Se connecter / S'enregistrer
Votre question

[résolu]virus msn retdpu1000627

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
26 Juin 2007 17:00:41

bonjour j'ai comme pa mal de personne cliquer sur le lien est ce vous sur la photo et mintenant j'arrive plus a me débarrasser de ce virus voila le rapport hiackthis merci d'avance

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17:00:18, on 26/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files2\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files2\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files2\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\fdijlbuo.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files2\D-Tools\daemon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files2\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files2\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files2\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\M et Mme RABEAU\Mes documents\logiciel\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\xmydlqjt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8F79D62C-A3FA-4316-AB09-0FEF6663FD88} - C:\WINDOWS\system32\ddabb.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\byxxvtr.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files2\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files2\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files2\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files2\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\ieerpcfe.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: Interface Chat Voila - http://chat7.x-echo.com/version7/Applet/vchatsign.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall....
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scann...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate- Activex Control) - http://support.fujitsu-siemens.de/DeskUpdate/isapi/acti...
O20 - Winlogon Notify: byxxvtr - C:\WINDOWS\SYSTEM32\byxxvtr.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files2\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files2\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files2\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files2\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\fdijlbuo.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 10912 bytes

Autres pages sur : resolu virus msn retdpu1000627

a b 8 Sécurité
26 Juin 2007 17:05:38

Bonjour,

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    26 Juin 2007 17:26:59

    voila les résultats

    VundoFix V6.5.1

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Scan started at 15:58:54 26/06/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\bbadd.bak1
    C:\WINDOWS\system32\bbadd.bak2
    C:\WINDOWS\system32\bbadd.ini
    C:\WINDOWS\system32\ddabb.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\bbadd.bak1
    C:\WINDOWS\system32\bbadd.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\bbadd.bak2
    C:\WINDOWS\system32\bbadd.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\bbadd.ini
    C:\WINDOWS\system32\bbadd.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ddabb.dll
    C:\WINDOWS\system32\ddabb.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.5.1

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Scan started at 17:06:48 26/06/2007

    Listing files found while scanning....

    No infected files were found.


    Beginning removal...

    VundoFix V6.5.1

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Scan started at 17:11:30 26/06/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\knnmp.bak1
    C:\WINDOWS\system32\knnmp.ini
    C:\WINDOWS\system32\pmnnk.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\knnmp.bak1
    C:\WINDOWS\system32\knnmp.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\knnmp.ini
    C:\WINDOWS\system32\knnmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnnk.dll
    C:\WINDOWS\system32\pmnnk.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\pmnnk.dll
    C:\WINDOWS\system32\pmnnk.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    hijackthis

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 17:26:30, on 26/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files2\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files2\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\fdijlbuo.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files2\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files2\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files2\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files2\D-Tools\daemon.exe
    C:\Program Files2\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Logitech\Profiler\lwemon.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\M et Mme RABEAU\Mes documents\logiciel\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\xmydlqjt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8F79D62C-A3FA-4316-AB09-0FEF6663FD88} - C:\WINDOWS\system32\ddabb.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {C0645C85-31A1-488F-AEA0-A202F48A0944} - C:\WINDOWS\system32\pmnnk.dll (file missing)
    O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\byxxvtr.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
    O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files2\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [Babylon Client] C:\Program Files2\Babylon\Babylon.exe -AutoStart
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files2\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files2\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\ieerpcfe.dll",forkonce
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O16 - DPF: Interface Chat Voila - http://chat7.x-echo.com/version7/Applet/vchatsign.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall....
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scann...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate- Activex Control) - http://support.fujitsu-siemens.de/DeskUpdate/isapi/acti...
    O20 - Winlogon Notify: byxxvtr - C:\WINDOWS\SYSTEM32\byxxvtr.dll
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files2\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files2\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files2\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files2\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\fdijlbuo.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

    --
    End of file - 10990 bytes

    encore merci pou l'aide
    Contenus similaires
    Pas de réponse à votre question ? Demandez !
    a b 8 Sécurité
    26 Juin 2007 17:39:06

    Re,

  • Télécharge combofix.exe (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    26 Juin 2007 17:58:29

    voila le rapport

    ComboFix 07-06-26.8 - Service Pack 2 NTFS

    ((((((((((((((((((((((((( Files Created from 2007-05-26 to 2007-06-26 )))))))))))))))))))))))))))))))



    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\awtqnll.dll
    C:\WINDOWS\system32\byxwwtq.dll
    C:\WINDOWS\system32\cbxusrp.dll
    C:\WINDOWS\system32\cbxxwvu.dll
    C:\WINDOWS\system32\cbxyvur.dll
    C:\WINDOWS\system32\ddcyawt.dll
    C:\WINDOWS\system32\efcbxxw.dll
    C:\WINDOWS\system32\efccbyv.dll
    C:\WINDOWS\system32\efcyxwu.dll
    C:\WINDOWS\system32\jkkifdd.dll
    C:\WINDOWS\system32\ljjghed.dll
    C:\WINDOWS\system32\ljjhhee.dll
    C:\WINDOWS\system32\ljjhige.dll
    C:\WINDOWS\system32\mljhfdd.dll
    C:\WINDOWS\system32\mljkjif.dll
    C:\WINDOWS\system32\nnnmlmk.dll
    C:\WINDOWS\system32\nnnolji.dll
    C:\WINDOWS\system32\opnkkig.dll
    C:\WINDOWS\system32\opnomkl.dll
    C:\WINDOWS\system32\pmnoomm.dll
    C:\WINDOWS\system32\rqrqnlk.dll
    C:\WINDOWS\system32\rqrsrro.dll
    C:\WINDOWS\system32\ssqnonk.dll
    C:\WINDOWS\system32\tuvtqqr.dll
    C:\WINDOWS\system32\vturomn.dll
    C:\WINDOWS\system32\vtuuvtu.dll
    C:\WINDOWS\system32\yaywxvw.dll
    C:\WINDOWS\system32\yayxyvs.dll
    C:\WINDOWS\system32\byxxvtr.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\METMME~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\6387KTAU\www.broadcaster.com
    C:\DOCUME~1\METMME~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
    C:\DOCUME~1\METMME~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
    C:\WINDOWS\system32\bvhjyf.dat
    C:\WINDOWS\system32\bvhjyf.exe
    C:\WINDOWS\system32\bvhjyf_nav.dat
    C:\WINDOWS\system32\bvhjyf_navps.dat
    C:\WINDOWS\system32\fdijlbuo.exe
    C:\WINDOWS\system32\nvs2.inf


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_DOMAINSERVICE
    -------\DomainService


    ((((((((((((((((((((((((( Files Created from 2007-05-26 to 2007-06-26 )))))))))))))))))))))))))))))))


    2007-06-26 17:41 49,152 --a------ C:\WINDOWS\nircmd.exe
    2007-06-26 17:41 49,152 --a------ C:\WINDOWS\nircmd.exe
    2007-06-26 17:06 31,254 --a------ C:\WINDOWS\system32\cbxusrp.dll
    2007-06-26 17:03 31,254 --a------ C:\WINDOWS\system32\efcbxxw.dll
    2007-06-26 16:59 31,254 --a------ C:\WINDOWS\system32\cbxyvur.dll
    2007-06-26 16:56 31,254 --a------ C:\WINDOWS\system32\cbxxwvu.dll
    2007-06-26 16:53 31,254 --a------ C:\WINDOWS\system32\opnomkl.dll
    2007-06-26 16:49 31,254 --a------ C:\WINDOWS\system32\ddcyawt.dll
    2007-06-26 16:46 31,254 --a------ C:\WINDOWS\system32\efccbyv.dll
    2007-06-26 16:43 31,254 --a------ C:\WINDOWS\system32\yaywxvw.dll
    2007-06-26 16:39 31,254 --a------ C:\WINDOWS\system32\vturomn.dll
    2007-06-26 16:36 31,254 --a------ C:\WINDOWS\system32\rqrsrro.dll
    2007-06-26 16:33 31,254 --a------ C:\WINDOWS\system32\rqrqnlk.dll
    2007-06-26 16:29 31,254 --a------ C:\WINDOWS\system32\vtuuvtu.dll
    2007-06-26 16:26 31,254 --a------ C:\WINDOWS\system32\tuvtqqr.dll
    2007-06-26 16:23 31,254 --a------ C:\WINDOWS\system32\efcyxwu.dll
    2007-06-26 16:19 31,254 --a------ C:\WINDOWS\system32\nnnmlmk.dll
    2007-06-26 16:16 31,254 --a------ C:\WINDOWS\system32\awtqnll.dll
    2007-06-26 16:13 31,254 --a------ C:\WINDOWS\system32\ssqnonk.dll
    2007-06-26 16:09 71,411 --a------ C:\WINDOWS\system32\call.exe
    2007-06-26 16:09 71,411 --a------ C:\WINDOWS\system32\call.exe
    2007-06-26 16:09 31,254 --a------ C:\WINDOWS\system32\opnkkig.dll
    2007-06-26 16:01 31,254 --a------ C:\WINDOWS\system32\mljkjif.dll
    2007-06-26 15:58 31,254 --a------ C:\WINDOWS\system32\mljhfdd.dll
    2007-06-26 15:58 <REP> d-------- C:\VundoFix Backups
    2007-06-26 15:58 <REP> d-------- C:\VundoFix Backups
    2007-06-26 15:55 31,254 --a------ C:\WINDOWS\system32\nnnolji.dll
    2007-06-26 15:51 31,254 --a------ C:\WINDOWS\system32\ljjhhee.dll
    2007-06-26 15:48 31,254 --a------ C:\WINDOWS\system32\yayxyvs.dll
    2007-06-26 15:45 31,254 --a------ C:\WINDOWS\system32\ljjhige.dll
    2007-06-26 15:41 31,254 --a------ C:\WINDOWS\system32\byxwwtq.dll
    2007-06-26 15:39 66,112 --a------ C:\WINDOWS\system32\xmydlqjt.dll
    2007-06-26 15:39 66,112 --a------ C:\WINDOWS\system32\xmydlqjt.dll
    2007-06-26 15:38 31,254 --a------ C:\WINDOWS\system32\pmnoomm.dll
    2007-06-26 15:35 31,254 --a------ C:\WINDOWS\system32\ljjghed.dll
    2007-06-26 15:33 4,672 --a------ C:\WINDOWS\system32\sthrdafg.exe
    2007-06-26 15:33 4,672 --a------ C:\WINDOWS\system32\sthrdafg.exe
    2007-06-26 15:33 128,576 --a------ C:\WINDOWS\system32\ieerpcfe.dll
    2007-06-26 15:33 128,576 --a------ C:\WINDOWS\system32\ieerpcfe.dll
    2007-06-26 15:33 122,944 --a------ C:\WINDOWS\system32\fdijlbuo.exe
    2007-06-26 15:31 71,411 --a------ C:\call.exe
    2007-06-26 15:31 71,411 --a------ C:\call.exe
    2007-06-26 15:31 31,254 --a------ C:\WINDOWS\system32\jkkifdd.dll
    2007-06-26 15:31 239,715 --a------ C:\services.exe
    2007-06-26 15:31 239,715 --a------ C:\services.exe
    2007-06-25 21:45 31,254 --a------ C:\WINDOWS\system32\byxxvtr.dll
    2007-06-19 13:10 450,048 --a------ C:\WINDOWS\system32\bvhjyf.exe
    2007-06-19 13:10 4,605 --a------ C:\WINDOWS\system32\bvhjyf.dat
    2007-06-19 13:10 254,865 --a------ C:\WINDOWS\system32\bvhjyf_nav.dat
    2007-06-19 13:10 2,436 --a------ C:\WINDOWS\system32\bvhjyf_navps.dat
    2007-06-04 09:04 <REP> d-------- C:\DOCUME~1\METMME~1\APPLIC~1\ArcSoft


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-26 15:54:12 -------- d-----w C:\Program Files\Wanadoo
    2007-06-25 19:53:35 -------- d-----w C:\DOCUME~1\METMME~1\APPLIC~1\Canon
    2007-06-25 19:46:10 -------- d-----w C:\Program Files\MSN Messenger
    2007-06-22 19:34:14 -------- d-----w C:\DOCUME~1\METMME~1\APPLIC~1\Azureus
    2007-06-13 14:12:11 -------- d-----w C:\Program Files\Pomo
    2007-05-31 19:56:07 -------- d-----w C:\DOCUME~1\METMME~1\APPLIC~1\U3
    2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-11 22:30:52 -------- d--h--r C:\DOCUME~1\METMME~1\APPLIC~1\SecuROM
    2007-05-11 22:30:51 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-05-11 18:16:53 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-05-10 18:08:39 81,920 ----a-w C:\WINDOWS\ALCFDRTM.EXE
    2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38]
    {1F6581D5-AA53-4b73-A6F9-41420C6B61F1}=C:\WINDOWS\system32\xmydlqjt.dll [2007-06-26 15:39]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 04:25]
    {8F79D62C-A3FA-4316-AB09-0FEF6663FD88}=C:\WINDOWS\system32\ddabb.dll []
    {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 13:32]
    {C0645C85-31A1-488F-AEA0-A202F48A0944}=C:\WINDOWS\system32\pmnnk.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nwiz"="nwiz.exe" [2005-07-20 22:07 C:\WINDOWS\system32\nwiz.exe]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
    "SoundMan"="SOUNDMAN.EXE" [2005-08-18 15:38 C:\WINDOWS\SOUNDMAN.EXE]
    "AlcWzrd"="ALCWZRD.EXE" [2005-07-26 17:54 C:\WINDOWS\ALCWZRD.EXE]
    "Alcmtr"="ALCMTR.EXE" [2005-05-03 19:43 C:\WINDOWS\ALCMTR.EXE]
    "012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678"="C:\Program Files\user32.exe" [2006-08-17 16:39]
    "avast!"="C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
    "OpwareSE2"="C:\Program Files2\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10]
    "Babylon Client"="C:\Program Files2\Babylon\Babylon.exe" [2005-06-27 17:36]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55]
    "DAEMON Tools-1033"="C:\Program Files2\D-Tools\daemon.exe" [2004-08-22 18:05]
    "QuickTime Task"="C:\Program Files2\QuickTime\qttask.exe" [2006-09-01 16:57]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
    "Start WingMan Profiler"="C:\Program Files\Logitech\Profiler\lwemon.exe" [2003-08-07 11:39]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 15:50]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be9351aa-375c-11db-8080-000e50344878}]
    AutoRun\command- G:\LaunchU3.exe


    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
    rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

    Contents of the 'Scheduled Tasks' folder
    2007-01-27 19:00:00 C:\WINDOWS\tasks\At4.job
    2007-01-28 09:02:32 C:\WINDOWS\tasks\At6.job
    2007-01-28 09:02:32 C:\WINDOWS\tasks\At7.job
    2007-01-27 19:00:00 C:\WINDOWS\tasks\At8.job

    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-26 17:54:30
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-06-26 17:55:18 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-06-26 17:55

    --- E O F ---
    26 Juin 2007 18:00:50

    et sa c'est le combofix quarantined files

    1. 2007-02-20 19:07 22 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nvs2.inf.vir
    2. 2007-04-30 19:38 89 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\METMME~1\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol.vir
    3. 2007-06-19 13:10 450048 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\bvhjyf.exe.vir
    4. 2007-06-21 18:13 254865 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\bvhjyf_nav.dat.vir
    5. 2007-06-25 21:45 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\byxxvtr.dll.vir
    6. 2007-06-26 15:31 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jkkifdd.dll.vir
    7. 2007-06-26 15:33 122944 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\fdijlbuo.exe.vir
    8. 2007-06-26 15:35 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ljjghed.dll.vir
    9. 2007-06-26 15:38 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pmnoomm.dll.vir
    10. 2007-06-26 15:41 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\byxwwtq.dll.vir
    11. 2007-06-26 15:45 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ljjhige.dll.vir
    12. 2007-06-26 15:48 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\yayxyvs.dll.vir
    13. 2007-06-26 15:51 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ljjhhee.dll.vir
    14. 2007-06-26 15:55 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nnnolji.dll.vir
    15. 2007-06-26 15:58 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mljhfdd.dll.vir
    16. 2007-06-26 16:01 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mljkjif.dll.vir
    17. 2007-06-26 16:09 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\opnkkig.dll.vir
    18. 2007-06-26 16:13 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqnonk.dll.vir
    19. 2007-06-26 16:16 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\awtqnll.dll.vir
    20. 2007-06-26 16:19 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nnnmlmk.dll.vir
    21. 2007-06-26 16:23 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\efcyxwu.dll.vir
    22. 2007-06-26 16:26 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvtqqr.dll.vir
    23. 2007-06-26 16:29 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vtuuvtu.dll.vir
    24. 2007-06-26 16:33 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rqrqnlk.dll.vir
    25. 2007-06-26 16:36 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rqrsrro.dll.vir
    26. 2007-06-26 16:39 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vturomn.dll.vir
    27. 2007-06-26 16:43 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\yaywxvw.dll.vir
    28. 2007-06-26 16:46 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\efccbyv.dll.vir
    29. 2007-06-26 16:49 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ddcyawt.dll.vir
    30. 2007-06-26 16:53 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\opnomkl.dll.vir
    31. 2007-06-26 16:56 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cbxxwvu.dll.vir
    32. 2007-06-26 16:59 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cbxyvur.dll.vir
    33. 2007-06-26 17:03 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\efcbxxw.dll.vir
    34. 2007-06-26 17:06 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cbxusrp.dll.vir
    35. 2007-06-26 17:47 2436 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\bvhjyf_navps.dat.vir
    36. 2007-06-26 17:47 4605 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\bvhjyf.dat.vir
    37. 2007-06-26 17:49 1098 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_DOMAINSERVICE.reg.cf
    38. 2007-06-26 17:49 2956 --a------ C:\Qoobox\Quarantine\Registry_backups\services_DomainService.reg.cf
    39. 2007-06-26 17:51 53 --a------ C:\Qoobox\Quarantine\catchme.log
    40.  
    41.  
    42. Structure du dossier
    43. Le num‚ro de s‚rie du volume est 283F-7E79
    44. C:\QOOBOX
    45. \---Quarantine
    46. | catchme.log
    47. |
    48. +---C
    49. | +---DOCUME~1
    50. | | \---METMME~1
    51. | | \---APPLIC~1
    52. | | \---Macromedia
    53. | | \---Flash Player
    54. | | \---macromedia.com
    55. | | \---support
    56. | | \---flashplayer
    57. | | \---sys
    58. | | \---#www.broadcaster.com
    59. | | settings.sol.vir
    60. | |
    61. | \---WINDOWS
    62. | \---system32
    63. | awtqnll.dll.vir
    64. | bvhjyf.dat.vir
    65. | bvhjyf.exe.vir
    66. | bvhjyf_nav.dat.vir
    67. | bvhjyf_navps.dat.vir
    68. | byxwwtq.dll.vir
    69. | byxxvtr.dll.vir
    70. | cbxusrp.dll.vir
    71. | cbxxwvu.dll.vir
    72. | cbxyvur.dll.vir
    73. | ddcyawt.dll.vir
    74. | efcbxxw.dll.vir
    75. | efccbyv.dll.vir
    76. | efcyxwu.dll.vir
    77. | fdijlbuo.exe.vir
    78. | jkkifdd.dll.vir
    79. | ljjghed.dll.vir
    80. | ljjhhee.dll.vir
    81. | ljjhige.dll.vir
    82. | mljhfdd.dll.vir
    83. | mljkjif.dll.vir
    84. | nnnmlmk.dll.vir
    85. | nnnolji.dll.vir
    86. | nvs2.inf.vir
    87. | opnkkig.dll.vir
    88. | opnomkl.dll.vir
    89. | pmnoomm.dll.vir
    90. | rqrqnlk.dll.vir
    91. | rqrsrro.dll.vir
    92. | ssqnonk.dll.vir
    93. | tuvtqqr.dll.vir
    94. | vturomn.dll.vir
    95. | vtuuvtu.dll.vir
    96. | yaywxvw.dll.vir
    97. | yayxyvs.dll.vir
    98. |
    99. \---Registry_backups
    100. LEGACY_DOMAINSERVICE.reg.cf
    101. services_DomainService.reg.cf

    a b 8 Sécurité
    26 Juin 2007 18:04:44

    Reposte un rapport Hijackthis.
    26 Juin 2007 18:07:34

    voila
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 18:07:15, on 26/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files2\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files2\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files2\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files2\D-Tools\daemon.exe
    C:\Program Files2\QuickTime\qttask.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Profiler\lwemon.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files2\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files2\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\M et Mme RABEAU\Mes documents\logiciel\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\xmydlqjt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8F79D62C-A3FA-4316-AB09-0FEF6663FD88} - C:\WINDOWS\system32\ddabb.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {C0645C85-31A1-488F-AEA0-A202F48A0944} - C:\WINDOWS\system32\pmnnk.dll (file missing)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files2\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [Babylon Client] C:\Program Files2\Babylon\Babylon.exe -AutoStart
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files2\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files2\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O16 - DPF: Interface Chat Voila - http://chat7.x-echo.com/version7/Applet/vchatsign.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall....
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scann...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate- Activex Control) - http://support.fujitsu-siemens.de/DeskUpdate/isapi/acti...
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files2\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files2\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files2\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files2\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

    --
    End of file - 10356 bytes
    a b 8 Sécurité
    26 Juin 2007 18:17:16

    Re,

    Télécharge Clean.zip (de Malekal),
    Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
    Ouvre le dossier clean, double-clique sur clean.cmd.
    Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
    26 Juin 2007 18:31:07

    voila le rapport

    26/06/2007 a 18:27:05.17

    *** Recherche des fichiers dans C:
    C:\StubInstaller.exe FOUND

    *** Recherche des fichiers dans C:\WINDOWS\
    C:\WINDOWS\windebug.log FOUND
    C:\WINDOWS\windebug.log FOUND
    C:\WINDOWS\patcher.exe FOUND

    *** Recherche des fichiers dans C:\WINDOWS\system32
    C:\WINDOWS\system32\bdod.bin FOUND

    *** Recherche des fichiers dans C:\Program Files
    "C:\Program Files\serial.zip" FOUND
    "C:\Program Files\serial.dat" FOUND
    "C:\Program Files\serial.zip" FOUND
    "C:\Program Files\user32.exe" FOUND
    "C:\Program Files\patcher.exe" FOUND
    *** Fin du rapport !
    a b 8 Sécurité
    26 Juin 2007 18:45:58

    Re,

    Télécharge puis installe AVG Anti-Spyware (AVG AS)
    Fais les mises à jour mais ne lance pas de scan pour le moment.
    AIDE : Tuto sur AVG Anti-Spyware (Malekal)

    Redémarre en mode sans échec

    Relance AVG AS :
    - Choisis l'onglet "Analyse"
    - Puis l'onglet "Paramètres"
    - Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
    - Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

    [#ff0000]Si un fichier est infecté en fin d'analyse, clique sur "Appliquer toutes les actions"[/#f]

    Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
    Enregistre ce fichier texte sur ton bureau.

    Ouvre le dossier clean, double-clique sur clean.cmd.
    Choisis l'option 2 puis patiente.

    Redémarre normalement.
    Poste le rapport AVG AS ainsi qu'un rapport Hijackthis.

    Poste le rapport clean : C:\rapport_clean.txt
    26 Juin 2007 21:00:51

    voila le rapport du scan de AVG
    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 20:32:14 26/06/2007

    + Résultat de l'analyse:



    C:\Program Files\patcher.exe -> Adware.Generic : Aucune action entreprise.
    C:\Program Files\serial.dat -> Adware.Generic : Aucune action entreprise.
    C:\Program Files\serial.zip -> Adware.Generic : Aucune action entreprise.
    C:\Program Files\user32.exe -> Adware.Generic : Aucune action entreprise.
    C:\QooBox\Quarantine\C\WINDOWS\system32\awtqnll.dll.vir -> Adware.Virtumonde : Aucune action entreprise.
    C:\QooBox\Quarantine\C\WINDOWS\system32\byxwwtq.dll.vir -> Adware.Virtumonde : Aucune action entreprise.
    C:\QooBox\Quarantine\C\WINDOWS\system32\byxxvtr.dll.vir -> Adware.Virtumonde : Aucune action entreprise.
    C:\QooBox\Quarantine\C\WINDOWS\system32\cbxusrp.dll.vir -> Adware.Virtumonde : Aucune action entreprise.
    C:\QooBox\Quarantine\C\WINDOWS\system32\cbxxwvu.dll.vir -> Adware.Virtumonde : Aucune action entreprise.
    C:\QooBox\Quarantine\C\WINDOWS\system32\cbxyvur.dll.vir -> Adware.Virtumonde : Aucune action entreprise.
    C:\QooBox\Quarantine\C\WINDOWS\system32\ddcyawt.dll.vir -> Adware.Virtumonde : Aucune action entreprise.
    C:\QooBox\Quarantine\C\WINDOWS\system32\efcbxxw.dll.vir -> Adware.Virtumonde : Aucune action entreprise.
    C:\QooBox\Quarantine\C\WINDOWS\system32\efccbyv.dll.vir -> Adware.Virtumonde : Aucune action entreprise.
    C:\QooBox\Quarantine\C\WINDOWS\system32\efcyxwu.dll.vir -> Adware.Virtumonde : Aucune action entreprise.
    C:\QooBox\Quarantine\C\WINDOWS\system32\jkkifdd.dll.vir -> Adware.Virtumonde : Aucune action entreprise.
    C:\QooBox\Quarantine\C\WINDOWS\system32\ljjghed.dll.vir -> Adware.Virtumonde : Aucune action entreprise.
    C:\QooBox\Quarantine\C\WINDOWS\system32\ljjhhee.dll.vir -> Adware.Virtumonde : Aucune action entreprise.
    C:\QooBox\Quarantine\C\WINDOWS\system32\ljjhige.dll.vir -> Adware.Virtumonde : Aucune action entreprise.
    C:\QooBox\Quarantine\C\WINDOWS\system32\mljhfdd.dll.vir -> Adware.Virtumonde : Aucune action entreprise.
    C:\QooBox\Quarantine\C\WINDOWS\system32\mljkjif.dll.vir -> Adware.Virtumonde : Aucune action entreprise.
    C:\QooBox\Quarantine\C\WINDOWS\system32\nnnmlmk.dll.vir -> Adware.Virtumonde : Aucune action entreprise.
    C:\QooBox\Quarantine\C\WINDOWS\system32\nnnolji.dll.vir -> Adware.Virtumonde : Aucune action entreprise.
    C:\QooBox\Quarantine\C\WINDOWS\system32\opnkkig.dll.vir -> Adware.Virtumonde : Aucune action entreprise.
    C:\QooBox\Quarantine\C\WINDOWS\system32\opnomkl.dll.vir -> Adware.Virtumonde : Aucune action entreprise.
    C:\QooBox\Quarantine\C\WINDOWS\system32\pmnoomm.dll.vir -> Adware.Virtumonde : Aucune action entreprise.
    C:\QooBox\Quarantine\C\WINDOWS\system32\rqrqnlk.dll.vir -> Adware.Virtumonde : Aucune action entreprise.
    C:\QooBox\Quarantine\C\WINDOWS\system32\rqrsrro.dll.vir -> Adware.Virtumonde : Aucune action entreprise.
    C:\QooBox\Quarantine\C\WINDOWS\system32\ssqnonk.dll.vir -> Adware.Virtumonde : Aucune action entreprise.
    C:\QooBox\Quarantine\C\WINDOWS\system32\tuvtqqr.dll.vir -> Adware.Virtumonde : Aucune action entreprise.
    C:\QooBox\Quarantine\C\WINDOWS\system32\vturomn.dll.vir -> Adware.Virtumonde : Aucune action entreprise.
    C:\QooBox\Quarantine\C\WINDOWS\system32\vtuuvtu.dll.vir -> Adware.Virtumonde : Aucune action entreprise.
    C:\QooBox\Quarantine\C\WINDOWS\system32\yaywxvw.dll.vir -> Adware.Virtumonde : Aucune action entreprise.
    C:\QooBox\Quarantine\C\WINDOWS\system32\yayxyvs.dll.vir -> Adware.Virtumonde : Aucune action entreprise.
    C:\System Volume Information\_restore{C9144B5F-D29A-41D5-AAF9-12CA4DCDCBE5}\RP264\A0073867.dll -> Adware.Virtumonde : Aucune action entreprise.
    C:\System Volume Information\_restore{C9144B5F-D29A-41D5-AAF9-12CA4DCDCBE5}\RP264\A0073868.dll -> Adware.Virtumonde : Aucune action entreprise.
    C:\System Volume Information\_restore{C9144B5F-D29A-41D5-AAF9-12CA4DCDCBE5}\RP264\A0073869.dll -> Adware.Virtumonde : Aucune action entreprise.
    C:\System Volume Information\_restore{C9144B5F-D29A-41D5-AAF9-12CA4DCDCBE5}\RP264\A0073870.dll -> Adware.Virtumonde : Aucune action entreprise.
    C:\System Volume Information\_restore{C9144B5F-D29A-41D5-AAF9-12CA4DCDCBE5}\RP264\A0073871.dll -> Adware.Virtumonde : Aucune action entreprise.
    C:\System Volume Information\_restore{C9144B5F-D29A-41D5-AAF9-12CA4DCDCBE5}\RP264\A0073872.dll -> Adware.Virtumonde : Aucune action entreprise.
    C:\System Volume Information\_restore{C9144B5F-D29A-41D5-AAF9-12CA4DCDCBE5}\RP264\A0073873.dll -> Adware.Virtumonde : Aucune action entreprise.
    C:\System Volume Information\_restore{C9144B5F-D29A-41D5-AAF9-12CA4DCDCBE5}\RP264\A0073874.dll -> Adware.Virtumonde : Aucune action entreprise.
    C:\System Volume Information\_restore{C9144B5F-D29A-41D5-AAF9-12CA4DCDCBE5}\RP264\A0073875.dll -> Adware.Virtumonde : Aucune action entreprise.
    C:\System Volume Information\_restore{C9144B5F-D29A-41D5-AAF9-12CA4DCDCBE5}\RP264\A0073876.dll -> Adware.Virtumonde : Aucune action entreprise.
    C:\System Volume Information\_restore{C9144B5F-D29A-41D5-AAF9-12CA4DCDCBE5}\RP264\A0073877.dll -> Adware.Virtumonde : Aucune action entreprise.
    C:\System Volume Information\_restore{C9144B5F-D29A-41D5-AAF9-12CA4DCDCBE5}\RP264\A0073878.dll -> Adware.Virtumonde : Aucune action entreprise.
    C:\System Volume Information\_restore{C9144B5F-D29A-41D5-AAF9-12CA4DCDCBE5}\RP264\A0073879.dll -> Adware.Virtumonde : Aucune action entreprise.
    C:\System Volume Information\_restore{C9144B5F-D29A-41D5-AAF9-12CA4DCDCBE5}\RP264\A0073880.dll -> Adware.Virtumonde : Aucune action entreprise.
    C:\System Volume Information\_restore{C9144B5F-D29A-41D5-AAF9-12CA4DCDCBE5}\RP264\A0073881.dll -> Adware.Virtumonde : Aucune action entreprise.
    C:\System Volume Information\_restore{C9144B5F-D29A-41D5-AAF9-12CA4DCDCBE5}\RP264\A0073882.dll -> Adware.Virtumonde : Aucune action entreprise.
    C:\System Volume Information\_restore{C9144B5F-D29A-41D5-AAF9-12CA4DCDCBE5}\RP264\A0073883.dll -> Adware.Virtumonde : Aucune action entreprise.
    C:\System Volume Information\_restore{C9144B5F-D29A-41D5-AAF9-12CA4DCDCBE5}\RP264\A0073884.dll -> Adware.Virtumonde : Aucune action entreprise.
    C:\System Volume Information\_restore{C9144B5F-D29A-41D5-AAF9-12CA4DCDCBE5}\RP264\A0073885.dll -> Adware.Virtumonde : Aucune action entreprise.
    C:\System Volume Information\_restore{C9144B5F-D29A-41D5-AAF9-12CA4DCDCBE5}\RP264\A0073886.dll -> Adware.Virtumonde : Aucune action entreprise.
    C:\System Volume Information\_restore{C9144B5F-D29A-41D5-AAF9-12CA4DCDCBE5}\RP264\A0073887.dll -> Adware.Virtumonde : Aucune action entreprise.
    C:\System Volume Information\_restore{C9144B5F-D29A-41D5-AAF9-12CA4DCDCBE5}\RP264\A0073888.dll -> Adware.Virtumonde : Aucune action entreprise.
    C:\System Volume Information\_restore{C9144B5F-D29A-41D5-AAF9-12CA4DCDCBE5}\RP264\A0073889.dll -> Adware.Virtumonde : Aucune action entreprise.
    C:\System Volume Information\_restore{C9144B5F-D29A-41D5-AAF9-12CA4DCDCBE5}\RP264\A0073890.dll -> Adware.Virtumonde : Aucune action entreprise.
    C:\System Volume Information\_restore{C9144B5F-D29A-41D5-AAF9-12CA4DCDCBE5}\RP264\A0073891.dll -> Adware.Virtumonde : Aucune action entreprise.
    C:\System Volume Information\_restore{C9144B5F-D29A-41D5-AAF9-12CA4DCDCBE5}\RP264\A0073892.dll -> Adware.Virtumonde : Aucune action entreprise.
    C:\System Volume Information\_restore{C9144B5F-D29A-41D5-AAF9-12CA4DCDCBE5}\RP264\A0073893.dll -> Adware.Virtumonde : Aucune action entreprise.
    C:\System Volume Information\_restore{C9144B5F-D29A-41D5-AAF9-12CA4DCDCBE5}\RP264\A0073894.dll -> Adware.Virtumonde : Aucune action entreprise.
    C:\System Volume Information\_restore{C9144B5F-D29A-41D5-AAF9-12CA4DCDCBE5}\RP264\A0073895.dll -> Adware.Virtumonde : Aucune action entreprise.
    C:\WINDOWS\patcher.exe -> Logger.Agent : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Cookies\m_et_mme_rabeau@247realmedia[1].txt -> TrackingCookie.247realmedia : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Cookies\m_et_mme_rabeau@2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Cookies\m_et_mme_rabeau@adtech[2].txt -> TrackingCookie.Adtech : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Cookies\m_et_mme_rabeau@advertising[1].txt -> TrackingCookie.Advertising : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Cookies\m_et_mme_rabeau@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Cookies\m_et_mme_rabeau@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Cookies\m_et_mme_rabeau@www.casinotropez[1].txt -> TrackingCookie.Casinotropez : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Cookies\m_et_mme_rabeau@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Cookies\m_et_mme_rabeau@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Cookies\m_et_mme_rabeau@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Cookies\m_et_mme_rabeau@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Cookies\m_et_mme_rabeau@enhance[2].txt -> TrackingCookie.Enhance : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Cookies\m_et_mme_rabeau@estat[1].txt -> TrackingCookie.Estat : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Cookies\m_et_mme_rabeau@fastclick[2].txt -> TrackingCookie.Fastclick : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Cookies\m_et_mme_rabeau@ehg-telecomitalia.hitbox[1].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Cookies\m_et_mme_rabeau@hitbox[2].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Cookies\m_et_mme_rabeau@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Cookies\m_et_mme_rabeau@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Cookies\m_et_mme_rabeau@overture[1].txt -> TrackingCookie.Overture : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Cookies\m_et_mme_rabeau@www.paypal[1].txt -> TrackingCookie.Paypal : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Cookies\m_et_mme_rabeau@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Cookies\m_et_mme_rabeau@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Cookies\m_et_mme_rabeau@serving-sys[1].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Cookies\m_et_mme_rabeau@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Cookies\m_et_mme_rabeau@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Cookies\m_et_mme_rabeau@www.vegasred[1].txt -> TrackingCookie.Vegasred : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Cookies\m_et_mme_rabeau@weborama[2].txt -> TrackingCookie.Weborama : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Cookies\m_et_mme_rabeau@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Cookies\m_et_mme_rabeau@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Cookies\m_et_mme_rabeau@c2.zedo[1].txt -> TrackingCookie.Zedo : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Cookies\m_et_mme_rabeau@zedo[1].txt -> TrackingCookie.Zedo : Aucune action entreprise.
    C:\QooBox\Quarantine\C\WINDOWS\system32\fdijlbuo.exe.vir -> Trojan.Agent.aoy : Aucune action entreprise.
    C:\System Volume Information\_restore{C9144B5F-D29A-41D5-AAF9-12CA4DCDCBE5}\RP264\A0073864.exe -> Trojan.Agent.aoy : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Mes documents\vincent\SpeedSim ogame.rar/Winrar 3.50 Crack.exe -> Trojan.Small : Aucune action entreprise.
    C:\Documents and Settings\M et Mme RABEAU\Mes documents\vincent\SpeedSim ogame\Winrar 3.50 Crack.exe -> Trojan.Small : Aucune action entreprise.


    Fin du rapport

    le rapport de clean

    Script execute en mode sans echec
    Rapport clean par Malekal_morte - http://www.malekal.com
    Script execute en mode sans echec 26/06/2007 a 20:34:46.64

    Microsoft Windows XP [version 5.1.2600]

    *** Suppression des fichiers dans C:
    tentative de suppression de C:\StubInstaller.exe

    *** Suppression des fichiers dans C:\WINDOWS\
    tentative de suppression de C:\WINDOWS\windebug.log

    *** Suppression des fichiers dans C:\WINDOWS\system32
    tentative de suppression de C:\WINDOWS\system32\bdod.bin

    *** Suppression des fichiers dans C:\Program Files

    *** Suppression des clefs du registre effectuee..
    *** Fin du rapport !

    et le hijackthis

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 21:00:09, on 26/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files2\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files2\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files2\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files2\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files2\D-Tools\daemon.exe
    C:\Program Files2\QuickTime\qttask.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files2\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Profiler\lwemon.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files2\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files2\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\M et Mme RABEAU\Mes documents\logiciel\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\xmydlqjt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8F79D62C-A3FA-4316-AB09-0FEF6663FD88} - C:\WINDOWS\system32\ddabb.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {C0645C85-31A1-488F-AEA0-A202F48A0944} - C:\WINDOWS\system32\pmnnk.dll (file missing)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files2\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [Babylon Client] C:\Program Files2\Babylon\Babylon.exe -AutoStart
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files2\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files2\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files2\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O16 - DPF: Interface Chat Voila - http://chat7.x-echo.com/version7/Applet/vchatsign.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall....
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scann...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate- Activex Control) - http://support.fujitsu-siemens.de/DeskUpdate/isapi/acti...
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files2\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files2\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files2\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files2\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files2\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

    --
    End of file - 10697 bytes

    voila j'espère que tout y est
    a b 8 Sécurité
    26 Juin 2007 21:12:00

    Tu as bien supprimé les fichiers ?
    26 Juin 2007 22:11:25

    ouai je les ai supprimer jai mis appliquer toutes les actions sur avg
    27 Juin 2007 09:22:07

    j'espère que sa les a supprimer je fai quoi maintenant
    a b 8 Sécurité
    27 Juin 2007 10:35:06

    Refais un scan Combofix.
    27 Juin 2007 12:26:53

    voila le rapport

    2007-06-27 12:21:33 - ComboFix 07-06-26.8 - Service Pack 2 NTFS


    ((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 )))))))))))))))))))))))))))))))


    2007-06-26 19:01 <REP> d-------- C:\WINDOWS\pss
    2007-06-26 18:50 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-06-26 17:41 49,152 --a------ C:\WINDOWS\nircmd.exe
    2007-06-26 16:09 71,411 --a------ C:\WINDOWS\system32\call.exe
    2007-06-26 15:58 <REP> d-------- C:\VundoFix Backups
    2007-06-26 15:39 66,112 --a------ C:\WINDOWS\system32\xmydlqjt.dll
    2007-06-26 15:33 4,672 --a------ C:\WINDOWS\system32\sthrdafg.exe
    2007-06-26 15:33 128,576 --a------ C:\WINDOWS\system32\ieerpcfe.dll
    2007-06-26 15:31 71,411 --a------ C:\call.exe
    2007-06-26 15:31 239,715 --a------ C:\services.exe
    2007-06-04 09:04 <REP> d-------- C:\DOCUME~1\METMME~1\APPLIC~1\ArcSoft


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-27 10:20:25 -------- d-----w C:\Program Files\Wanadoo
    2007-06-25 19:53:35 -------- d-----w C:\DOCUME~1\METMME~1\APPLIC~1\Canon
    2007-06-25 19:46:10 -------- d-----w C:\Program Files\MSN Messenger
    2007-06-22 19:34:14 -------- d-----w C:\DOCUME~1\METMME~1\APPLIC~1\Azureus
    2007-06-13 14:12:11 -------- d-----w C:\Program Files\Pomo
    2007-05-31 19:56:07 -------- d-----w C:\DOCUME~1\METMME~1\APPLIC~1\U3
    2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-11 22:30:52 -------- d--h--r C:\DOCUME~1\METMME~1\APPLIC~1\SecuROM
    2007-05-11 22:30:51 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-05-11 18:16:53 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-05-10 18:08:39 81,920 ----a-w C:\WINDOWS\ALCFDRTM.EXE
    2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38]
    {1F6581D5-AA53-4b73-A6F9-41420C6B61F1}=C:\WINDOWS\system32\xmydlqjt.dll [2007-06-26 15:39]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 04:25]
    {8F79D62C-A3FA-4316-AB09-0FEF6663FD88}=C:\WINDOWS\system32\ddabb.dll []
    {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 13:32]
    {C0645C85-31A1-488F-AEA0-A202F48A0944}=C:\WINDOWS\system32\pmnnk.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nwiz"="nwiz.exe" [2005-07-20 22:07 C:\WINDOWS\system32\nwiz.exe]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
    "SoundMan"="SOUNDMAN.EXE" [2005-08-18 15:38 C:\WINDOWS\SOUNDMAN.EXE]
    "AlcWzrd"="ALCWZRD.EXE" [2005-07-26 17:54 C:\WINDOWS\ALCWZRD.EXE]
    "Alcmtr"="ALCMTR.EXE" [2005-05-03 19:43 C:\WINDOWS\ALCMTR.EXE]
    "012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678"="C:\Program Files\user32.exe" []
    "avast!"="C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
    "OpwareSE2"="C:\Program Files2\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10]
    "Babylon Client"="C:\Program Files2\Babylon\Babylon.exe" [2005-06-27 17:36]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55]
    "DAEMON Tools-1033"="C:\Program Files2\D-Tools\daemon.exe" [2004-08-22 18:05]
    "QuickTime Task"="C:\Program Files2\QuickTime\qttask.exe" [2006-09-01 16:57]
    "!AVG Anti-Spyware"="C:\Program Files2\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
    "Start WingMan Profiler"="C:\Program Files\Logitech\Profiler\lwemon.exe" [2003-08-07 11:39]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 15:50]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files2\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be9351aa-375c-11db-8080-000e50344878}]
    AutoRun\command- G:\LaunchU3.exe


    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
    rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

    Contents of the 'Scheduled Tasks' folder
    2007-01-27 19:00:00 C:\WINDOWS\tasks\At4.job
    2007-01-28 09:02:32 C:\WINDOWS\tasks\At6.job
    2007-01-28 09:02:32 C:\WINDOWS\tasks\At7.job
    2007-01-27 19:00:00 C:\WINDOWS\tasks\At8.job

    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-27 12:24:10
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-06-27 12:25:00
    C:\ComboFix-quarantined-files.txt ... 2007-06-27 12:24
    C:\ComboFix2.txt ... 2007-06-26 17:55

    --- E O F ---
    27 Juin 2007 12:42:20

    voila le rapport avec lancienne version

    27 Juin 2007 12:42:33

    Logfile of HijackThis v1.99.1
    Scan saved at 12:41:51, on 27/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files2\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files2\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files2\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files2\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files2\D-Tools\daemon.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files2\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files2\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Logitech\Profiler\lwemon.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\Program Files2\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files2\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files2\ESTsoft\ALZip\ALZip.exe
    C:\Documents and Settings\M et Mme RABEAU\Local Settings\Temp\_AZTMP0_\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\xmydlqjt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8F79D62C-A3FA-4316-AB09-0FEF6663FD88} - C:\WINDOWS\system32\ddabb.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {C0645C85-31A1-488F-AEA0-A202F48A0944} - C:\WINDOWS\system32\pmnnk.dll (file missing)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files2\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [Babylon Client] C:\Program Files2\Babylon\Babylon.exe -AutoStart
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files2\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files2\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files2\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: Interface Chat Voila - http://chat7.x-echo.com/version7/Applet/vchatsign.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall....
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scann...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate- Activex Control) - http://support.fujitsu-siemens.de/DeskUpdate/isapi/acti...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files2\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files2\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files2\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files2\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files2\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    a b 8 Sécurité
    27 Juin 2007 13:00:33

    Re,

    Fix les lignes en italique ci-dessous avec Hijackthis : AIDE EN IMAGES

    O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\xmydlqjt.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8F79D62C-A3FA-4316-AB09-0FEF6663FD88} - C:\WINDOWS\system32\ddabb.dll (file missing)
    O2 - BHO: (no name) - {C0645C85-31A1-488F-AEA0-A202F48A0944} - C:\WINDOWS\system32\pmnnk.dll (file missing)
    O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe


    Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
    Sélectionne TOUS les emplacements en gras ci-dessous :

    C:\Program Files\user32.exe
    C:\WINDOWS\system32\xmydlqjt.dll
    C:\WINDOWS\system32\call.exe
    C:\WINDOWS\system32\sthrdafg.exe
    C:\WINDOWS\system32\ieerpcfe.dll
    C:\call.exe
    C:\services.exe
    C:\WINDOWS\tasks\At4.job
    C:\WINDOWS\tasks\At6.job
    C:\WINDOWS\tasks\At7.job
    C:\WINDOWS\tasks\At8.job


    ---> Clique-droit puis Copier (ou Ctrl+C)

    Double-clique sur OTMoveIt.exe afin de le lancer.
    Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
    Clique maintenant sur [#ff0000]MoveIt![/#f]

    [#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.[/#f]

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log

    ->Informations sur le logiciel<-
    27 Juin 2007 13:25:09

    voila le rapport
    File/Folder C:\Program Files\user32.exe not found.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\xmydlqjt.dll
    C:\WINDOWS\system32\xmydlqjt.dll NOT unregistered.
    C:\WINDOWS\system32\xmydlqjt.dll moved successfully.
    C:\WINDOWS\system32\call.exe moved successfully.
    C:\WINDOWS\system32\sthrdafg.exe moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\ieerpcfe.dll
    C:\WINDOWS\system32\ieerpcfe.dll NOT unregistered.
    C:\WINDOWS\system32\ieerpcfe.dll moved successfully.
    C:\call.exe moved successfully.
    C:\services.exe moved successfully.
    C:\WINDOWS\tasks\At4.job moved successfully.
    C:\WINDOWS\tasks\At6.job moved successfully.
    C:\WINDOWS\tasks\At7.job moved successfully.
    C:\WINDOWS\tasks\At8.job moved successfully.
    File/Folder not found.
    File/Folder not found.

    Created on 06/27/2007 13:23:05
    a b 8 Sécurité
    27 Juin 2007 13:53:26

    Reposte un rapport Hijackthis.
    27 Juin 2007 13:56:02

    voila
    Logfile of HijackThis v1.99.1
    Scan saved at 13:54:56, on 27/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files2\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files2\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files2\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files2\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files2\D-Tools\daemon.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files2\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files2\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Logitech\Profiler\lwemon.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\Program Files2\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files2\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files2\ESTsoft\ALZip\ALZip.exe
    C:\Documents and Settings\M et Mme RABEAU\Local Settings\Temp\_AZTMP0_\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files2\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [Babylon Client] C:\Program Files2\Babylon\Babylon.exe -AutoStart
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files2\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files2\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files2\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: Interface Chat Voila - http://chat7.x-echo.com/version7/Applet/vchatsign.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall....
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scann...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate- Activex Control) - http://support.fujitsu-siemens.de/DeskUpdate/isapi/acti...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files2\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files2\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files2\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files2\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files2\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    27 Juin 2007 14:34:17

    le désinfection est t'elle bientot terminée
    a b 8 Sécurité
    27 Juin 2007 16:56:42

    Refais un scan Combofix.
    27 Juin 2007 19:34:06

    voila
    2007-06-27 19:28:29 - ComboFix 07-06-26.8 - Service Pack 2 NTFS


    ((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 )))))))))))))))))))))))))))))))


    2007-06-26 19:01 <REP> d-------- C:\WINDOWS\pss
    2007-06-26 18:50 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-06-26 17:41 49,152 --a------ C:\WINDOWS\nircmd.exe
    2007-06-26 15:58 <REP> d-------- C:\VundoFix Backups
    2007-06-04 09:04 <REP> d-------- C:\DOCUME~1\METMME~1\APPLIC~1\ArcSoft


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-27 17:28:42 -------- d-----w C:\Program Files\Wanadoo
    2007-06-27 13:15:02 -------- d-----w C:\DOCUME~1\METMME~1\APPLIC~1\Azureus
    2007-06-25 19:53:35 -------- d-----w C:\DOCUME~1\METMME~1\APPLIC~1\Canon
    2007-06-25 19:46:10 -------- d-----w C:\Program Files\MSN Messenger
    2007-06-13 14:12:11 -------- d-----w C:\Program Files\Pomo
    2007-05-31 19:56:07 -------- d-----w C:\DOCUME~1\METMME~1\APPLIC~1\U3
    2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-11 22:30:52 -------- d--h--r C:\DOCUME~1\METMME~1\APPLIC~1\SecuROM
    2007-05-11 22:30:51 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-05-11 18:16:53 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-05-10 18:08:39 81,920 ----a-w C:\WINDOWS\ALCFDRTM.EXE
    2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 04:25]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 13:32]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nwiz"="nwiz.exe" [2005-07-20 22:07 C:\WINDOWS\system32\nwiz.exe]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
    "SoundMan"="SOUNDMAN.EXE" [2005-08-18 15:38 C:\WINDOWS\SOUNDMAN.EXE]
    "AlcWzrd"="ALCWZRD.EXE" [2005-07-26 17:54 C:\WINDOWS\ALCWZRD.EXE]
    "Alcmtr"="ALCMTR.EXE" [2005-05-03 19:43 C:\WINDOWS\ALCMTR.EXE]
    "avast!"="C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
    "OpwareSE2"="C:\Program Files2\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10]
    "Babylon Client"="C:\Program Files2\Babylon\Babylon.exe" [2005-06-27 17:36]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55]
    "DAEMON Tools-1033"="C:\Program Files2\D-Tools\daemon.exe" [2004-08-22 18:05]
    "QuickTime Task"="C:\Program Files2\QuickTime\qttask.exe" [2006-09-01 16:57]
    "!AVG Anti-Spyware"="C:\Program Files2\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
    "Start WingMan Profiler"="C:\Program Files\Logitech\Profiler\lwemon.exe" [2003-08-07 11:39]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 15:50]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files2\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be9351aa-375c-11db-8080-000e50344878}]
    AutoRun\command- G:\LaunchU3.exe


    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
    rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-27 19:32:12
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-06-27 19:32:46
    C:\ComboFix-quarantined-files.txt ... 2007-06-27 19:32
    C:\ComboFix2.txt ... 2007-06-27 12:25
    C:\ComboFix3.txt ... 2007-06-26 17:55

    --- E O F ---
    a b 8 Sécurité
    27 Juin 2007 19:35:04

    Toujours des problèmes ?
    27 Juin 2007 19:42:11

    jai pa essayer de me reconnecter a msn mai la jai pa de problème j'essaie de me connecter a msn?
    27 Juin 2007 20:14:57

    jai rééssayer msn et avg a détecté quelque chose
    a b 8 Sécurité
    27 Juin 2007 21:23:33

    Quoi ?
    28 Juin 2007 15:04:44

    avg a mi msn infecté par backdoor.msn.maker donc ce truc la je lai mi en qurantaine mai mintenant je peut plu utiliser msn?
    a b 8 Sécurité
    28 Juin 2007 15:06:09

    Désinstalle puis réinstalle MSN :) 
    28 Juin 2007 15:15:31

    man fonctionne et je n'est plu l'air d'avoir de probleme sa doit etre bon nn?
    a b 8 Sécurité
    28 Juin 2007 15:27:40

    Oui :) 
    28 Juin 2007 15:37:46

    ok merci encore pour tout votre aide
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS