Se connecter / S'enregistrer
Votre question

[RESOLU]probleme msn (C:\WINDOWS\retadpu1000627.exe\[UPX])

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
25 Juin 2007 23:07:07

On m'a envoyé une adresse en me disant que c'était une photo de moi. Je l'ai ouvert et la ... PAF !!! Un virus.

AIDEZ MOI SVP

Voici le rapport d'hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 23:02:34, on 25/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\agxrckml.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\lxcecoms.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Electronic Arts\EA Link\Core.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Maxime\services.exe
C:\Documents and Settings\Maxime\Bureau\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Draw Scr Ford Eggs] C:\Documents and Settings\All Users\Application Data\Bone Open Draw Scr\skip wait.exe
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [phonebuild] C:\DOCUME~1\Maxime\APPLIC~1\Gplfirst\rdr dart itch.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\agxrckml.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Autres pages sur : resolu probleme msn windows retadpu1000627 exe upx

25 Juin 2007 23:20:51

et voici le rapport de "clean"

25/06/2007 a 23:19:51,60

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\windebug.log FOUND
C:\WINDOWS\windebug.log FOUND

*** Recherche des fichiers dans C:\WINDOWS\system32
"C:\Documents and Settings\Maxime\Application Data\ezpinst.exe" FOUND

*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Adverts\" FOUND
"C:\Program Files\PartyGaming.Net\" FOUND
"C:\Program Files\WebMediaPlayer\" FOUND
*** Fin du rapport !
25 Juin 2007 23:24:46

et msn fix


MSN_Fix 1.326

C:\Documents and Settings\Maxime\Bureau\MSNFix\MSNFix
Fix exécuté le 25/06/2007 - 23:23:33,87 By Maxime
mode normal

************************ Recherche les fichiers présents

Aucun Fichier trouvé

************************ Recherche les dossiers présents

Aucun dossier trouvé


************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention




------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://246694.aceboard.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

Contenus similaires
26 Juin 2007 12:58:26

aidez-moi svp
a b 8 Sécurité
26 Juin 2007 13:45:12

Un bonjour ? De la patience ?

Télécharge Navilog1.exe (IL-MAFIOSO)
Enregistre-le sur ton Bureau.
Lance l'installation en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
[#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse


NOTE : Le rapport se trouve également ici : C:\fixnavi.txt
26 Juin 2007 19:57:38

Search Navipromo version 2.0.3 commencé le 26/06/2007 à 19:49:00,42

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes ***


WebMediaPlayer


*** Recherche dossiers dans C:\WINDOWS ***




*** Recherche dossiers dans C:\Program Files ***


C:\Program Files\WebMediaPlayer trouvé !


*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\Maxime\Application Data ***



*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
http://www.f-secure.com/blacklight/blacklight_help.html

Fichier(s) caché(s) dans C:\WINDOWS\system32 :

c:\WINDOWS\system32\kcbbnpq.dat
C:\windows\system32\kcbbnpq.exe
c:\WINDOWS\system32\kcbbnpq_nav.dat
c:\WINDOWS\system32\kcbbnpq_navps.dat

Processus caché(s) dans C:\WINDOWS\system32 :

C:\windows\system32\kcbbnpq.exe


*** Recherche fichiers ***


C:\DOCUME~1\Maxime\Bureau\WebMediaPlayer.lnk trouvé !
C:\WINDOWS\pack.epk trouvé !
C:\WINDOWS\system32\nvs2.inf trouvé !


*** Recherche cles registre ***


Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]



Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]



Recherche Clé Magic Control

HKEY_CURRENT_USER\Software\Lanconfig trouvé !
HKEY_USERS\S-1-5-21-602162358-1364589140-725345543-1003\Software\Lanconfig trouvé !


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

C:\WINDOWS\system32\gjkmp.bak1 trouvé ! infection Vundo possible non traité par cet outil !

2)Recherche Heuristique :
*
C:\WINDOWS\system32\kcbbnpq.dat trouvé !
**
C:\WINDOWS\system32\kcbbnpq.dat trouvé !
***
****
C:\WINDOWS\system32\kcbbnpq_navps.dat trouvé !
*****
******
*******
********


*** Analyse Terminé le 26/06/2007 à 19:56:57,90 ***
a b 8 Sécurité
26 Juin 2007 20:07:08

Re,

Double clique sur le raccourci de Navilog1 présent sur ton Bureau.
Suis les instructions. Choisis ensuite l'option 2 puis valide.
Laisse toi guider et réponds aux questions éventuelles.

L'utilitaire va t'informer qu'il va redémarrer l'ordinateur.
[#ff0000]**Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts**[/#f]
Appuie maintenant sur une touche, comme demandé.
(si ton PC ne redémarre pas automatiquement, fais-le manuellement)

Patiente jusqu'à l'apparition de ce message :
"*** Nettoyage Termine le ..... ***"

Le Bloc-notes va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver.
Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

Poste le rapport sauvegardé auparavant (C:\cleannavi.txt)
Ainsi qu'un nouveau rapport Hijackthis.

Ferme Internet Explorer puis Démarrer/Panneau de Configuration/Options Internet.
Choisis l'onglet Contenu puis onglet Certificats.
Si tu trouves les programmes suivant (en particulier dans Editeurs approuvés), supprime-les :

electronic-group
egroup
Montorgueil
VIP
"Sunny Day Design Ltd"
26 Juin 2007 20:38:35

Clean Navipromo version 2.0.3 commencé le 26/06/2007 à 20:30:13,65

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO

Mode suppression automatique avec prise en charge résultats Blacklight


*** Creation backups fichiers trouvés par Blacklight ***

Copie vers "C:\Program Files\navilog1\Backupnavi"


*** Suppression des fichiers trouvés avec Blacklight ***

c:\WINDOWS\system32\kcbbnpq.dat supprimé !
C:\windows\system32\kcbbnpq.exe supprimé !
c:\WINDOWS\system32\kcbbnpq_nav.dat supprimé !
c:\WINDOWS\system32\kcbbnpq_navps.dat supprimé !

** 2ème passage **

C:\WINDOWS\system32\kcbbnpq.exe absent !
C:\WINDOWS\system32\kcbbnpq.dat absent !
C:\WINDOWS\system32\kcbbnpq_nav.dat absent !
C:\WINDOWS\system32\kcbbnpq_navps.dat absent !
C:\WINDOWS\system32\kcbbnpq_navup.dat absent !
C:\WINDOWS\system32\kcbbnpq_navtmp.dat absent !
C:\WINDOWS\system32\kcbbnpq_m2s.xml absent !


C:\WINDOWS\prefetch\kcbbnpq*.pf trouvé !
Copie C:\WINDOWS\prefetch\kcbbnpq*.pf réalise avec succes !
C:\WINDOWS\prefetch\kcbbnpq*.pf supprimé !

*** Suppression dossiers dans C:\WINDOWS ***


*** Suppression dossiers dans C:\Program Files ***

C:\Program Files\WebMediaPlayer ...suppression...
C:\Program Files\WebMediaPlayer supprimé !


*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***


*** Suppression dossiers dans C:\Documents and Settings\Maxime\Application Data ***



*** Suppression fichiers ***

C:\DOCUME~1\Maxime\Bureau\WebMediaPlayer.lnk supprimé !
C:\WINDOWS\pack.epk supprimé !
C:\WINDOWS\system32\nvs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Maxime\Local Settings\Temp effectué !


*** Sauvegarde du registre vers dossier Backupnavi***


sauvegarde du registre réalise avec succes !


*** Nettoyage registre ***


Nettoyage registre Ok

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

C:\WINDOWS\system32\gjkmp.bak1 trouvé ! infection Vundo possible non traité par cet outil !

2)Recherche et Suppression Heuristique :

*
**
***
****
*****
******
*******
********

3)Contrôle présence clés Rootkit dans le registre :

Aucune autre clés présente dans le registre !

*** Nettoyage termine le 26/06/2007 à 20:34:31,46 ***






26 Juin 2007 20:38:46

Logfile of HijackThis v1.99.1
Scan saved at 20:36:11, on 26/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\agxrckml.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Maxime\Bureau\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Draw Scr Ford Eggs] C:\Documents and Settings\All Users\Application Data\Bone Open Draw Scr\skip wait.exe
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [phonebuild] C:\DOCUME~1\Maxime\APPLIC~1\Gplfirst\rdr dart itch.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\agxrckml.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

a b 8 Sécurité
26 Juin 2007 20:41:24

Re,

Télécharge LopResearch.zip
Dézippe-le sur ton Bureau uniquement.
Ouvre le dossier LopResearch puis double-clique sur le Scan.bat.
Un rapport sera généré, poste son contenu ici.
26 Juin 2007 20:44:36

Rapport fait à 20:44:04,89 le 26/06/2007

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 787E-CD96

R‚pertoire de C:\Documents and Settings\All Users\Application Data

22/03/2007 19:46 <REP> Google
31/01/2007 14:47 1755 QTSBandwidthCache
29/01/2007 22:34 <REP> ashampoo
25/12/2006 13:09 <REP> Apple Computer
15/10/2006 20:45 <REP> Messenger Plus!
15/10/2006 20:43 <REP> Bone Open Draw Scr
19/09/2006 21:16 <REP> FaxCtr
18/09/2006 11:04 <REP> Yahoo! Companion
18/09/2006 10:57 <REP> Adobe
16/09/2006 09:26 <REP> Windows Genuine Advantage
14/09/2006 22:52 62 desktop.ini
14/09/2006 22:50 <REP> Microsoft
14/09/2006 22:50 <REP> .
14/09/2006 22:50 <REP> ..
2 fichier(s) 1817 octets
12 R‚p(s) 80373022720 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 787E-CD96

R‚pertoire de C:\Documents and Settings\Default User\Application Data

14/09/2006 22:52 62 desktop.ini
14/09/2006 22:50 <REP> ..
14/09/2006 22:50 <REP> Microsoft
14/09/2006 22:50 <REP> .
1 fichier(s) 62 octets
3 R‚p(s) 80373022720 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 787E-CD96

R‚pertoire de C:\Documents and Settings\Maxime\Application Data

05/03/2007 19:32 <REP> Command & Conquer 3 Tiberium Wars Demo
29/01/2007 22:35 <REP> Ashampoo
29/01/2007 00:11 <REP> vlc
25/12/2006 13:10 <REP> Apple Computer
06/11/2006 21:23 <REP> Help
04/11/2006 14:35 <REP> Sports Interactive
31/10/2006 16:16 <REP> Azureus
29/10/2006 00:11 <REP> Leadertech
21/10/2006 20:55 <REP> CopyToDvd
21/10/2006 20:51 33 pcouffin.log
21/10/2006 20:51 7176 pcouffin.cat
21/10/2006 20:51 81920 ezpinst.exe
21/10/2006 20:51 47360 pcouffin.sys
21/10/2006 20:51 1144 pcouffin.inf
21/10/2006 20:51 <REP> Vso
17/10/2006 19:30 <REP> DivX
16/10/2006 17:51 <REP> Sun
15/10/2006 20:43 <REP> Gplfirst
23/09/2006 16:24 <REP> AdobeAUM
20/09/2006 12:53 <REP> FaxCtr
18/09/2006 11:00 <REP> AdobeUM
18/09/2006 10:55 <REP> Adobe
14/09/2006 23:15 <REP> Mozilla
14/09/2006 21:32 <REP> Macromedia
14/09/2006 21:10 <REP> Identities
14/09/2006 21:10 62 desktop.ini
14/09/2006 21:10 <REP> ..
14/09/2006 21:10 <REP> .
14/09/2006 21:10 <REP> Microsoft
6 fichier(s) 137695 octets
23 R‚p(s) 80373022720 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 787E-CD96

R‚pertoire de C:\WINDOWS\Tasks

05/03/2007 00:15 264 A0A07C7A9187F886.job
25/12/2006 13:09 284 AppleSoftwareUpdate.job
14/09/2006 21:07 6 SA.DAT
14/09/2006 21:01 65 desktop.ini
14/09/2006 21:01 <REP> ..
14/09/2006 21:01 <REP> .
4 fichier(s) 619 octets
2 R‚p(s) 80ÿ373ÿ022ÿ720 octets libres

******************************************
Listing des dossiers dans C:\Program Files

Abbyy FineReader 6.0 Sprint
AbiSuite2
Adobe
Adverts
Alwil Software
Analog Devices
Apple Software Update
Ashampoo
Azureus
CasinoOnNet
ComPlus Applications
Dial-Messenger
DivX
Electronic Arts
eMule
Eurobarre
Fichiers communs
GameSpy
Gplfirst
Internet Explorer
iPod
iTunes
Java
L'EntraŒneur 2007 Demo
Lexmark 4300 Series
Lexmark Fax Solutions
Logitech
Lx_cats
Macrogaming
Messenger
MessengerPlus! 3
microsoft frontpage
Microsoft Games
Microsoft Office
Movie Maker
Mozilla Firefox
MSN
MSN Gaming Zone
MSN Messenger
MSXML 4.0
Navilog1
NetMeeting
Online Services
Outlook Express
PacificPoker
PartyGaming.Net
QuickTime
SAGEM
Services en ligne
Singles
VideoLAN
VSO
Wanadoo
Wanadoo Messager
WebTvX
Winamp
Windows Media Connect 2
Windows Media Player
Windows NT
xerox
Yahoo!
******************************************
Recherche des dossiers/fichiers LOP

C:\Program Files\Adverts Présent !
C:\WINDOWS\tasks\A0A07C7A9187F886.job Présent !
******************************************
Recherche d'infections connues

Pas d'infection reconnue
******************************************
Vérification du fichier HOSTS

Fichier Hosts : MODIFIE
*************** Fin du Rapport - Version 0.9 ****************
a b 8 Sécurité
26 Juin 2007 20:49:17

Re,

Fix les lignes en italique ci-dessous avec Hijackthis : AIDE EN IMAGES

O4 - HKLM\..\Run: [Draw Scr Ford Eggs] C:\Documents and Settings\All Users\Application Data\Bone Open Draw Scr\skip wait.exe
O4 - HKCU\..\Run: [phonebuild] C:\DOCUME~1\Maxime\APPLIC~1\Gplfirst\rdr dart itch.exe


&

Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne TOUS les emplacements en gras ci-dessous :

C:\Documents and Settings\All Users\Application Data\Bone Open Draw Scr
C:\Documents and Settings\Maxime\Application Data\Gplfirst
C:\Program Files\Gplfirst
C:\Program Files\Adverts
C:\WINDOWS\tasks\A0A07C7A9187F886.job


---> Clique-droit puis Copier (ou Ctrl+C)

Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur [#ff0000]MoveIt![/#f]

[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]

Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

->Informations sur le logiciel<-

&

Télécharge R-Hosts.exe (de S!ri)
Lance R-Hosts puis clique sur "Restaurer".
Valide la modification en appuyant sur OK.
26 Juin 2007 21:06:43

202261,12,181940 a dit :

Sélectionne TOUS les emplacements en gras ci-dessous :

C:\Documents and Settings\All Users\Application Data\Bone Open Draw Scr
C:\Documents and Settings\Maxime\Application Data\Gplfirst
C:\Program Files\Gplfirst
C:\Program Files\Adverts
C:\WINDOWS\tasks\A0A07C7A9187F886.job


Je les selectionne ou ces emplacement??
a b 8 Sécurité
26 Juin 2007 21:17:33

Sur le form :) 
26 Juin 2007 21:21:00

en fait j'ai bugger lol

Folder cleanup failed. C:\Documents and Settings\All Users\Application Data\Bone Open Draw Scr scheduled to be deleted on reboot.
C:\Documents and Settings\Maxime\Application Data\Gplfirst moved successfully.
C:\Program Files\Gplfirst moved successfully.
C:\Program Files\Adverts moved successfully.
C:\WINDOWS\tasks\A0A07C7A9187F886.job moved successfully.

Created on 06/26/2007 21:15:58
a b 8 Sécurité
26 Juin 2007 21:22:43

Reposte un rapport Hijackthis.
26 Juin 2007 21:27:15

J'ai un souci !!!
Hijacktjis se lance mais dès que le scan est terminé, une fenêtre s'ouvre et me dit que Hijacktjis à rencontré un problème et doit fermé. Et ça me le fait à chaque fois !!!
a b 8 Sécurité
26 Juin 2007 21:36:33

Supprime Hijackthis puis recommence :) 
26 Juin 2007 22:02:28

Au bout de 3 ou 4 fois il s'est bien remis . . .

Logfile of HijackThis v1.99.1
Scan saved at 22:01:42, on 26/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\agxrckml.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Maxime\services.exe
C:\Documents and Settings\Maxime\Bureau\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\agxrckml.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

a b 8 Sécurité
27 Juin 2007 10:25:51

Désinstalle SweetIM puis reposte un rapport Hijackthis.
27 Juin 2007 13:06:25

Logfile of HijackThis v1.99.1
Scan saved at 13:06:10, on 27/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\agxrckml.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Maxime\Bureau\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\ssiwlagp.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\agxrckml.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

a b 8 Sécurité
27 Juin 2007 13:07:13

Re,

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    27 Juin 2007 13:22:33


    VundoFix V6.5.1

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.11

    Scan started at 22:04:17 25/06/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\gjkmp.bak1
    C:\WINDOWS\system32\gjkmp.ini
    C:\WINDOWS\system32\pmkjg.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gjkmp.bak1
    C:\WINDOWS\system32\gjkmp.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gjkmp.ini
    C:\WINDOWS\system32\gjkmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmkjg.dll
    C:\WINDOWS\system32\pmkjg.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    VundoFix V6.5.1

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.11

    Scan started at 13:16:28 27/06/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\gjkmp.bak1
    C:\WINDOWS\system32\gjkmp.bak2
    C:\WINDOWS\system32\gjkmp.ini
    C:\WINDOWS\system32\pmkjg.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gjkmp.bak1
    C:\WINDOWS\system32\gjkmp.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gjkmp.bak2
    C:\WINDOWS\system32\gjkmp.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gjkmp.ini
    C:\WINDOWS\system32\gjkmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmkjg.dll
    C:\WINDOWS\system32\pmkjg.dll Has been deleted!

    Performing Repairs to the registry.
    Done!
    27 Juin 2007 13:22:57

    Logfile of HijackThis v1.99.1
    Scan saved at 13:22:49, on 27/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Logitech\Video\CameraAssistant.exe
    C:\WINDOWS\system32\ElkCtrl.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Lexmark 4300 Series\lxcemon.exe
    C:\Program Files\Lexmark 4300 Series\ezprint.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\agxrckml.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Electronic Arts\EA Link\Core.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Maxime\Bureau\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\vrcxecpd.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {D75D13CF-2D08-4AE0-9C00-D2984EB87595} - C:\WINDOWS\system32\pmkjg.dll (file missing)
    O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\efcbcya.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\ssiwlagp.dll",forkonce
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
    O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: efcbcya - C:\WINDOWS\SYSTEM32\efcbcya.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: DomainService - - C:\WINDOWS\system32\agxrckml.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    a b 8 Sécurité
    27 Juin 2007 13:53:12

    Re,

  • Télécharge combofix.exe (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    27 Juin 2007 18:53:17

    "Maxime" - 2007-06-27 18:39:58 - ComboFix 07-06-27.7 - Service Pack 2 NTFS


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\byxyyvt.dll
    C:\WINDOWS\system32\wvutqpp.dll
    C:\WINDOWS\system32\awtqqon.dll
    C:\WINDOWS\system32\awtronm.dll
    C:\WINDOWS\system32\awtstsr.dll
    C:\WINDOWS\system32\awtstuu.dll
    C:\WINDOWS\system32\awttusq.dll
    C:\WINDOWS\system32\awtusrr.dll
    C:\WINDOWS\system32\awtuuvw.dll
    C:\WINDOWS\system32\byxvtro.dll
    C:\WINDOWS\system32\byxwxww.dll
    C:\WINDOWS\system32\byxxxvw.dll
    C:\WINDOWS\system32\byxyaab.dll
    C:\WINDOWS\system32\byxyvss.dll
    C:\WINDOWS\system32\byxyxyw.dll
    C:\WINDOWS\system32\byxyyvu.dll
    C:\WINDOWS\system32\cbxyyyw.dll
    C:\WINDOWS\system32\ddcabba.dll
    C:\WINDOWS\system32\ddccaby.dll
    C:\WINDOWS\system32\ddcdbya.dll
    C:\WINDOWS\system32\fcccaxx.dll
    C:\WINDOWS\system32\fccdbcb.dll
    C:\WINDOWS\system32\gebbywx.dll
    C:\WINDOWS\system32\gebywvw.dll
    C:\WINDOWS\system32\gebyyax.dll
    C:\WINDOWS\system32\hgggddd.dll
    C:\WINDOWS\system32\hgggdeb.dll
    C:\WINDOWS\system32\iifcdax.dll
    C:\WINDOWS\system32\iifdeee.dll
    C:\WINDOWS\system32\iifeccb.dll
    C:\WINDOWS\system32\jkkhefd.dll
    C:\WINDOWS\system32\jkkiijh.dll
    C:\WINDOWS\system32\jkkkjgg.dll
    C:\WINDOWS\system32\jkkkkki.dll
    C:\WINDOWS\system32\khfcbxy.dll
    C:\WINDOWS\system32\khfdcyv.dll
    C:\WINDOWS\system32\khfddbc.dll
    C:\WINDOWS\system32\khfddef.dll
    C:\WINDOWS\system32\khfdeff.dll
    C:\WINDOWS\system32\khfeebb.dll
    C:\WINDOWS\system32\ljjjjgg.dll
    C:\WINDOWS\system32\mljghif.dll
    C:\WINDOWS\system32\mljihed.dll
    C:\WINDOWS\system32\mljjklj.dll
    C:\WINDOWS\system32\mljkihi.dll
    C:\WINDOWS\system32\nnnkiji.dll
    C:\WINDOWS\system32\nnnnlkh.dll
    C:\WINDOWS\system32\opnkhif.dll
    C:\WINDOWS\system32\opnllmj.dll
    C:\WINDOWS\system32\opnmlmk.dll
    C:\WINDOWS\system32\opnnnnk.dll
    C:\WINDOWS\system32\pmnnmlk.dll
    C:\WINDOWS\system32\pmnnmlm.dll
    C:\WINDOWS\system32\qomklmk.dll
    C:\WINDOWS\system32\qomlmno.dll
    C:\WINDOWS\system32\qomnlkj.dll
    C:\WINDOWS\system32\qomnnkl.dll
    C:\WINDOWS\system32\rqroljk.dll
    C:\WINDOWS\system32\rqropnk.dll
    C:\WINDOWS\system32\rqrpopp.dll
    C:\WINDOWS\system32\rqrsqnm.dll
    C:\WINDOWS\system32\ssqrono.dll
    C:\WINDOWS\system32\ssqrqro.dll
    C:\WINDOWS\system32\tuvwtsr.dll
    C:\WINDOWS\system32\tuvwwwx.dll
    C:\WINDOWS\system32\tuvwxur.dll
    C:\WINDOWS\system32\urqnljg.dll
    C:\WINDOWS\system32\urqrqro.dll
    C:\WINDOWS\system32\vtuutrq.dll
    C:\WINDOWS\system32\vtuuusq.dll
    C:\WINDOWS\system32\vtuuuus.dll
    C:\WINDOWS\system32\wvursrr.dll
    C:\WINDOWS\system32\wvusqqr.dll
    C:\WINDOWS\system32\wvusrqp.dll
    C:\WINDOWS\system32\wvutspn.dll
    C:\WINDOWS\system32\wvutstt.dll
    C:\WINDOWS\system32\wvuurqr.dll
    C:\WINDOWS\system32\xxyvuvw.dll
    C:\WINDOWS\system32\xxywwtr.dll
    C:\WINDOWS\system32\xxywwwx.dll
    C:\WINDOWS\system32\yaywxyw.dll
    C:\WINDOWS\system32\tttss.bak1
    C:\WINDOWS\system32\tttss.ini
    C:\WINDOWS\system32\ssttt.dll
    C:\WINDOWS\system32\efcbcya.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\Maxime\APPLIC~1.\macromedia\Flash Player\#SharedObjects\JCLZXK3D\www.broadcaster.com
    C:\DOCUME~1\Maxime\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
    C:\DOCUME~1\Maxime\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
    C:\WINDOWS\system32\agxrckml.exe
    C:\WINDOWS\system32\vhqjhtbu.exe


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_DOMAINSERVICE
    -------\DomainService


    ((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 )))))))))))))))))))))))))))))))


    2007-06-27 18:39 49,152 --a------ C:\WINDOWS\nircmd.exe
    2007-06-26 22:44 128,576 --a------ C:\WINDOWS\system32\ssiwlagp.dll
    2007-06-26 22:41 66,112 --a------ C:\WINDOWS\system32\vrcxecpd.dll
    2007-06-26 19:46 <REP> d-------- C:\Program Files\Navilog1
    2007-06-25 22:34 4,672 --a------ C:\WINDOWS\system32\ewtkapor.exe
    2007-06-25 22:04 <REP> d-------- C:\VundoFix Backups
    2007-06-25 21:12 71,411 --a------ C:\DOCUME~1\Maxime\call.exe
    2007-06-25 21:12 239,715 --a------ C:\DOCUME~1\Maxime\services.exe
    2007-06-24 14:43 <REP> d--h----- C:\WINDOWS\msdownld.tmp
    2007-06-24 14:43 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2007-06-24 14:39 <REP> d-------- C:\WINDOWS\network diagnostic
    2007-06-19 21:47 <REP> d-------- C:\Program Files\Dial-Messenger
    2007-06-18 17:40 20,976 --a------ C:\WINDOWS\system\CTL3D.DLL
    2007-06-18 17:40 <REP> d-------- C:\FXIWIN19
    2007-06-18 17:40 <REP> d-------- C:\DOCUME~1\Maxime\WINDOWS
    2007-06-13 17:30 <REP> d-------- C:\bccceb4f35776fe9d2c55ab353
    2007-06-05 22:18 <REP> d-------- C:\Program Files\Macrogaming


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-27 16:36:54 -------- d-----w C:\Program Files\Lx_cats
    2007-06-25 20:22:26 -------- d-----w C:\Program Files\Wanadoo
    2007-06-25 19:04:46 -------- d-----w C:\Program Files\MSN Messenger
    2007-06-23 18:54:23 -------- d-----w C:\Program Files\eMule
    2007-06-23 18:54:19 -------- d-----w C:\DOCUME~1\Maxime\APPLIC~1\Azureus
    2007-06-16 11:43:16 -------- d-----w C:\Program Files\PacificPoker
    2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-04-30 17:31:28 -------- d-----w C:\Program Files\Windows Media Connect 2
    2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-04-27 16:57:09 78 ----a-w C:\WINDOWS\system32\netwbix32.dll
    2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
    {D75D13CF-2D08-4AE0-9C00-D2984EB87595}=C:\WINDOWS\system32\pmkjg.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-06-21 19:14]
    "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57]
    "LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 10:26]
    "LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 10:33]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
    "lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" [2005-03-22 19:25]
    "EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" [2005-02-15 12:07]
    "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-03-16 11:10]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-10-16 10:25]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-24 12:24]
    "EA Core"="C:\Program Files\Electronic Arts\EA Link\Core.exe" [2007-04-17 07:59]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegedit"=0 (0x0)
    "NoFind"=0 (0x0)
    "NoRun"=0 (0x0)
    "NoDesktop"=0 (0x0)
    "NoControlPanel"=0 (0x0)
    "NoClose"=0 (0x0)
    "StartMenuLogOff"=0 (0x0)
    "HideClock"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
    C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
    C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
    C:\PROGRA~1\Wanadoo\Watch.exe


    Contents of the 'Scheduled Tasks' folder
    2006-12-25 11:09:39 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-27 18:48:16
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-06-27 18:50:05 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-06-27 18:49

    --- E O F ---
    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\byxyyvt.dll
    C:\WINDOWS\system32\wvutqpp.dll
    C:\WINDOWS\system32\awtqqon.dll
    C:\WINDOWS\system32\awtronm.dll
    C:\WINDOWS\system32\awtstsr.dll
    C:\WINDOWS\system32\awtstuu.dll
    C:\WINDOWS\system32\awttusq.dll
    C:\WINDOWS\system32\awtusrr.dll
    C:\WINDOWS\system32\awtuuvw.dll
    C:\WINDOWS\system32\byxvtro.dll
    C:\WINDOWS\system32\byxwxww.dll
    C:\WINDOWS\system32\byxxxvw.dll
    C:\WINDOWS\system32\byxyaab.dll
    C:\WINDOWS\system32\byxyvss.dll
    C:\WINDOWS\system32\byxyxyw.dll
    C:\WINDOWS\system32\byxyyvu.dll
    C:\WINDOWS\system32\cbxyyyw.dll
    C:\WINDOWS\system32\ddcabba.dll
    C:\WINDOWS\system32\ddccaby.dll
    C:\WINDOWS\system32\ddcdbya.dll
    C:\WINDOWS\system32\fcccaxx.dll
    C:\WINDOWS\system32\fccdbcb.dll
    C:\WINDOWS\system32\gebbywx.dll
    C:\WINDOWS\system32\gebywvw.dll
    C:\WINDOWS\system32\gebyyax.dll
    C:\WINDOWS\system32\hgggddd.dll
    C:\WINDOWS\system32\hgggdeb.dll
    C:\WINDOWS\system32\iifcdax.dll
    C:\WINDOWS\system32\iifdeee.dll
    C:\WINDOWS\system32\iifeccb.dll
    C:\WINDOWS\system32\jkkhefd.dll
    C:\WINDOWS\system32\jkkiijh.dll
    C:\WINDOWS\system32\jkkkjgg.dll
    C:\WINDOWS\system32\jkkkkki.dll
    C:\WINDOWS\system32\khfcbxy.dll
    C:\WINDOWS\system32\khfdcyv.dll
    C:\WINDOWS\system32\khfddbc.dll
    C:\WINDOWS\system32\khfddef.dll
    C:\WINDOWS\system32\khfdeff.dll
    C:\WINDOWS\system32\khfeebb.dll
    C:\WINDOWS\system32\ljjjjgg.dll
    C:\WINDOWS\system32\mljghif.dll
    C:\WINDOWS\system32\mljihed.dll
    C:\WINDOWS\system32\mljjklj.dll
    C:\WINDOWS\system32\mljkihi.dll
    C:\WINDOWS\system32\nnnkiji.dll
    C:\WINDOWS\system32\nnnnlkh.dll
    C:\WINDOWS\system32\opnkhif.dll
    C:\WINDOWS\system32\opnllmj.dll
    C:\WINDOWS\system32\opnmlmk.dll
    C:\WINDOWS\system32\opnnnnk.dll
    C:\WINDOWS\system32\pmnnmlk.dll
    C:\WINDOWS\system32\pmnnmlm.dll
    C:\WINDOWS\system32\qomklmk.dll
    C:\WINDOWS\system32\qomlmno.dll
    C:\WINDOWS\system32\qomnlkj.dll
    C:\WINDOWS\system32\qomnnkl.dll
    C:\WINDOWS\system32\rqroljk.dll
    C:\WINDOWS\system32\rqropnk.dll
    C:\WINDOWS\system32\rqrpopp.dll
    C:\WINDOWS\system32\rqrsqnm.dll
    C:\WINDOWS\system32\ssqrono.dll
    C:\WINDOWS\system32\ssqrqro.dll
    C:\WINDOWS\system32\tuvwtsr.dll
    C:\WINDOWS\system32\tuvwwwx.dll
    C:\WINDOWS\system32\tuvwxur.dll
    C:\WINDOWS\system32\urqnljg.dll
    C:\WINDOWS\system32\urqrqro.dll
    C:\WINDOWS\system32\vtuutrq.dll
    C:\WINDOWS\system32\vtuuusq.dll
    C:\WINDOWS\system32\vtuuuus.dll
    C:\WINDOWS\system32\wvursrr.dll
    C:\WINDOWS\system32\wvusqqr.dll
    C:\WINDOWS\system32\wvusrqp.dll
    C:\WINDOWS\system32\wvutspn.dll
    C:\WINDOWS\system32\wvutstt.dll
    C:\WINDOWS\system32\wvuurqr.dll
    C:\WINDOWS\system32\xxyvuvw.dll
    C:\WINDOWS\system32\xxywwtr.dll
    C:\WINDOWS\system32\xxywwwx.dll
    C:\WINDOWS\system32\yaywxyw.dll
    C:\WINDOWS\system32\tttss.bak1
    C:\WINDOWS\system32\tttss.ini
    C:\WINDOWS\system32\ssttt.dll
    C:\WINDOWS\system32\efcbcya.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\Maxime\APPLIC~1.\macromedia\Flash Player\#SharedObjects\JCLZXK3D\www.broadcaster.com
    C:\DOCUME~1\Maxime\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
    C:\DOCUME~1\Maxime\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
    C:\WINDOWS\system32\agxrckml.exe
    C:\WINDOWS\system32\vhqjhtbu.exe


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_DOMAINSERVICE
    -------\DomainService


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_DOMAINSERVICE
    -------\DomainService


    ((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 )))))))))))))))))))))))))))))))


    a b 8 Sécurité
    27 Juin 2007 19:05:34

    Reposte un rapport Hijackthis.
    27 Juin 2007 19:10:48

    Logfile of HijackThis v1.99.1
    Scan saved at 19:10, on 2007-06-27
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Logitech\Video\CameraAssistant.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Lexmark 4300 Series\lxcemon.exe
    C:\Program Files\Lexmark 4300 Series\ezprint.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\system32\lvcomsx.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\ComboFix\catchme.cfexe
    C:\Documents and Settings\Maxime\Bureau\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {D75D13CF-2D08-4AE0-9C00-D2984EB87595} - C:\WINDOWS\system32\pmkjg.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
    O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    a b 8 Sécurité
    27 Juin 2007 19:15:05

    Refais un scan Combofix.
    27 Juin 2007 19:27:54

    "Maxime" - 2007-06-27 19:26:03 - ComboFix 07-06-27.7 - Service Pack 2 NTFS


    ((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 )))))))))))))))))))))))))))))))


    2007-06-27 18:39 49,152 --a------ C:\WINDOWS\nircmd.exe
    2007-06-26 22:44 128,576 --a------ C:\WINDOWS\system32\ssiwlagp.dll
    2007-06-26 22:41 66,112 --a------ C:\WINDOWS\system32\vrcxecpd.dll
    2007-06-26 19:46 <REP> d-------- C:\Program Files\Navilog1
    2007-06-25 22:34 4,672 --a------ C:\WINDOWS\system32\ewtkapor.exe
    2007-06-25 22:04 <REP> d-------- C:\VundoFix Backups
    2007-06-25 21:12 71,411 --a------ C:\DOCUME~1\Maxime\call.exe
    2007-06-25 21:12 239,715 --a------ C:\DOCUME~1\Maxime\services.exe
    2007-06-24 14:43 <REP> d--h----- C:\WINDOWS\msdownld.tmp
    2007-06-24 14:43 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2007-06-24 14:39 <REP> d-------- C:\WINDOWS\network diagnostic
    2007-06-19 21:47 <REP> d-------- C:\Program Files\Dial-Messenger
    2007-06-18 17:40 20,976 --a------ C:\WINDOWS\system\CTL3D.DLL
    2007-06-18 17:40 <REP> d-------- C:\FXIWIN19
    2007-06-18 17:40 <REP> d-------- C:\DOCUME~1\Maxime\WINDOWS
    2007-06-13 17:30 <REP> d-------- C:\bccceb4f35776fe9d2c55ab353
    2007-06-05 22:18 <REP> d-------- C:\Program Files\Macrogaming


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-27 16:36:54 -------- d-----w C:\Program Files\Lx_cats
    2007-06-25 20:22:26 -------- d-----w C:\Program Files\Wanadoo
    2007-06-25 19:04:46 -------- d-----w C:\Program Files\MSN Messenger
    2007-06-23 18:54:23 -------- d-----w C:\Program Files\eMule
    2007-06-23 18:54:19 -------- d-----w C:\DOCUME~1\Maxime\APPLIC~1\Azureus
    2007-06-16 11:43:16 -------- d-----w C:\Program Files\PacificPoker
    2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-04-30 17:31:28 -------- d-----w C:\Program Files\Windows Media Connect 2
    2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-04-27 16:57:09 78 ----a-w C:\WINDOWS\system32\netwbix32.dll
    2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
    {D75D13CF-2D08-4AE0-9C00-D2984EB87595}=C:\WINDOWS\system32\pmkjg.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-06-21 19:14]
    "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57]
    "LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 10:26]
    "LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 10:33]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
    "lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" [2005-03-22 19:25]
    "EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" [2005-02-15 12:07]
    "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-03-16 11:10]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-10-16 10:25]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-24 12:24]
    "EA Core"="C:\Program Files\Electronic Arts\EA Link\Core.exe" [2007-04-17 07:59]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegedit"=0 (0x0)
    "NoFind"=0 (0x0)
    "NoRun"=0 (0x0)
    "NoDesktop"=0 (0x0)
    "NoControlPanel"=0 (0x0)
    "NoClose"=0 (0x0)
    "StartMenuLogOff"=0 (0x0)
    "HideClock"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
    C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
    C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
    C:\PROGRA~1\Wanadoo\Watch.exe


    Contents of the 'Scheduled Tasks' folder
    2006-12-25 11:09:39 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-27 19:27:11
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-06-27 19:27:41
    C:\ComboFix-quarantined-files.txt ... 2007-06-27 19:27
    C:\ComboFix2.txt ... 2007-06-27 18:52

    --- E O F ---
    a b 8 Sécurité
    27 Juin 2007 19:31:14

    Re,

    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\ssiwlagp.dll
    C:\WINDOWS\system32\vrcxecpd.dll
    C:\WINDOWS\system32\ewtkapor.exe
    C:\Documents and Settings\Maxime\call.exe
    C:\Documents and Settings\Maxime\services.exe

    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D75D13CF-2D08-4AE0-9C00-D2984EB87595}]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de ComboFix-Do.txt

    Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    27 Juin 2007 19:54:43

    "Maxime" - 2007-06-27 19:36:33 - ComboFix 07-06-27.7 - Service Pack 2 NTFS
    Command switches used :: C:\Documents and Settings\Maxime\Bureau\ComboFix-Do.txt


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Documents and Settings\Maxime\call.exe
    C:\Documents and Settings\Maxime\services.exe
    C:\WINDOWS\system32\ewtkapor.exe
    C:\WINDOWS\system32\ssiwlagp.dll
    C:\WINDOWS\system32\vrcxecpd.dll


    ((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 )))))))))))))))))))))))))))))))


    2007-06-27 18:39 49,152 --a------ C:\WINDOWS\nircmd.exe
    2007-06-26 19:46 <REP> d-------- C:\Program Files\Navilog1
    2007-06-25 22:04 <REP> d-------- C:\VundoFix Backups
    2007-06-24 14:43 <REP> d--h----- C:\WINDOWS\msdownld.tmp
    2007-06-24 14:43 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2007-06-24 14:39 <REP> d-------- C:\WINDOWS\network diagnostic
    2007-06-19 21:47 <REP> d-------- C:\Program Files\Dial-Messenger
    2007-06-18 17:40 20,976 --a------ C:\WINDOWS\system\CTL3D.DLL
    2007-06-18 17:40 <REP> d-------- C:\FXIWIN19
    2007-06-18 17:40 <REP> d-------- C:\DOCUME~1\Maxime\WINDOWS
    2007-06-13 17:30 <REP> d-------- C:\bccceb4f35776fe9d2c55ab353
    2007-06-05 22:18 <REP> d-------- C:\Program Files\Macrogaming


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-27 16:36:54 -------- d-----w C:\Program Files\Lx_cats
    2007-06-25 20:22:26 -------- d-----w C:\Program Files\Wanadoo
    2007-06-25 19:04:46 -------- d-----w C:\Program Files\MSN Messenger
    2007-06-23 18:54:23 -------- d-----w C:\Program Files\eMule
    2007-06-23 18:54:19 -------- d-----w C:\DOCUME~1\Maxime\APPLIC~1\Azureus
    2007-06-16 11:43:16 -------- d-----w C:\Program Files\PacificPoker
    2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-04-30 17:31:28 -------- d-----w C:\Program Files\Windows Media Connect 2
    2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-04-27 16:57:09 78 ----a-w C:\WINDOWS\system32\netwbix32.dll
    2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-06-21 19:14]
    "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57]
    "LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 10:26]
    "LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 10:33]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
    "lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" [2005-03-22 19:25]
    "EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" [2005-02-15 12:07]
    "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-03-16 11:10]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-10-16 10:25]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-24 12:24]
    "EA Core"="C:\Program Files\Electronic Arts\EA Link\Core.exe" [2007-04-17 07:59]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegedit"=0 (0x0)
    "NoFind"=0 (0x0)
    "NoRun"=0 (0x0)
    "NoDesktop"=0 (0x0)
    "NoControlPanel"=0 (0x0)
    "NoClose"=0 (0x0)
    "StartMenuLogOff"=0 (0x0)
    "HideClock"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
    C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
    C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
    C:\PROGRA~1\Wanadoo\Watch.exe


    Contents of the 'Scheduled Tasks' folder
    2006-12-25 11:09:39 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-27 19:37:07
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-06-27 19:37:40
    C:\ComboFix-quarantined-files.txt ... 2007-06-27 19:37
    C:\ComboFix2.txt ... 2007-06-27 19:27
    C:\ComboFix3.txt ... 2007-06-27 18:52

    --- E O F ---
    27 Juin 2007 19:55:26

    Logfile of HijackThis v1.99.1
    Scan saved at 19:55, on 2007-06-27
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Logitech\Video\CameraAssistant.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Lexmark 4300 Series\lxcemon.exe
    C:\Program Files\Lexmark 4300 Series\ezprint.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\system32\lvcomsx.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Maxime\Bureau\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
    O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    a b 8 Sécurité
    27 Juin 2007 21:22:24

    Re,

    Télécharge puis installe AVG Anti-Spyware (AVG AS)
    Fais les mises à jour mais ne lance pas de scan pour le moment.
    AIDE : Tuto sur AVG Anti-Spyware (Malekal)

    Redémarre en mode sans échec

    Relance AVG AS :
    - Choisis l'onglet "Analyse"
    - Puis l'onglet "Paramètres"
    - Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
    - Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

    [#ff0000]Si un fichier est infecté en fin d'analyse, clique sur "Appliquer toutes les actions"[/#f]

    Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
    Enregistre ce fichier texte sur ton bureau.

    Redémarre normalement.
    Poste le rapport AVG AS ainsi qu'un rapport Hijackthis.
    27 Juin 2007 23:10:12

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 23:03 2007-06-27

    + Résultat de l'analyse:



    C:\QooBox\Quarantine\C\WINDOWS\system32\awtqqon.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\awtronm.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\awtstsr.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\awtstuu.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\awttusq.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\awtusrr.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\awtuuvw.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\byxvtro.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\byxwxww.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\byxxxvw.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\byxyaab.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\byxyvss.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\byxyxyw.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\byxyyvt.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\byxyyvu.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\cbxyyyw.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\ddcabba.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\ddccaby.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\ddcdbya.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\efcbcya.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\fcccaxx.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\fccdbcb.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\gebbywx.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\gebywvw.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\gebyyax.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\hgggddd.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\hgggdeb.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\iifcdax.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\iifdeee.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\iifeccb.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\jkkhefd.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\jkkiijh.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\jkkkjgg.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\jkkkkki.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\khfcbxy.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\khfdcyv.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\khfddbc.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\khfddef.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\khfdeff.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\khfeebb.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\ljjjjgg.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\mljghif.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\mljihed.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\mljjklj.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\mljkihi.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\nnnkiji.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\nnnnlkh.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\opnkhif.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\opnllmj.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\opnmlmk.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\opnnnnk.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\pmnnmlk.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\pmnnmlm.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\qomklmk.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\qomlmno.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\qomnlkj.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\qomnnkl.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\rqroljk.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\rqropnk.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\rqrpopp.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\rqrsqnm.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\ssqrono.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\ssqrqro.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\tuvwtsr.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\tuvwwwx.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\tuvwxur.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\urqnljg.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\urqrqro.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\vtuutrq.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\vtuuusq.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\vtuuuus.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\wvursrr.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\wvusqqr.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\wvusrqp.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\wvutqpp.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\wvutspn.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\wvutstt.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\wvuurqr.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\xxyvuvw.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\xxywwtr.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\xxywwwx.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\yaywxyw.dll.vir -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079478.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079479.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079480.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079481.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079482.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079483.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079484.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079485.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079486.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079487.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079488.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079489.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079490.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079491.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079492.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079493.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079494.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079495.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079496.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079497.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079498.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079499.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079500.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079501.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079502.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079503.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079504.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079505.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079506.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079507.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079508.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079509.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079510.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079511.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079512.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079513.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079514.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079515.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079516.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079517.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079518.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079519.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079520.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079521.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079522.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079523.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079524.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079525.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079526.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079527.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079528.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079529.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079530.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079531.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079532.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079533.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079534.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079535.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079536.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079537.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079538.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079539.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079540.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079541.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079542.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079543.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079544.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079545.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079546.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079547.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079548.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079549.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079550.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079551.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079552.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079553.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079554.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079555.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079556.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079557.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079558.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079560.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP161\A0060316.exe/hamma.exe -> Backdoor.Bifrost : Nettoyé.
    C:\Documents and Settings\Maxime\Mes documents\Mes fichiers reçus\photo album.zip/photo album2007.pif -> Backdoor.IRCBot.aaq : Nettoyé.
    C:\Program Files\MSN Messenger\msnmsgr.exe -> Backdoor.MSNMaker.ag : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP226\A0079252.com -> Backdoor.MSNMaker.ag : Nettoyé.
    :mozilla.594:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.595:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.596:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.597:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.598:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.599:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.600:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.528:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.529:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.530:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.531:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.532:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.533:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.534:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.535:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.536:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@incredimailltd.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@sfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.548:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
    :mozilla.550:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
    :mozilla.551:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@www.adobe[1].txt -> TrackingCookie.Adobe : Nettoyé.
    :mozilla.107:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
    :mozilla.108:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
    :mozilla.100:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.105:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.106:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.94:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.95:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.311:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
    :mozilla.29:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
    :mozilla.28:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@casalemedia[1].txt -> TrackingCookie.Casalemedia : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@banner.casinoking[2].txt -> TrackingCookie.Casinoking : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@casinoking[2].txt -> TrackingCookie.Casinoking : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@casinotropez[2].txt -> TrackingCookie.Casinotropez : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@www.casinotropez[1].txt -> TrackingCookie.Casinotropez : Nettoyé.
    :mozilla.113:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.114:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.115:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.116:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.117:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@connextra[2].txt -> TrackingCookie.Connextra : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Nettoyé.
    :mozilla.809:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyé.
    :mozilla.810:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyé.
    :mozilla.811:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyé.
    :mozilla.812:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Nettoyé.
    :mozilla.109:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé.
    :mozilla.170:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@as1.falkag[1].txt -> TrackingCookie.Falkag : Nettoyé.
    :mozilla.396:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
    :mozilla.397:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
    :mozilla.398:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
    :mozilla.399:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@banner.goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Nettoyé.
    :mozilla.507:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.702:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.765:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.856:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@banner.grandonline[2].txt -> TrackingCookie.Grandonline : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@grandonline[2].txt -> TrackingCookie.Grandonline : Nettoyé.
    :mozilla.264:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.265:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.266:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.633:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@ehg-cogemag.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@ehg-deltatre.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@ehg-telecomitalia.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.871:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
    :mozilla.872:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
    :mozilla.65:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Information : Nettoyé.
    :mozilla.66:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Information : Nettoyé.
    :mozilla.67:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Information : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@ivwbox[1].txt -> TrackingCookie.Ivwbox : Nettoyé.
    :mozilla.358:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Live : Nettoyé.
    :mozilla.359:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Live : Nettoyé.
    :mozilla.360:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Live : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@search.live[1].txt -> TrackingCookie.Live : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@lop[1].txt -> TrackingCookie.Lop : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@www.lop[2].txt -> TrackingCookie.Lop : Nettoyé.
    :mozilla.127:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
    :mozilla.128:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@mediaplex[2].txt -> TrackingCookie.Mediaplex : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@ie.search.msn[2].txt -> TrackingCookie.Msn : Nettoyé.
    :mozilla.18:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
    :mozilla.171:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
    :mozilla.172:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
    :mozilla.173:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@perf.overture[1].txt -> TrackingCookie.Overture : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@www.paypal[1].txt -> TrackingCookie.Paypal : Nettoyé.
    :mozilla.794:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé.
    :mozilla.409:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
    :mozilla.410:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
    :mozilla.411:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
    :mozilla.412:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
    :mozilla.413:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
    :mozilla.414:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
    :mozilla.415:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
    :mozilla.416:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
    :mozilla.417:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
    :mozilla.418:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
    :mozilla.419:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@stats2.reliablestats[1].txt -> TrackingCookie.Reliablestats : Nettoyé.
    :mozilla.64:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Revenue : Nettoyé.
    :mozilla.388:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.389:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.390:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.391:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.392:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.393:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.577:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
    :mozilla.578:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
    :mozilla.579:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
    :mozilla.580:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
    :mozilla.581:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
    :mozilla.582:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
    :mozilla.583:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
    :mozilla.584:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
    :mozilla.585:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
    :mozilla.586:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Nettoyé.
    :mozilla.193:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Sextracker : Nettoyé.
    :mozilla.194:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Sextracker : Nettoyé.
    :mozilla.15:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.7:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.8:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.9:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.438:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé.
    :mozilla.439:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé.
    :mozilla.440:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé.
    :mozilla.443:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@toplist[1].txt -> TrackingCookie.Toplist : Nettoyé.
    :mozilla.40:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.41:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.42:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.43:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.718:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@valueclick[1].txt -> TrackingCookie.Valueclick : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@www.vegasred[1].txt -> TrackingCookie.Vegasred : Nettoyé.
    :mozilla.11:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.12:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.13:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.14:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
    :mozilla.401:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Nettoyé.
    :mozilla.59:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.60:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.61:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.62:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.63:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.568:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
    :mozilla.569:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
    :mozilla.570:C:\Documents and Settings\Maxime\Application Data\Mozilla\Firefox\Profiles\t4hfwtgv.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
    C:\Documents and Settings\Maxime\Cookies\maxime@zedo[2].txt -> TrackingCookie.Zedo : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\agxrckml.exe.vir -> Trojan.Agent.aoy : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\vhqjhtbu.exe.vir -> Trojan.Agent.aoy : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079476.exe -> Trojan.Agent.aoy : Nettoyé.
    C:\System Volume Information\_restore{3E1B41DE-F15E-406D-B57D-9C18852071CA}\RP227\A0079477.exe -> Trojan.Agent.aoy : Nettoyé.
    C:\_OTMoveIt\MovedFiles\Program Files\Adverts\uninst.exe -> Trojan.Obfuscated.en : Nettoyé.


    Fin du rapport

    27 Juin 2007 23:10:58

    Logfile of HijackThis v1.99.1
    Scan saved at 23:10, on 2007-06-27
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Logitech\Video\CameraAssistant.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Lexmark 4300 Series\lxcemon.exe
    C:\Program Files\Lexmark 4300 Series\ezprint.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\lvcomsx.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Electronic Arts\EA Link\Core.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Maxime\Bureau\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
    O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    28 Juin 2007 13:21:59

    up
    a b 8 Sécurité
    28 Juin 2007 13:27:05

    Ton pc se comporte mieux ?
    28 Juin 2007 13:43:04

    oui :D 
    merci a toi
    tu ma vraiment très bien dépanner
    maintenant je sais où m'adresser si j'ai un souci et à qui
    encore merci
    merci et bonne aprèm
    a b 8 Sécurité
    28 Juin 2007 14:06:51

    Des questions ?
    2 Juillet 2007 01:32:55

    Bonjour,
    je viens de lire l'aide apportée précieuse aux virus de type "retadpu420.exe/upx.
    Je suis perdue car je viens de l'avoir depuis cet après midi et je me demande si je peux suivre la meme procedure que celle décrite précédemment.
    Pourriez vous m'aider svp, mes anti virus "avast" ni adaware" ni regcleaner n'ont su me l'enlever.
    Et le message "windows ne trouve pas le fichier retadup420.exe" apparaît sans cesse, et "avast" donne sans cesse l'alerte.
    De plus, mes contacts msn attrapent ce virus à tour de rôle.
    Que faire??? svp svp svp
    Puis je suivre la meme procédure ?
    Mille mercis
    2 Juillet 2007 01:34:02

    Bonjour,
    je viens de lire l'aide apportée précieuse aux virus de type "retadpu420.exe/upx.
    Je suis perdue car je viens de l'avoir depuis cet après midi et je me demande si je peux suivre la meme procedure que celle décrite précédemment.
    Pourriez vous m'aider svp, mes anti virus "avast" ni adaware" ni regcleaner n'ont su me l'enlever.
    Et le message "windows ne trouve pas le fichier retadup420.exe" apparaît sans cesse, et "avast" donne sans cesse l'alerte.
    De plus, mes contacts msn attrapent ce virus à tour de rôle.
    Que faire??? svp svp svp
    Puis je suivre la meme procédure ?
    Mille mercis
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS