-11-25 18:52 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-11-25 18:49 --------- d-----w C:\Program Files\Nero
2007-11-25 18:47 --------- d-----w C:\Program Files\SuperCopier2
2007-11-25 17:13 --------- d-----w C:\Documents and Settings\Mohamed\Application Data\IDM
2007-11-25 16:42 --------- d-----w C:\Program Files\MSN Messenger
2007-11-25 16:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-11-25 15:22 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-11-25 12:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\DassaultSystemes
2007-11-25 12:24 --------- d-----w C:\Program Files\PowerISO
2007-11-25 12:19 --------- d-----w C:\Program Files\Microsoft Works
2007-11-23 22:56 --------- d-----w C:\Program Files\CONEXANT
2007-11-23 22:50 --------- d-----w C:\Program Files\Sigmatel
2007-11-23 14:32 --------- d-----w C:\Program Files\PowerQuest
2007-11-23 11:49 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-23 11:47 --------- d-----w C:\Program Files\Services en ligne
2007-11-23 11:46 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-11-23 11:31 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-11-23 11:31 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionCh­ecker.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion­\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe&­quot; [2004-08-19 16:09 15360]
"IDMan"="F:\DATA THM\Utilitaires\Internet Download Manager v5.05 Build 3\crack\IDMan.exe" [2006-11-07 22:52 846336]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 16:45 1052672]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"­="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25 94208]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 16:22 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl&­quot; [2004-08-19 16:10 110592 C:\WINDOWS\system32\bthprops.cpl]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCh­eck.exe" [2001-07-09 10:50 155648]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-25 18:54 151597]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-13 00:50 33792]
"Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2006-07-21 00:13 126976]
"CBitSpirit"="F:\DATA THM\PE\Logiciels\BitSpirit\BitSpirit.exe" [2006-12-29 11:04 3030528]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersi­on\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE&­quot; [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~2.0\adi­alhk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

R2 AcronisAgent;Acronis Remote Agent;"C:\Program Files\Fichiers communs\Acronis\Agent\agent.exe" [2006-07-21 00:50]
R2 BBDemon;Backbone Service;"C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe" [2006-04-29 07:32]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 16:46]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-12-25 08:47]
S3 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sy­s [2003-07-11 14:22]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion­\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion­\explorer\mountpoints2\{5f4fac7f-ac7d-11dc-91a1-0016411c0ee5­}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion­\explorer\mountpoints2\{bc1d3dc6-a661-11dc-919d-0016411c0ee5­}]
\Shell\Auto\command - sxs2.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs2.exe

.
************************************************************­**************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 10:02:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************************­**************
.
Completion time: 2008-01-15 10:07:15 - machine was rebooted [Mohamed]
ComboFix-quarantined-files.txt 2008-01-15 10:07:09





Merci encore

ok
parfait
recolle un rapport hijackthis
et un rapport d'un scan en ligne pour voir si rien d'autre

a plus

Bonjour,
J'ai exactement le même problème que mthoumi et je n'arrive pas à le supprimer en utilisant les mêmes méthodes que lui (Smitfraudfix,spybot,ccleaner..).
Merci pour votre aide.
Rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:06:07, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe­
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Office toolbar - {5BD5FE32-1DB9-48E1-BEDF-3CC304D98B46} - C:\WINDOWS\sysosa.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ReproGAGD] C:\WINDOWS\system32\DualAn.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe­
O4 - Startup: TribalWeb.lnk = E:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Startup: TribalWeb.net.lnk = E:\Program Files\TribalWeb.net\tribalweb.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
End of file - 4464 bytes

Bonjour!

Merci mille fois pour cette aide, parce que malgré mes antivirus viruskeeper et Spybot-SD (que je croyais infaillible pauvre sous douée en informatique que je suis) je n'arrivais pas à m'en sortir et le trojan se faisait de plus en plus insistant T_T (et moi de plus en plus paniquée).
En tout cas tout est rentrée dans l'ordre donc merci encore pour tout ^^
Par contre je n'ai pas pu faire de scan en ligne (est ce grave?) car "Either your browser does not support the object element or an error occurred while downloading the object. Unable to load the HouseCall ActiveX control"
Ensuite explorer me proposait de télécharger d'autres versions (bitdefender online scanner v8), mais je n'ai rien fait car maintenant j'ai peur de cliquer "ok" plus vite que mon ombre et de me retrouver une fois de plus avec je ne sais quel trojan!

Bref voila mon rapport Moveit

C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll unregistered successfully.
C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll moved successfully.
C:\WINDOWS\pandsf.dll unregistered successfully.
File move failed. C:\WINDOWS\pandsf.dll scheduled to be moved on reboot.

Created on 01/22/2008 23:33:09

Et mon nouveau rapport Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:51:25, on 22/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\DOCUME~1\Clo\LOCALS~1\Temp\Répertoire temporaire 4 pour HiJackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.fr
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8BA201F-56B8-4F22-B761-2­0428E636657}: NameServer = 192.168.2.1
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
End of file - 9274 bytes

tu peux faire un scane en ligne ici


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://www.pandasoftware.fr/Activescan/Activescan.html


scan en ligne firefox

http://fr.trendmicro-europe.com/consumer/housecall/housecall­_launch.php

j'ai été infecté par unknown trojan et je ne m'y connais pas trop en informatique mais je peux me debrouillé si vous me dite comment faire.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:08:43, on 27/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Multimedia Card Reader\readericon10.exe
C:\Program Files\Hotkey Management\FuncKey.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe­
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Kevin\AppData\Local\Temp\Rar$EX00.458\HijackThis.ex­e
C:\Program Files\Skype\Phone\Skype.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Player - {99F785E5-5394-4826-A515-034A34A36377} - C:\Windows\orgnavi.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [readericon10] C:\Program Files\Multimedia Card Reader\readericon10.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey Management\FuncKey.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [V0260Cfg.exe] V0260Cfg.exe /d:2
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.406.0\OEAddOn.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.406.0\SeekmoSA.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe­
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Registration RAYMAN
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/VistaMSNPUpld­fr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.­cab56907.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
End of file - 8368 bytes

desinstalle via ton panneau de configuration . Pa