Votre question

Pub Malware alarm & options IE bloqués

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
19 Mars 2008 19:48:03

Bonjour,
Suite à une conversation msn me disant que il y avait mes photos sur un site (que je ne suis pas allé voir d'ailleurs) je me suis retrouvé harcelé de pub Malware alarm à chaque fermeture de IE.

J'ai scanné avec Avast, a², Arovax, Spybot, Onecare: mais rien n'y fait ca fini toujours par trouver un moyen de revenir.

Sur spybot j'ai souvent des messages me demandant si j'accepte une modification (Rundll32, etc ...)

Et maintenant pour couronner le tout lorsque j'essaye d'aller dans options internet sur IE j'ai un message d'erreur:
"Cette opération a été annulée en raison des restrictions en vigueur sur cet ordinateur. Contacter un administrateur system"

Je precise que je n'ai qu'un compte sous Win XP (donc en administrateur)
J'ai fait plusieurs recherches sur le forum mais comme chaque cas est un peu différent je préfère poster :) 

Voici mon rapport HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 19:46:28, on 19/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SpamPal\spampal.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Seb\Bureau\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hackerwatch.org/probe/?lips=c0a80003
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BM313e2b3d] Rundll32.exe "C:\WINDOWS\system32\benyyayp.dll",s
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\bviishwp.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fnacphoto.com/ECTelechargement/Origma/ImageU...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/fr/1,0...
O17 - HKLM\System\CCS\Services\Tcpip\..\{5EE3F211-E0A1-4A1F-88C8-AA79A7C3EE61}: NameServer = 86.64.145.147 84.103.237.147
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe


Merci d'avance !

Autres pages sur : pub malware alarm amp options bloques

a b 8 Sécurité
19 Mars 2008 20:46:25

Bonjour,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    19 Mars 2008 21:23:37

    Voici le rapport

    ComboFix 08-03-18.1 - Seb 2008-03-19 21:07:53.1 - FAT32x86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.563 [GMT 1:00]
    Endroit: C:\Documents and Settings\Seb\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\BM313e2b3d.xml
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\autorun.ini
    C:\WINDOWS\system32\awvts.dll
    C:\WINDOWS\system32\benyyayp.dll
    C:\WINDOWS\system32\bviishwp.dll
    C:\WINDOWS\system32\drivers\npf.sys
    C:\WINDOWS\system32\hgghhge.dll
    C:\WINDOWS\system32\hklhrsiq.dll
    C:\WINDOWS\system32\iifgffd.dll
    C:\WINDOWS\system32\iursomnq.dll
    C:\WINDOWS\system32\jkkklli.dll
    C:\WINDOWS\system32\ljjggfe.dll
    C:\WINDOWS\system32\mapdkcfr.dll
    C:\WINDOWS\system32\mcgsvkcs.dll
    C:\WINDOWS\system32\otjqgpap.dll
    C:\WINDOWS\system32\packet.dll
    C:\WINDOWS\system32\pthreadVC.dll
    C:\WINDOWS\system32\pwhsiivb.ini
    C:\WINDOWS\system32\qnmosrui.ini
    C:\WINDOWS\system32\qqtss.ini
    C:\WINDOWS\system32\qqtss.ini2
    C:\WINDOWS\system32\stvwa.ini
    C:\WINDOWS\system32\stvwa.ini2
    C:\WINDOWS\system32\urqrqrs.dll
    C:\WINDOWS\system32\wpcap.dll
    C:\WINDOWS\system32\wvuvtqq.dll
    C:\WINDOWS\system32\yayyxxw.dll
    C:\WINDOWS\system32\ytbdxymq.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NPF
    -------\Service_NPF


    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-19 to 2008-03-19 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-19 19:51 . 2008-03-19 19:51 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-19 16:55 . 2008-03-19 21:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-03-19 16:55 . 2008-03-19 16:55 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-03-18 21:01 . 2008-03-19 16:55 894 ---hs---- C:\WINDOWS\system32\jipapnsd.ini
    2008-03-18 19:52 . 2008-03-18 20:40 774 ---hs---- C:\WINDOWS\system32\pmincehf.ini
    2008-03-17 21:57 . 2008-03-17 21:57 <REP> d-------- C:\Program Files\Mozilla Thunderbird
    2008-03-17 21:57 . 2008-03-17 21:57 <REP> d-------- C:\Documents and Settings\Seb\Application Data\Thunderbird
    2008-03-17 19:42 . 2008-03-17 19:42 654 --a------ C:\WINDOWS\system32\laaoojxn.dat
    2008-03-17 19:18 . 2008-03-17 19:18 <REP> d-------- C:\Program Files\Windows Live Safety Center
    2008-03-17 18:26 . 2008-03-18 19:50 534 ---hs---- C:\WINDOWS\system32\yuugoesf.ini
    2008-03-17 18:05 . 2008-03-17 18:05 <REP> d-------- C:\Program Files\a-squared Free
    2008-03-17 18:04 . 2008-03-17 18:04 <REP> d-------- C:\Program Files\Arovax AntiSpyware
    2008-03-17 18:03 . 2008-03-17 18:03 <REP> d-------- C:\Documents and Settings\Seb\Application Data\SpamPal
    2008-03-17 18:02 . 2008-03-17 18:03 <REP> d-------- C:\Program Files\SpamPal
    2008-03-17 00:43 . 2008-03-17 00:43 92 --a------ C:\WINDOWS\wininit.ini
    2008-03-17 00:16 . 2008-03-17 00:44 1,367,350 ---hs---- C:\WINDOWS\system32\myhoctgj.ini
    2008-03-17 00:09 . 2008-03-17 00:09 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-03-17 00:09 . 2008-03-17 00:09 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2008-03-17 00:01 . 2008-03-17 00:01 39,936 --a------ C:\WINDOWS\system32\skeysw.exe
    2008-03-16 21:37 . 2008-03-17 00:08 1,367,283 ---hs---- C:\WINDOWS\system32\nhstqtrw.ini
    2008-03-16 16:42 . 2008-03-16 21:29 1,367,172 ---hs---- C:\WINDOWS\system32\fvltqwkh.ini
    2008-03-16 16:39 . 2008-03-16 16:39 63 --a------ C:\WINDOWS\system32\320d0a2f
    2008-03-14 12:43 . 2008-03-14 12:43 37,888 --a------ C:\WINDOWS\system32\rar.exe
    2008-03-14 12:42 . 2008-03-14 12:43 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2008-03-10 20:33 . 2008-03-10 20:36 783 --a------ C:\WINDOWS\NTIWVEDT.INI
    2008-03-10 18:57 . 2008-03-10 18:57 <REP> d-------- C:\Documents and Settings\Seb\Application Data\Roxio
    2008-03-10 15:24 . 2003-02-27 07:16 135,168 --------- C:\WINDOWS\system32\l3codecx.acm
    2008-03-10 15:21 . 2008-03-10 15:21 <REP> d-------- C:\Program Files\Fichiers communs\Roxio Shared
    2008-03-04 19:02 . 2008-03-04 19:02 <REP> d-------- C:\Program Files\VstPlugins
    2008-03-04 19:02 . 2006-06-20 09:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
    2008-03-04 19:01 . 2002-07-07 23:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
    2008-03-04 19:00 . 2008-03-04 19:00 <REP> d-------- C:\Program Files\Image-Line

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-13 22:54 102,400 ----a-w C:\WINDOWS\DUMP7afc.tmp
    2008-02-28 13:18 102,400 ----a-w C:\WINDOWS\DUMPf3dc.tmp
    2008-01-25 22:50 --------- d-----w C:\Program Files\Digitale
    2008-01-10 22:27 950 ----a-w C:\Documents and Settings\Seb\Application Data\wklnhst.dat
    2006-07-29 18:33 2,274,088 ----a-w C:\Program Files\msgsres.dll
    2004-08-05 04:00 73,728 --sha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1ADE5BAF-2781-4D02-BECC-752A6EFDA704}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4EAA3C73-D23F-44A4-A666-C521C4B90B18}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{55AEE7E0-020F-4681-89B3-B06D30D61481}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D37825F-2CCB-49F8-AD78-C64496E82A92}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A18C2F24-8FD5-4067-9D74-93904D0B4087}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACAAE3AC-6461-4F2D-89C3-AA83F1E3A1E4}]
    C:\WINDOWS\system32\sstqq.dll__BHODemonDisabled

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BAC39CC1-C120-4B88-91F4-45044C24FF56}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C698AF51-5E2A-4CE0-B19A-49F0CA9F30F3}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" []
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-07 19:36 155648]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-07 19:32 126976]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44 98394]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43 688218]
    "PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59 49152]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 21:05 339968]
    "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 18:04 188416]
    "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 09:13 2880512]
    "eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-29 17:26 352256]
    "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
    "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]
    "SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-06-06 11:15 861184]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "MPFExe"="C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE" [2005-05-16 12:20 950272]
    "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
    "EPSON Stylus DX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.exe" [ ]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
    "WinUpdating"= WinUpdating.exe
    "Windows Printing Driver"= WinSpooler.exe
    "skeysw"= skeysw.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjggfe]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hamachi.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hamachi.lnk
    backup=C:\WINDOWS\pss\hamachi.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\320d18a1]
    C:\WINDOWS\system32\jgtcohym.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM313e2b3d]
    C:\WINDOWS\system32\otjqgpap.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itunesff]
    C:\WINDOWS\system32\itunesff.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
    --a------ 2005-09-05 11:43 319488 C:\Program Files\Launch Manager\QtZgAcer.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
    --a------ 2007-06-18 12:52 4044368 C:\Program Files\Pando Networks\Pando\Pando.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    -ra------ 2005-10-26 16:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    -ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "D:\\Program Files\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
    "C:\\Program Files\\Messenger\\MSMSGS.EXE"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "D:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
    R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-03-24 16:54]
    R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 14:46]
    R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
    R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
    S3 dump_wmimmc;dump_wmimmc;C:\WINDOWS\system32\drivers\dump_wmimmc.sys []

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-19 21:16:40
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NPF]
    "ImagePath"="system32\drivers\npf.sys"
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\SpamPal\spampal.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-19 21:19:33 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-19 20:19:30
    .
    2008-03-13 11:26:55 --- E O F ---



    Au reboot Spybot m'a demandé si j'accepté les modifications des valeurs du registre (il indiquait comme type de fichier: Elements supprimés)
    J'ai accepté, ai je bien fait ???
    Contenus similaires
    a b 8 Sécurité
    19 Mars 2008 21:30:17

    Reposte un rapport Hijackthis.
    19 Mars 2008 21:36:29

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:36:09, on 19/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Arcade\PCMService.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\acer\epm\epm-dm.exe
    C:\Program Files\Acer\eRecovery\Monitor.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\SpamPal\spampal.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hackerwatch.org/probe/?lips=c0a80003
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BM313e2b3d] Rundll32.exe "C:\WINDOWS\system32\vxtlwwvh.dll",s
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
    O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
    O4 - HKCU\..\Policies\Explorer\Run: [skeysw] skeysw.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {33331111-1111-1111-1111-611111193423} -
    O16 - DPF: {33331111-1111-1111-1111-611111193429} -
    O16 - DPF: {33331111-1111-1111-1111-615111193427} -
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0...
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fnacphoto.com/ECTelechargement/Origma/ImageU...
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/fr/1,0...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5EE3F211-E0A1-4A1F-88C8-AA79A7C3EE61}: NameServer = 86.64.145.142 84.103.237.142
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    --
    End of file - 10671 bytes
    a b 8 Sécurité
    20 Mars 2008 16:12:56

    Re,

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.

    Redémarre en mode sans échec

  • Ouvre le dossier SDFix qui vient d'être créé à la racine de ton dique dur (C:) et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis.
    20 Mars 2008 19:12:47

    SDFix:

    SDFix: Version 1.159

    Run by Seb on 20/03/2008 at 18:56

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\WINDOWS\antiv.exe - Deleted





    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-20 19:05:29
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "D:\\Program Files\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe"="D:\\Program Files\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe:*:Enabled:D ungeon Siege 2 Game Executable"
    "C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "D:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="D:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Remaining Files :


    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Thu 31 Mar 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
    Thu 31 Mar 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
    Thu 31 Mar 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
    Thu 31 Mar 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
    Thu 31 Mar 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
    Thu 5 Aug 2004 93,184 A.SH. --- "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
    Thu 5 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
    Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
    Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    Thu 5 Oct 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Fri 27 Feb 2004 233,472 A..H. --- "C:\Program Files\Image-Line\FL Studio 7\REX Shared Library.dll"
    Sun 16 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT2.tmp"
    Sun 16 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad213d081e2675ef87a62c73b8abf209\BIT3.tmp"
    Thu 5 Aug 2004 73,728 A.SH. --- "C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe"
    Tue 9 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Seb\Application Data\U3\temp\Launchpad Removal.exe"

    Finished!


    HijackThis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:09:43, on 20/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Arcade\PCMService.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\acer\epm\epm-dm.exe
    C:\Program Files\Acer\eRecovery\Monitor.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\SpamPal\spampal.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hackerwatch.org/probe/?lips=c0a80003
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BM313e2b3d] Rundll32.exe "C:\WINDOWS\system32\fousfjbs.dll",s
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {33331111-1111-1111-1111-611111193423} -
    O16 - DPF: {33331111-1111-1111-1111-611111193429} -
    O16 - DPF: {33331111-1111-1111-1111-615111193427} -
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0...
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fnacphoto.com/ECTelechargement/Origma/ImageU...
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/fr/1,0...
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    --
    End of file - 10106 bytes
    a b 8 Sécurité
    20 Mars 2008 20:41:22

    Re,

    Télécharge MalwareBytes' Anti-Malwares < ici

    Double clique sur mbam-setup.exe pour lancer l'installation
    Autorise le téléchargement des mises à jour !

    Redémarre en mode sans echec ( > Mode Sans Echec < )

    Double clique sur le raccourci Malwarebytes présent sur ton bureau
    Coche Exécuter un examen complet , puis clique sur [Rechercher]
    A la fin du scan , clique sur [Afficher les resultats]
    Si objets infectés sont trouvés , clique sur [Supprimer la sélection]

    Poste le rapport ( il se trouve aussi dans l'onglet Rapports/Logs )
    20 Mars 2008 21:17:18

    Re!
    Je me suis gouré j'ai fait un examen rapide et non pas complet, je peux en refaire un si ca va pas.

    Malwarebytes' Anti-Malware 1.09
    Version de la base de données: 513

    Type de recherche: Examen rapide
    Eléments examinés: 29240
    Temps écoulé: 11 minute(s), 39 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 2
    Clé(s) du Registre infectée(s): 21
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 8

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\pmkjg.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\WINDOWS\system32\opnkhef.dll (Trojan.Vundo) -> Unloaded module successfully.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdea023a-ec0a-403e-92e7-14ed003bcc7b} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{cdea023a-ec0a-403e-92e7-14ed003bcc7b} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34546} (Trojan.Clicker) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33331111-1111-1111-1111-611111193423} (Trojan.Clicker) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33331111-1111-1111-1111-611111193429} (Trojan.Clicker) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33331111-1111-1111-1111-615111193427} (Trojan.Clicker) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{85a611ca-ca0f-469b-8220-b70221a545bb} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85a611ca-ca0f-469b-8220-b70221a545bb} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnkhef (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{85a611ca-ca0f-469b-8220-b70221a545bb} (Trojan.Vundo) -> Delete on reboot.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmkjg.dll -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmkjg.dll -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\pmkjg.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\gjkmp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\gjkmp.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hktgorxh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hxrogtkh.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vkukhjtt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ttjhkukv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\opnkhef.dll (Trojan.Vundo) -> Delete on reboot.
    a b 8 Sécurité
    20 Mars 2008 22:10:09

    Reposte un rapport Hijackthis.
    20 Mars 2008 22:32:57

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:32:38, on 20/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Arcade\PCMService.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\acer\epm\epm-dm.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Acer\eRecovery\Monitor.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
    C:\Program Files\SpamPal\spampal.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hackerwatch.org/probe/?lips=c0a80003
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BM313e2b3d] Rundll32.exe "C:\WINDOWS\system32\fousfjbs.dll",s
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {33331111-1111-1111-1111-611111193423} -
    O16 - DPF: {33331111-1111-1111-1111-611111193429} -
    O16 - DPF: {33331111-1111-1111-1111-615111193427} -
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0...
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fnacphoto.com/ECTelechargement/Origma/ImageU...
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/fr/1,0...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5EE3F211-E0A1-4A1F-88C8-AA79A7C3EE61}: NameServer = 86.64.145.143 84.103.237.143
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    --
    End of file - 10277 bytes
    24 Mars 2008 22:03:38

    Re,

    Ca allait pas vraiment mieux, mais j'ai suivi vos conseils, j'ai desinstallé Avast pour mettre AntiVir à la place:
    Apres un scan complet voici le rapport:



    AntiVir PersonalEdition Classic
    Report file date: lundi 24 mars 2008 21:10

    Scanning for 1164495 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: ACER-19B694409A

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:30
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:52
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:48
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:22
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:16
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 20:07:36
    ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21/03/2008 20:07:36
    ANTIVIR3.VDF : 7.0.3.66 49152 Bytes 24/03/2008 20:07:36
    AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 24/03/2008 20:07:36
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:28
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:18
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 24/03/2008 20:07:36
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:08
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:34
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:20
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:44
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:14
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:38
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:22

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: lundi 24 mars 2008 21:10

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'MpfAgent.exe' - '1' Module(s) have been scanned
    Scan process 'MpfService.exe' - '1' Module(s) have been scanned
    Scan process 'MDM.EXE' - '1' Module(s) have been scanned
    Scan process 'SPAMPAL.EXE' - '1' Module(s) have been scanned
    Scan process 'McTskshd.exe' - '1' Module(s) have been scanned
    Scan process 'Mcdetect.exe' - '1' Module(s) have been scanned
    Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
    Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
    Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned
    Scan process 'LVComS.exe' - '1' Module(s) have been scanned
    Scan process 'MpfTray.exe' - '1' Module(s) have been scanned
    Scan process 'DRAGDIAG.EXE' - '1' Module(s) have been scanned
    Scan process 'MCAGENT.EXE' - '1' Module(s) have been scanned
    Scan process 'Monitor.exe' - '1' Module(s) have been scanned
    Scan process 'EPM-DM.EXE' - '1' Module(s) have been scanned
    Scan process 'ATIPTAXX.EXE' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'PCMService.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
    Scan process 'anbmServ.exe' - '1' Module(s) have been scanned
    Scan process 'a2service.exe' - '1' Module(s) have been scanned
    Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
    Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
    Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
    Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
    Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
    Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
    Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
    Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
    Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
    50 processes with 50 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [NOTE] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '56' files ).


    Starting the file scan:

    Begin scan in 'C:\' <ACER>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\vxtlwwvh.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\WINDOWS\system32\xagyfggm.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\WINDOWS\system32\wifrptrt.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\WINDOWS\system32\nfhuuobo.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\WINDOWS\system32\fxbfoufb.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\WINDOWS\Downloaded Program Files\start.INF
    [DETECTION] Is the Trojan horse TR/Dagonit.INF
    [INFO] The file was deleted!
    C:\Documents and Settings\Seb\Local Settings\Temporary Internet Files\Content.IE5\GHURCX6R\iddqd[1]
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\Documents and Settings\Seb\Local Settings\Temporary Internet Files\Content.IE5\0ZQ74RI5\ptch[1]
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP428\A0065053.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP428\A0065054.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP428\A0065056.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP428\A0065058.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP428\A0065060.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP428\A0065089.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP429\A0066283.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP431\A0066563.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP431\A0066564.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP431\A0066565.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP431\A0066566.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP431\A0066567.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP427\A0064937.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP427\A0064939.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP427\A0064941.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP427\A0064942.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP427\A0064943.DLL
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP427\A0064944.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP427\A0064945.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP427\A0064950.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\benyyayp.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\bviishwp.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\hklhrsiq.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\iursomnq.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\mapdkcfr.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\ljjggfe.dll.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was deleted!
    Begin scan in 'D:\' <ACERDATA>


    End of the scan: lundi 24 mars 2008 21:52
    Used time: 42:12 min

    The scan has been done completely.

    8192 Scanning directories
    433373 Files were scanned
    34 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    34 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    433339 Files not concerned
    7779 Archives were scanned
    2 Warnings
    27 Notes


    -----------------------------

    Pour l'instant ca à l'air de marcher, on va voir sur la durée :) 
    En tout cas merci pour l'aide ;) 

    Dois je poster un report hijack ?
    a b 8 Sécurité
    25 Mars 2008 12:34:50

    Oui :) 
    25 Mars 2008 23:25:13

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:24:29, on 25/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Arcade\PCMService.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\acer\epm\epm-dm.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Acer\eRecovery\Monitor.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\SpamPal\spampal.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hackerwatch.org/probe/?lips=c0a80003
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [BM313e2b3d] Rundll32.exe "C:\WINDOWS\system32\fousfjbs.dll",s
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {33331111-1111-1111-1111-611111193423} -
    O16 - DPF: {33331111-1111-1111-1111-611111193429} -
    O16 - DPF: {33331111-1111-1111-1111-615111193427} -
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0...
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fnacphoto.com/ECTelechargement/Origma/ImageU...
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/fr/1,0...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5EE3F211-E0A1-4A1F-88C8-AA79A7C3EE61}: NameServer = 84.103.237.142 86.64.145.142
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    --
    End of file - 10207 bytes
    a b 8 Sécurité
    26 Mars 2008 14:42:46

    Refais un scan Combofix :) 
    26 Mars 2008 19:01:35

    ComboFix 08-03-18.1 - Seb 2008-03-26 18:50:24.2 - FAT32x86 MINIMAL
    Endroit: C:\Documents and Settings\Seb\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\BM313e2b3d.xml
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\ajpejmpp.dll
    C:\WINDOWS\system32\djyslvag.ini
    C:\WINDOWS\system32\fousfjbs.dll
    C:\WINDOWS\system32\gavlsyjd.dll
    C:\WINDOWS\system32\gjkmp.ini
    C:\WINDOWS\system32\gjkmp.ini2
    C:\WINDOWS\system32\oagswmrw.dll
    C:\WINDOWS\system32\opnkhef.dll
    C:\WINDOWS\system32\pmkjg.dll
    C:\WINDOWS\system32\smyfqfhr.dll
    C:\WINDOWS\system32\twswlkul.dll
    C:\WINDOWS\system32\xeglvkrr.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-26 to 2008-03-26 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-26 18:57 . 2008-03-26 18:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-03-26 18:57 . 2008-03-26 18:57 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-03-24 21:03 . 2008-03-24 21:03 <REP> d-------- C:\Program Files\Avira
    2008-03-24 21:03 . 2008-03-24 21:03 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    2008-03-20 20:49 . 2008-03-20 20:49 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-03-20 20:49 . 2008-03-20 20:49 <REP> d-------- C:\Documents and Settings\Seb\Application Data\Malwarebytes
    2008-03-20 20:49 . 2008-03-20 20:49 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    2008-03-20 18:51 . 2008-03-20 18:51 <REP> d-------- C:\WINDOWS\ERUNT
    2008-03-20 18:38 . 2008-03-20 04:14 <REP> d-------- C:\SDFix
    2008-03-19 19:51 . 2008-03-19 19:51 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-18 21:01 . 2008-03-19 16:55 894 ---hs---- C:\WINDOWS\system32\jipapnsd.ini
    2008-03-18 19:52 . 2008-03-18 20:40 774 ---hs---- C:\WINDOWS\system32\pmincehf.ini
    2008-03-17 21:57 . 2008-03-17 21:57 <REP> d-------- C:\Program Files\Mozilla Thunderbird
    2008-03-17 21:57 . 2008-03-17 21:57 <REP> d-------- C:\Documents and Settings\Seb\Application Data\Thunderbird
    2008-03-17 19:42 . 2008-03-17 19:42 654 --a------ C:\WINDOWS\system32\laaoojxn.dat
    2008-03-17 19:18 . 2008-03-17 19:18 <REP> d-------- C:\Program Files\Windows Live Safety Center
    2008-03-17 18:26 . 2008-03-18 19:50 534 ---hs---- C:\WINDOWS\system32\yuugoesf.ini
    2008-03-17 18:05 . 2008-03-17 18:05 <REP> d-------- C:\Program Files\a-squared Free
    2008-03-17 18:04 . 2008-03-17 18:04 <REP> d-------- C:\Program Files\Arovax AntiSpyware
    2008-03-17 18:03 . 2008-03-17 18:03 <REP> d-------- C:\Documents and Settings\Seb\Application Data\SpamPal
    2008-03-17 18:02 . 2008-03-17 18:03 <REP> d-------- C:\Program Files\SpamPal
    2008-03-17 00:43 . 2008-03-17 00:43 92 --a------ C:\WINDOWS\wininit.ini
    2008-03-17 00:16 . 2008-03-17 00:44 1,367,350 ---hs---- C:\WINDOWS\system32\myhoctgj.ini
    2008-03-17 00:09 . 2008-03-17 00:09 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-03-17 00:09 . 2008-03-17 00:09 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2008-03-17 00:01 . 2008-03-17 00:01 39,936 --a------ C:\WINDOWS\system32\skeysw.exe
    2008-03-16 21:37 . 2008-03-17 00:08 1,367,283 ---hs---- C:\WINDOWS\system32\nhstqtrw.ini
    2008-03-16 16:42 . 2008-03-16 21:29 1,367,172 ---hs---- C:\WINDOWS\system32\fvltqwkh.ini
    2008-03-16 16:39 . 2008-03-16 16:39 63 --a------ C:\WINDOWS\system32\320d0a2f
    2008-03-14 12:43 . 2008-03-14 12:43 37,888 --a------ C:\WINDOWS\system32\rar.exe
    2008-03-14 12:42 . 2008-03-14 12:43 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2008-03-10 20:33 . 2008-03-10 20:36 783 --a------ C:\WINDOWS\NTIWVEDT.INI
    2008-03-10 18:57 . 2008-03-10 18:57 <REP> d-------- C:\Documents and Settings\Seb\Application Data\Roxio
    2008-03-10 15:24 . 2003-02-27 07:16 135,168 --------- C:\WINDOWS\system32\l3codecx.acm
    2008-03-10 15:21 . 2008-03-10 15:21 <REP> d-------- C:\Program Files\Fichiers communs\Roxio Shared
    2008-03-04 19:02 . 2008-03-04 19:02 <REP> d-------- C:\Program Files\VstPlugins
    2008-03-04 19:02 . 2006-06-20 09:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
    2008-03-04 19:01 . 2002-07-07 23:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
    2008-03-04 19:00 . 2008-03-04 19:00 <REP> d-------- C:\Program Files\Image-Line

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-13 22:54 102,400 ----a-w C:\WINDOWS\DUMP7afc.tmp
    2008-02-28 13:18 102,400 ----a-w C:\WINDOWS\DUMPf3dc.tmp
    2008-01-10 22:27 950 ----a-w C:\Documents and Settings\Seb\Application Data\wklnhst.dat
    2006-07-29 18:33 2,274,088 ----a-w C:\Program Files\msgsres.dll
    2004-08-05 04:00 73,728 --sha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-19_21.18.45.66 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-03-20 03:14:12 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
    + 2008-03-20 17:52:28 6,307,840 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
    + 2008-03-20 17:52:28 180,224 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
    + 2008-03-20 03:14:12 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
    + 2008-03-20 17:52:06 6,307,840 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
    + 2008-03-20 17:52:06 180,224 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
    + 2007-08-09 12:04:12 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
    + 2007-07-18 13:22:20 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
    + 2008-03-24 20:07:36 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    + 2007-03-01 09:34:38 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
    - 2008-03-19 18:26:44 63,350 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-03-26 17:44:28 63,350 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-03-19 18:26:44 76,574 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-03-26 17:44:28 76,574 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-03-19 18:26:44 402,740 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-03-26 17:44:28 402,740 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-03-19 18:26:44 470,278 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-03-26 17:44:28 470,278 ----a-w C:\WINDOWS\system32\perfh00C.dat
    - 2008-03-19 16:01:24 32,768 ----a-w C:\WINDOWS\Temp\Cookies\index.dat
    + 2008-03-26 17:45:12 16,384 ----a-w C:\WINDOWS\Temp\Cookies\index.dat
    - 2008-03-19 16:01:24 32,768 ----a-w C:\WINDOWS\Temp\Historique\History.IE5\index.dat
    + 2008-03-26 17:45:12 16,384 ----a-w C:\WINDOWS\Temp\Historique\History.IE5\index.dat
    + 2008-03-20 20:09:28 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_6c0.dat
    + 2008-03-20 18:03:16 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_73c.dat
    - 2008-03-19 16:01:24 65,536 ----a-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
    + 2008-03-26 17:45:12 32,768 ----a-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{382B2BB4-418E-4DD2-9A8E-21A596A33D6A}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41C4538D-C832-4508-8A52-2AA218454CDC}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7FF70CCC-D0FB-4145-B1D4-CC02B7CB25E1}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85A611CA-CA0F-469B-8220-B70221A545BB}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9660C0E2-56AA-4F91-8CB5-060A9A3AE05A}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACAAE3AC-6461-4F2D-89C3-AA83F1E3A1E4}]
    C:\WINDOWS\system32\sstqq.dll__BHODemonDisabled

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA073B8A-B25B-42B2-9E03-7151D5F0B041}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E2DD2B99-2C98-427A-9CB0-2D6355B9A443}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" []
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-07 19:36 155648]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-07 19:32 126976]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44 98394]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43 688218]
    "PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59 49152]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 21:05 339968]
    "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 18:04 188416]
    "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 09:13 2880512]
    "eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-29 17:26 352256]
    "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
    "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]
    "SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-06-06 11:15 861184]
    "MPFExe"="C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE" [2005-05-16 12:20 950272]
    "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
    "EPSON Stylus DX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.exe" [ ]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-24 21:07 249896]
    "BM313e2b3d"="C:\WINDOWS\system32\fousfjbs.dll" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkhef]
    opnkhef.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hamachi.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hamachi.lnk
    backup=C:\WINDOWS\pss\hamachi.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\320d18a1]
    C:\WINDOWS\system32\jgtcohym.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM313e2b3d]
    C:\WINDOWS\system32\otjqgpap.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itunesff]
    C:\WINDOWS\system32\itunesff.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
    --a------ 2005-09-05 11:43 319488 C:\Program Files\Launch Manager\QtZgAcer.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
    --a------ 2007-06-18 12:52 4044368 C:\Program Files\Pando Networks\Pando\Pando.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    -ra------ 2005-10-26 16:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    -ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "FirewallDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "D:\\Program Files\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
    "C:\\Program Files\\Messenger\\MSMSGS.EXE"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "D:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
    R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-03-24 16:54]
    R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 14:46]
    R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
    R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
    S3 dump_wmimmc;dump_wmimmc;C:\WINDOWS\system32\drivers\dump_wmimmc.sys []

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-26 18:57:57
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Aavmker4]

    --

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\aswMon2]

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\aswRdr]


    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\aswUpdSv]
    "ImagePath"="\"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe\""
    --

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\avast! Antivirus]
    "ImagePath"="\"C:\Program Files\Alwil Software\Avast4\ashServ.exe\""

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\avast! Mail Scanner]
    "ImagePath"="\"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe\" /service"

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\avast! Web Scanner]
    "ImagePath"="\"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe\" /service"
    --

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NPF]
    "ImagePath"="system32\drivers\npf.sys"
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\SpamPal\spampal.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Acer\eManager\anbmServ.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-26 19:00:29 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-26 18:00:26
    ComboFix2.txt 2008-03-19 20:19:36
    .
    2008-03-13 11:26:55 --- E O F ---
    a b 8 Sécurité
    26 Mars 2008 19:15:04

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\jipapnsd.ini
    C:\WINDOWS\system32\pmincehf.ini
    C:\WINDOWS\system32\laaoojxn.dat
    C:\WINDOWS\system32\yuugoesf.ini
    C:\WINDOWS\system32\myhoctgj.ini
    C:\WINDOWS\system32\skeysw.exe
    C:\WINDOWS\system32\nhstqtrw.ini
    C:\WINDOWS\system32\fvltqwkh.ini
    C:\WINDOWS\system32\rar.exe
    C:\WINDOWS\system32\sstqq.dll__BHODemonDisabled
    C:\WINDOWS\system32\fousfjbs.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{382B2BB4-418E-4DD2-9A8E-21A596A33D6A}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41C4538D-C832-4508-8A52-2AA218454CDC}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7FF70CCC-D0FB-4145-B1D4-CC02B7CB25E1}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85A611CA-CA0F-469B-8220-B70221A545BB}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9660C0E2-56AA-4F91-8CB5-060A9A3AE05A}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACAAE3AC-6461-4F2D-89C3-AA83F1E3A1E4}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA073B8A-B25B-42B2-9E03-7151D5F0B041}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E2DD2B99-2C98-427A-9CB0-2D6355B9A443}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BM313e2b3d"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkhef]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\320d18a1]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM313e2b3d]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itunesff]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    26 Mars 2008 19:29:17

    Re :) 

    Voici le rapport ComboFix:

    ComboFix 08-03-18.1 - Seb 2008-03-26 19:22:11.3 - FAT32x86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.597 [GMT 1:00]
    Endroit: C:\Documents and Settings\Seb\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Seb\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\system32\fousfjbs.dll
    C:\WINDOWS\system32\fvltqwkh.ini
    C:\WINDOWS\system32\jipapnsd.ini
    C:\WINDOWS\system32\laaoojxn.dat
    C:\WINDOWS\system32\myhoctgj.ini
    C:\WINDOWS\system32\nhstqtrw.ini
    C:\WINDOWS\system32\pmincehf.ini
    C:\WINDOWS\system32\rar.exe
    C:\WINDOWS\system32\skeysw.exe
    C:\WINDOWS\system32\sstqq.dll__BHODemonDisabled
    C:\WINDOWS\system32\yuugoesf.ini
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\fvltqwkh.ini
    C:\WINDOWS\system32\jipapnsd.ini
    C:\WINDOWS\system32\laaoojxn.dat
    C:\WINDOWS\system32\myhoctgj.ini
    C:\WINDOWS\system32\nhstqtrw.ini
    C:\WINDOWS\system32\pmincehf.ini
    C:\WINDOWS\system32\rar.exe
    C:\WINDOWS\system32\skeysw.exe
    C:\WINDOWS\system32\yuugoesf.ini

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-26 to 2008-03-26 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-26 18:57 . 2008-03-26 18:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-03-26 18:57 . 2008-03-26 18:57 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-03-24 21:03 . 2008-03-24 21:03 <REP> d-------- C:\Program Files\Avira
    2008-03-24 21:03 . 2008-03-24 21:03 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    2008-03-20 20:49 . 2008-03-20 20:49 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-03-20 20:49 . 2008-03-20 20:49 <REP> d-------- C:\Documents and Settings\Seb\Application Data\Malwarebytes
    2008-03-20 20:49 . 2008-03-20 20:49 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    2008-03-20 18:51 . 2008-03-20 18:51 <REP> d-------- C:\WINDOWS\ERUNT
    2008-03-20 18:38 . 2008-03-20 04:14 <REP> d-------- C:\SDFix
    2008-03-19 19:51 . 2008-03-19 19:51 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-17 21:57 . 2008-03-17 21:57 <REP> d-------- C:\Program Files\Mozilla Thunderbird
    2008-03-17 21:57 . 2008-03-17 21:57 <REP> d-------- C:\Documents and Settings\Seb\Application Data\Thunderbird
    2008-03-17 19:18 . 2008-03-17 19:18 <REP> d-------- C:\Program Files\Windows Live Safety Center
    2008-03-17 18:05 . 2008-03-17 18:05 <REP> d-------- C:\Program Files\a-squared Free
    2008-03-17 18:04 . 2008-03-17 18:04 <REP> d-------- C:\Program Files\Arovax AntiSpyware
    2008-03-17 18:03 . 2008-03-17 18:03 <REP> d-------- C:\Documents and Settings\Seb\Application Data\SpamPal
    2008-03-17 18:02 . 2008-03-17 18:03 <REP> d-------- C:\Program Files\SpamPal
    2008-03-17 00:43 . 2008-03-17 00:43 92 --a------ C:\WINDOWS\wininit.ini
    2008-03-17 00:09 . 2008-03-17 00:09 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-03-17 00:09 . 2008-03-17 00:09 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2008-03-16 16:39 . 2008-03-16 16:39 63 --a------ C:\WINDOWS\system32\320d0a2f
    2008-03-14 12:42 . 2008-03-14 12:43 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2008-03-10 20:33 . 2008-03-10 20:36 783 --a------ C:\WINDOWS\NTIWVEDT.INI
    2008-03-10 18:57 . 2008-03-10 18:57 <REP> d-------- C:\Documents and Settings\Seb\Application Data\Roxio
    2008-03-10 15:24 . 2003-02-27 07:16 135,168 --------- C:\WINDOWS\system32\l3codecx.acm
    2008-03-10 15:21 . 2008-03-10 15:21 <REP> d-------- C:\Program Files\Fichiers communs\Roxio Shared
    2008-03-04 19:02 . 2008-03-04 19:02 <REP> d-------- C:\Program Files\VstPlugins
    2008-03-04 19:02 . 2006-06-20 09:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
    2008-03-04 19:01 . 2002-07-07 23:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
    2008-03-04 19:00 . 2008-03-04 19:00 <REP> d-------- C:\Program Files\Image-Line

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-13 22:54 102,400 ----a-w C:\WINDOWS\DUMP7afc.tmp
    2008-02-28 13:18 102,400 ----a-w C:\WINDOWS\DUMPf3dc.tmp
    2008-01-10 22:27 950 ----a-w C:\Documents and Settings\Seb\Application Data\wklnhst.dat
    2006-07-29 18:33 2,274,088 ----a-w C:\Program Files\msgsres.dll
    2004-08-05 04:00 73,728 --sha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-19_21.18.45.66 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-03-20 03:14:12 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
    + 2008-03-20 17:52:28 6,307,840 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
    + 2008-03-20 17:52:28 180,224 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
    + 2008-03-20 03:14:12 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
    + 2008-03-20 17:52:06 6,307,840 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
    + 2008-03-20 17:52:06 180,224 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
    + 2007-08-09 12:04:12 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
    + 2007-07-18 13:22:20 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
    + 2008-03-24 20:07:36 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    + 2007-03-01 09:34:38 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
    - 2007-09-24 21:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
    + 2008-02-22 00:23:36 135,168 ----a-w C:\WINDOWS\system32\java.exe
    - 2007-09-24 21:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
    + 2008-02-22 00:23:40 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
    - 2007-09-24 22:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
    + 2008-02-22 01:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
    - 2008-03-19 18:26:44 63,350 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-03-26 18:02:28 63,350 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-03-19 18:26:44 76,574 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-03-26 18:02:28 76,574 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-03-19 18:26:44 402,740 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-03-26 18:02:28 402,740 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-03-19 18:26:44 470,278 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-03-26 18:02:28 470,278 ----a-w C:\WINDOWS\system32\perfh00C.dat
    - 2008-03-19 16:01:24 32,768 ----a-w C:\WINDOWS\Temp\Cookies\index.dat
    + 2008-03-26 17:45:12 16,384 ----a-w C:\WINDOWS\Temp\Cookies\index.dat
    - 2008-03-19 16:01:24 32,768 ----a-w C:\WINDOWS\Temp\Historique\History.IE5\index.dat
    + 2008-03-26 17:45:12 16,384 ----a-w C:\WINDOWS\Temp\Historique\History.IE5\index.dat
    + 2008-03-20 20:09:28 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_6c0.dat
    + 2008-03-20 18:03:16 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_73c.dat
    - 2008-03-19 16:01:24 65,536 ----a-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
    + 2008-03-26 17:45:12 32,768 ----a-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" []
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-07 19:36 155648]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-07 19:32 126976]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44 98394]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43 688218]
    "PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59 49152]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 21:05 339968]
    "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 18:04 188416]
    "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 09:13 2880512]
    "eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-29 17:26 352256]
    "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
    "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]
    "SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-06-06 11:15 861184]
    "MPFExe"="C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE" [2005-05-16 12:20 950272]
    "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
    "EPSON Stylus DX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.exe" [ ]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-24 21:07 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]

    C:\Documents and Settings\Seb\Menu D‚marrer\Programmes\D‚marrage\
    SpamPal.lnk - C:\Program Files\SpamPal\spampal.exe [2005-10-24 20:08:06 387616]

    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\DMARR~1\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkhef]
    opnkhef.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hamachi.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hamachi.lnk
    backup=C:\WINDOWS\pss\hamachi.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
    --a------ 2005-09-05 11:43 319488 C:\Program Files\Launch Manager\QtZgAcer.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
    --a------ 2007-06-18 12:52 4044368 C:\Program Files\Pando Networks\Pando\Pando.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    -ra------ 2005-10-26 16:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    -ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "D:\\Program Files\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
    "C:\\Program Files\\Messenger\\MSMSGS.EXE"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "D:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
    R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-03-24 16:54]
    R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 14:46]
    R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
    R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
    S3 dump_wmimmc;dump_wmimmc;C:\WINDOWS\system32\drivers\dump_wmimmc.sys []

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-26 19:23:27
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-26 19:23:45
    ComboFix-quarantined-files.txt 2008-03-26 18:23:44
    ComboFix3.txt 2008-03-19 20:19:36
    ComboFix2.txt 2008-03-26 18:00:30
    .
    2008-03-13 11:26:55 --- E O F ---


    Voici maintenant le rapport Hijack

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:26:16, on 26/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Arcade\PCMService.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\acer\epm\epm-dm.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Acer\eRecovery\Monitor.exe
    C:\Program Files\SpamPal\spampal.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Acer\eManager\anbmServ.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MpfTray.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hackerwatch.org/probe/?lips=c0a80003
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {ACAAE3AC-6461-4F2D-89C3-AA83F1E3A1E4} - (no file)
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [BM313e2b3d] Rundll32.exe "C:\WINDOWS\system32\fousfjbs.dll",s
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {33331111-1111-1111-1111-611111193423} -
    O16 - DPF: {33331111-1111-1111-1111-611111193429} -
    O16 - DPF: {33331111-1111-1111-1111-615111193427} -
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0...
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fnacphoto.com/ECTelechargement/Origma/ImageU...
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/fr/1,0...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5EE3F211-E0A1-4A1F-88C8-AA79A7C3EE61}: NameServer = 84.103.237.143 86.64.145.143
    O20 - Winlogon Notify: opnkhef - opnkhef.dll (file missing)
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    --
    End of file - 10811 bytes


    :ange: 
    a b 8 Sécurité
    26 Mars 2008 19:39:18

    Pas en spoiler stp.
    a b 8 Sécurité
    26 Mars 2008 19:51:18

    Re,

    Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES

    O2 - BHO: (no name) - {ACAAE3AC-6461-4F2D-89C3-AA83F1E3A1E4} - (no file)
    O4 - HKLM\..\Run: [BM313e2b3d] Rundll32.exe "C:\WINDOWS\system32\fousfjbs.dll",s
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O16 - DPF: {33331111-1111-1111-1111-611111193423} -
    O16 - DPF: {33331111-1111-1111-1111-611111193429} -
    O16 - DPF: {33331111-1111-1111-1111-615111193427} -
    O20 - Winlogon Notify: opnkhef - opnkhef.dll (file missing)
    26 Mars 2008 20:03:43

    C'est fait!

    Voici le nouveau rapport Hijack


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:03:03, on 26/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Arcade\PCMService.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\acer\epm\epm-dm.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Acer\eRecovery\Monitor.exe
    C:\Program Files\SpamPal\spampal.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Acer\eManager\anbmServ.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\explorer.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MpfTray.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hackerwatch.org/probe/?lips=c0a80003
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [BM313e2b3d] Rundll32.exe "C:\WINDOWS\system32\fousfjbs.dll",s
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0...
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fnacphoto.com/ECTelechargement/Origma/ImageU...
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/fr/1,0...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5EE3F211-E0A1-4A1F-88C8-AA79A7C3EE61}: NameServer = 84.103.237.143 86.64.145.143
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    --
    End of file - 10307 bytes
    a b 8 Sécurité
    26 Mars 2008 20:50:56

    Tu as bien fixé toutes les lignes ? :/ 
    26 Mars 2008 21:10:25

    Oui, j'ai bien coché les lignes
    Je dois le faire en mode sans echec peut etre ?
    26 Mars 2008 21:14:39

    J'ai refait la ligne qui était réapparu:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:13:49, on 26/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Arcade\PCMService.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\acer\epm\epm-dm.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Acer\eRecovery\Monitor.exe
    C:\Program Files\SpamPal\spampal.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Acer\eManager\anbmServ.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MpfTray.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hackerwatch.org/probe/?lips=c0a80003
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0...
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fnacphoto.com/ECTelechargement/Origma/ImageU...
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/fr/1,0...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5EE3F211-E0A1-4A1F-88C8-AA79A7C3EE61}: NameServer = 84.103.237.143 86.64.145.143
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    --
    End of file - 10345 bytes
    a b 8 Sécurité
    26 Mars 2008 22:02:52

    Encore des soucis ?
    26 Mars 2008 22:06:10

    Non ca a l'air bon sauf que je peux toujours pas avoir acces au menu "options" dans internet explorer :( 

    En Tout cas merci beaucoup pour ton aide !!!
    Il était coriace ce virus :D 
    a b 8 Sécurité
    27 Mars 2008 12:22:02

    Tu peux faire un screen de ton problème ?
    27 Mars 2008 16:24:02




    -------------------




    Mais sinon je peux y acceder si je passe par panneau de configuration, et options internet
    a b 8 Sécurité
    27 Mars 2008 20:43:57

    Tu es bien admin ?
    a b 8 Sécurité
    28 Mars 2008 12:19:45

    Tu as essayé le logiciel Zeb Restore ?
    30 Mars 2008 21:30:55

    Re,

    Je l'ai téléchargé

    J'ai fait restauration IE mais cela n'a rien changé, que dois je restaurer sinon avec Zeb Restore ??
    a b 8 Sécurité
    31 Mars 2008 17:56:52

    Tout ce qui concerne IE :/ 
    1 Avril 2008 12:00:07

    Re

    Ca n'a pas vraiment l'air de marcher :D 
    a b 8 Sécurité
    1 Avril 2008 15:45:59

    Plus d'idée là :/ 
    a b 8 Sécurité
    1 Avril 2008 20:55:42

    Tu peux fixer cette ligne ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    1 Avril 2008 21:32:07

    Hoho !

    Félicitations c'était ca lol

    Merci beaucoup pour ton aide précieuse, mon pc va mieux :) 
    Encore une fois merci et bonne continuation pour tes conseils.

    A++
    Drazh
    a b 8 Sécurité
    1 Avril 2008 21:59:03

    Ok, bonne continuation.
    Merci à la personne m'ayant donné un coup de main égalament (;))
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS