Votre question

Virus win32 Ultimate dialer

Tags :
  • software
  • Sécurité
Dernière réponse : dans Sécurité et virus
27 Avril 2007 20:26:41

Bonjour voila je suis infecté par un virus ou un spyware vraisemblablement mais mon anti spyware ne le détécte pas. ci-joint le rapport hijackthis .

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - HBR07962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - xBR56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\qwawsyct.dll
O2 - BHO: (no name) - {31DDBC5B-1877-A943-3BB7-089C9CD28FF2} - C:\WINDOWS\system32\kanbofi.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6783E5C0-0059-7969-AAA3-0497592F9D8D} - C:\WINDOWS\system32\eiogcp.dll
O2 - BHO: (no name) - {9D4947BD-1923-40E7-A074-C7B47FB65E38} - C:\WINDOWS\system32\awvtr.dll
O2 - BHO: (no name) - {9E23297E-5BA6-4BE7-8F68-693DFCAB02DB} - C:\WINDOWS\system32\awvtr.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
O2 - BHO: (no name) - {B670073F-6174-488C-B5B5-3A471C6240E8} - C:\WINDOWS\system32\rqrrqpn.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O2 - BHO: (no name) - ¨R¨R2-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - ÈBR497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [eiogcp.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\eiogcp.dll,ybucvaf
O4 - HKLM\..\Run: [VaCtrls] v7
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\kdbjqyqs.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scann...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/filter/cameraviewer/isetup.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: awvtr - C:\WINDOWS\system32\awvtr.dll
O20 - Winlogon Notify: rqrrqpn - C:\WINDOWS\SYSTEM32\rqrrqpn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: DirectX Service (DirectBilv) - Unknown owner - C:\WINDOWS\system32\directx.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\VIDEOA~1\VideoAcceleratorEngine.exe
O23 - Service: vwservice - Unknown owner - C:\WINDOWS\system32\vwsrv.exe

Autres pages sur : virus win32 ultimate dialer

27 Avril 2007 20:35:18

Salut,
Bon un Dialer ça ce chope pas comme ça ;) 
Tu n'a qua faire une analyse spybot search and destroy.
Pour infos:
"Dialer:une petite chose qui compose des numéros de tel surtaxés" :bounce:  Donc fait la désinfection d'urgence si c'est vraiment un dialer .
27 Avril 2007 22:47:25

Bonsoir,

Plusieures infections dont Vundo !!

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    Contenus similaires
    28 Avril 2007 11:20:15

    Merci de ton aide je vais faire mais je ne peux pas car je serais absent pour quelque jour.
    30 Avril 2007 16:07:09

    Bonjour voila le rapport VundoFix


    VundoFix V6.3.20

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 11:17:03 28/04/2007

    Listing files found while scanning....


    VundoFix V6.3.20

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 15:20:30 30/04/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\awvtr.dll
    C:\WINDOWS\system32\kispvxrx.dll
    C:\WINDOWS\system32\mndricnx.dll
    C:\WINDOWS\system32\rqrrqpn.dll
    C:\WINDOWS\system32\rtvwa.bak1
    C:\WINDOWS\system32\rtvwa.bak2
    C:\WINDOWS\system32\rtvwa.ini
    C:\WINDOWS\system32\rtvwa.ini2
    C:\WINDOWS\system32\xefvoayq.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\awvtr.dll
    C:\WINDOWS\system32\awvtr.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\kispvxrx.dll
    C:\WINDOWS\system32\kispvxrx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mndricnx.dll
    C:\WINDOWS\system32\mndricnx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rqrrqpn.dll
    C:\WINDOWS\system32\rqrrqpn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rtvwa.bak1
    C:\WINDOWS\system32\rtvwa.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rtvwa.bak2
    C:\WINDOWS\system32\rtvwa.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rtvwa.ini
    C:\WINDOWS\system32\rtvwa.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rtvwa.ini2
    C:\WINDOWS\system32\rtvwa.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xefvoayq.dll
    C:\WINDOWS\system32\xefvoayq.dll Has been deleted!

    Performing Repairs to the registry.
    Done!
    30 Avril 2007 16:08:54

    ET le nouveau Hijackthis

    Logfile of HijackThis v1.99.1
    Scan saved at - 16:08:25 , on 30/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Mehdi\Bureau\Scanner.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\scwhhjvy.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {39C24603-72E8-4092-B169-E975D2F1D97D} - C:\WINDOWS\system32\awvtr.dll (file missing)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
    O2 - BHO: (no name) - {B670073F-6174-488C-B5B5-3A471C6240E8} - C:\WINDOWS\system32\rqrrqpn.dll (file missing)
    O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\ovobjlrl.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
    O2 - BHO: (no name) - ¨R¨R2-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - ÈBR497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [eiogcp.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\eiogcp.dll,ybucvaf
    O4 - HKLM\..\Run: [VaCtrls] v7
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\kdbjqyqs.dll",realset
    O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet\FlashGet.exe" /min
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: DirectX Service (DirectBilv) - Unknown owner - C:\WINDOWS\system32\directx.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\VIDEOA~1\VideoAcceleratorEngine.exe

    30 Avril 2007 16:32:42

    Re,

    On continue :) 

    Télécharge combofix.exe (par sUBs) sur ton Bureau

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Double clique combofix.exe et suis les invites.
    Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
    30 Avril 2007 20:35:05

    Voila le rapport Combofix

    "Mehdi" - 07-04-30 18:47:14 Service Pack 2
    ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Mehdi\Bureau\FICHIER T2L2CHARGER\"


    (((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\ovobjlrl.dll
    C:\WINDOWS\system32\scwhhjvy.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\packet.dll
    C:\WINDOWS\system32\pthreadVC.dll
    C:\WINDOWS\system32\wanpacket.dll
    C:\WINDOWS\system32\wpcap.dll
    C:\WINDOWS\system32\v7.exe
    C:\install.log
    C:\WINDOWS\system32\drivers\npf.sys


    ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\nm
    -------\NPF


    ((((((((((((((((((((((((((((((( Files Created from 2007-03-28 to 2007-04-30 ))))))))))))))))))))))))))))))))))


    2007-04-30 18:33 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
    2007-04-30 18:33 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
    2007-04-30 18:33 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
    2007-04-30 18:33 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
    2007-04-30 18:33 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
    2007-04-30 18:33 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
    2007-04-30 18:33 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
    2007-04-30 18:33 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
    2007-04-30 18:33 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
    2007-04-30 16:39 <REP> d-------- C:\Program Files\MAIET
    2007-04-30 15:29 <REP> d---s---- C:\Program Files\Xfire
    2007-04-30 15:29 <REP> d-------- C:\DOCUME~1\Mehdi\APPLIC~1\Xfire
    2007-04-28 11:17 <REP> d-------- C:\VundoFix Backups
    2007-04-27 15:03 <REP> d-------- C:\Downloads
    2007-04-27 14:26 <REP> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Spyware Terminator
    2007-04-26 15:04 <REP> d-------- C:\Program Files\FlashGet
    2007-04-26 10:40 132,660 --a------ C:\WINDOWS\system32\kdbjqyqs.dll
    2007-04-26 10:40 <REP> d-------- C:\DOCUME~1\Yasser\APPLIC~1\Spyware Terminator
    2007-04-25 13:29 <REP> d-------- C:\DOCUME~1\Zahra\APPLIC~1\Spyware Terminator
    2007-04-25 12:41 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-04-25 12:41 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-04-25 12:41 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-04-25 12:39 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
    2007-04-25 12:39 <REP> dr------- C:\DOCUME~1\ADMINI~1\Mes documents
    2007-04-25 12:39 <REP> dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer
    2007-04-25 12:39 <REP> dr------- C:\DOCUME~1\ADMINI~1\Favoris
    2007-04-25 12:39 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau
    2007-04-25 12:39 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression
    2007-04-25 12:39 <REP> d--h----- C:\DOCUME~1\ADMINI~1\ModŠles
    2007-04-25 12:39 <REP> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
    2007-04-25 12:39 <REP> d-------- C:\DOCUME~1\ADMINI~1\Bureau
    2007-04-25 12:39 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
    2007-04-25 12:39 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\CyberLink
    2007-04-25 12:39 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
    2007-04-25 12:28 <REP> d-------- C:\!KillBox
    2007-04-24 22:07 <REP> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Spyware Terminator
    2007-04-24 22:06 135,936 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    2007-04-24 22:04 <REP> d-------- C:\Program Files\Spyware Terminator
    2007-04-24 22:04 <REP> d-------- C:\DOCUME~1\Mehdi\APPLIC~1\Spyware Terminator
    2007-04-24 22:04 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator
    2007-04-24 18:07 <REP> d-------- C:\Program Files\Hitman Pro
    2007-04-24 16:12 123,972 --a------ C:\WINDOWS\system32\hfevwyjc.dll
    2007-04-23 14:04 <REP> d-------- C:\Program Files\CCleaner
    2007-04-23 00:03 7,168 --a------ C:\WINDOWS\system32\vwsrv.exe
    2007-04-22 17:08 <REP> d-------- C:\DOCUME~1\Xbox\APPLIC~1\Yahoo!
    2007-04-22 14:58 86,528 --a------ C:\WINDOWS\system32\eiogcp.dll
    2007-04-21 17:24 <REP> d-------- C:\DOCUME~1\Xbox\APPLIC~1\Real
    2007-04-21 17:23 1,572,864 --ah----- C:\DOCUME~1\Xbox\NTUSER.DAT
    2007-04-21 17:23 <REP> dr------- C:\DOCUME~1\Xbox\Menu D‚marrer
    2007-04-21 17:23 <REP> d--h----- C:\DOCUME~1\Xbox\Voisinage r‚seau
    2007-04-21 17:23 <REP> d--h----- C:\DOCUME~1\Xbox\Voisinage d'impression
    2007-04-21 17:23 <REP> d--h----- C:\DOCUME~1\Xbox\ModŠles
    2007-04-21 17:23 <REP> d---s---- C:\DOCUME~1\Xbox\Mes documents
    2007-04-21 17:23 <REP> d---s---- C:\DOCUME~1\Xbox\Favoris
    2007-04-21 17:23 <REP> d-------- C:\DOCUME~1\Xbox\WINDOWS
    2007-04-21 17:23 <REP> d-------- C:\DOCUME~1\Xbox\Bureau
    2007-04-21 17:23 <REP> d-------- C:\DOCUME~1\Xbox\APPLIC~1\SampleView
    2007-04-21 17:23 <REP> d-------- C:\DOCUME~1\Xbox\APPLIC~1\CyberLink
    2007-04-21 17:23 <REP> d-------- C:\DOCUME~1\Xbox\APPLIC~1\Apple Computer
    2007-04-20 18:31 <REP> d-------- C:\DOCUME~1\Yasser\APPLIC~1\OpenOffice.org2
    2007-04-18 19:17 40,960 --a------ C:\WINDOWS\system32\eax.dll
    2007-04-18 19:09 327,168 --a------ C:\WINDOWS\IsUn040c.exe
    2007-04-18 19:09 <REP> d-------- C:\Program Files\Red Storm Entertainment
    2007-04-18 14:05 <REP> d-------- C:\Program Files\AskPBar
    2007-04-18 14:02 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2007-04-18 13:53 <REP> d-------- C:\DOCUME~1\Mehdi\APPLIC~1\FlashFXP
    2007-04-18 13:52 <REP> d-------- C:\Program Files\FlashFXP
    2007-04-11 20:15 159,744 --a------ C:\WINDOWS\system32\la-core.dll
    2007-04-11 20:15 <REP> d-------- C:\Program Files\GXTranscoder.net
    2007-04-11 19:07 <REP> d-------- C:\Program Files\Fichiers communs\Skype
    2007-04-10 15:57 <REP> d-------- C:\Program Files\SecondLife
    2007-04-10 13:43 <REP> d-------- C:\Program Files\XBC
    2007-04-10 13:43 <REP> d-------- C:\Program Files\WinPcap
    2007-04-06 17:32 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
    2007-04-06 17:32 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
    2007-04-06 17:32 <REP> d-------- C:\Program Files\Replay Converter
    2007-03-30 13:11 49,835 --a------ C:\WINDOWS\system32\Uninstal.exe
    2007-03-28 19:55 <REP> d-------- C:\DOCUME~1\Zahra\APPLIC~1\uTorrent
    2007-03-28 16:45 737,280 --a------ C:\WINDOWS\iun6002.exe
    2007-03-28 16:45 <REP> d-------- C:\Program Files\Freecorder


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-04-30 19:00 -------- d-------- C:\DOCUME~1\Mehdi\APPLIC~1\utorrent
    2007-04-27 22:23 -------- d-------- C:\Program Files\emule
    2007-04-27 20:53 -------- d-------- C:\Program Files\warrock22
    2007-04-24 16:12 -------- d-------- C:\Program Files\dap
    2007-04-23 13:50 -------- d-------- C:\Program Files\axbx
    2007-04-21 15:43 -------- d-------- C:\DOCUME~1\Mehdi\APPLIC~1\teamspeak2
    2007-04-18 14:05 -------- d-------- C:\Program Files\video accelerator
    2007-04-17 20:57 -------- d-------- C:\DOCUME~1\Mehdi\APPLIC~1\openoffice.org2
    2007-04-13 16:40 -------- d-------- C:\Program Files\wolfenstein - enemy territory
    2007-04-11 19:07 -------- d-------- C:\Program Files\skype
    2007-04-10 16:00 -------- d-------- C:\DOCUME~1\Mehdi\APPLIC~1\secondlife
    2007-04-03 18:06 -------- d-------- C:\Program Files\yu-gi-oh virtual battle 5
    2007-04-03 13:42 -------- d-------- C:\Program Files\warrock
    2007-04-02 12:46 -------- d-------- C:\DOCUME~1\Mehdi\APPLIC~1\screenshot sender
    2007-04-01 19:56 -------- d-------- C:\Program Files\teamspeak2_rc2
    2007-03-27 22:45 -------- d-------- C:\Program Files\room arranger
    2007-03-27 16:28 -------- d--h----- C:\Program Files\installshield installation information
    2007-03-27 16:24 -------- d-------- C:\Program Files\silkroad
    2007-03-26 18:52 -------- d-------- C:\Program Files\journal macro
    2007-03-26 18:21 -------- d-------- C:\Program Files\vid_0e8f&pid_0003
    2007-03-25 19:51 -------- d-------- C:\Program Files\lavalys
    2007-03-25 19:33 -------- d-------- C:\Program Files\radio fr solo
    2007-03-25 15:13 -------- d-------- C:\Program Files\regclean
    2007-03-25 14:52 -------- d-------- C:\Program Files\rivatuner v2.0 final release
    2007-03-25 10:58 75470 --a------ C:\WINDOWS\system32\perfc00c.dat
    2007-03-25 10:58 468402 --a------ C:\WINDOWS\system32\perfh00c.dat
    2007-03-24 16:58 -------- d-------- C:\Program Files\magic karaoke maker
    2007-03-22 17:44 49891 --a------ C:\Uninstal.exe
    2007-03-17 15:44 293376 --a------ C:\WINDOWS\system32\winsrv.dll
    2007-03-15 10:40 -------- d-------- C:\Program Files\picasa2
    2007-03-13 22:54 -------- d-------- C:\Program Files\foreignword
    2007-03-13 16:58 -------- d-------- C:\Program Files\itunes
    2007-03-13 16:57 -------- d-------- C:\Program Files\ipod
    2007-03-13 16:54 -------- d-------- C:\Program Files\quicktime
    2007-03-13 16:06 -------- d-------- C:\Program Files\pc inspector file recovery
    2007-03-13 14:24 -------- d-------- C:\Program Files\messenger plus! live
    2007-03-11 18:55 -------- d-------- C:\Program Files\photo to sketch
    2007-03-09 15:49 -------- d-------- C:\Program Files\topdesk trial
    2007-03-09 09:12 27648 --ahs---- C:\WINDOWS\system32\avsredirect.dll
    2007-03-08 19:43 -------- d-------- C:\Program Files\psycle
    2007-03-08 19:26 -------- d-------- C:\DOCUME~1\Mehdi\APPLIC~1\yahoo!
    2007-03-08 17:37 578560 --a------ C:\WINDOWS\system32\user32.dll
    2007-03-08 17:37 40960 --a------ C:\WINDOWS\system32\mf3216.dll
    2007-03-08 17:37 281600 --a------ C:\WINDOWS\system32\gdi32.dll
    2007-03-08 17:33 1843712 --a------ C:\WINDOWS\system32\win32k.sys
    2007-03-08 17:26 -------- d-------- C:\Program Files\steam
    2007-03-08 16:59 -------- d-------- C:\Program Files\yahoo!
    2007-03-08 14:08 -------- d-------- C:\Program Files\eurobarre
    2007-03-06 11:13 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
    2007-03-05 23:42 -------- d-------- C:\Program Files\spherexp
    2007-03-04 21:28 -------- d-------- C:\Program Files\musetools
    2007-03-04 13:55 719872 --a------ C:\WINDOWS\system32\devil.dll
    2007-03-04 13:55 308224 --a------ C:\WINDOWS\system32\avisynth.dll
    2007-02-28 16:17 -------- d-------- C:\Program Files\gamegain
    2007-02-25 15:56 504 --ah----- C:\os466477.bin
    2007-02-24 16:11 46377 --a------ C:\WINDOWS\bricopackuninst.cmd
    2007-02-24 16:11 1795 --a------ C:\WINDOWS\bricopackfoldersdelete.cmd
    2007-02-14 11:53 41 --ah----- C:\WINDOWS\dpar8950.dat
    2007-02-11 16:19 49152 --a------ C:\WINDOWS\system32\faceboxsdfr.dll
    2007-02-11 16:19 27648 --a------ C:\WINDOWS\system32\faceboxunfr.exe
    2007-02-11 14:06 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll
    2007-02-05 22:19 185344 --a------ C:\WINDOWS\system32\upnphost.dll
    2007-01-30 17:29 74752 --a--c--- C:\WINDOWS\st6unst.exe
    2007-01-30 17:29 290816 --a--c--- C:\WINDOWS\setup1.exe


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\system32\scwhhjvy.dll [x]
    {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} C:\Program Files\FlashGet\jccatch.dll
    {39C24603-72E8-4092-B169-E975D2F1D97D} C:\WINDOWS\system32\awvtr.dll [x]
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
    {D651AFF4-9590-424d-BD1E-8E33E090DFB3} C:\WINDOWS\system32\ovobjlrl.dll [x]
    {E5A1691B-D188-4419-AD02-90002030B8EE} C:\PROGRA~1\FlashFXP\IEFlash.dll
    {F156768E-81EF-470C-9057-481BA8380DBA} C:\Program Files\FlashGet\getflash.dll
    {F4D76F01-7896-458a-890F-E1F05C46069F} C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "VTTimer"="VTTimer.exe"
    "VTTrayp"="VTtrayp.exe"
    "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
    "Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
    "EoEngine"=""
    "EoClock"=""
    "NWEReboot"=""
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    "SoundMan"="SOUNDMAN.EXE"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "eiogcp.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\eiogcp.dll,ybucvaf"
    "SpywareTerminator"="\"C:\\PROGRA~1\\SPYWAR~1\\SpywareTerminatorShield.exe\""
    "InfoData"="rundll32.exe \"C:\\WINDOWS\\system32\\kdbjqyqs.dll\",realset"
    "FlashGet"="\"C:\\Program Files\\FlashGet\\FlashGet.exe\" /min"
    "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
    "Power2GoExpress"=""
    "PowerBar"=""
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo"=dword:00000000
    "NoResolveSearch"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winubg32

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages REG_MULTI_SZ msv1_0\0\0
    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
    Notification Packages REG_MULTI_SZ scecli\0\0


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Activate Scanner]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ACTIVATE"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Email Protection]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="emlproxy"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\IQONWA~1\\emlproxy.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SCANMSG"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\IQONWA~1\\SCANMSG.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\On-Line Protection]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="CATEYE"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\IQONWA~1\\CATEYE.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Scan]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="sensor"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\IQONWA~1\\sensor.exe /loadrun"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Scheduler]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="UPSCHD"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\IQONWA~1\\UPSCHD.EXE /CHECK"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    ********************************************************************

    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-04-30 19:00:38
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    PowerBar = ????????????|?@?|?@?D??????w???????????????w|?@?|?@????? ???????????g??w???w???????w???wx??????????w???????? ??????????????|x???0???????????? jt???w????????????????????????>???????|?@?|?@????????w??????@?????|?@?H?@?|?@?3??s????????????????????H?@?_??sH?@?H?@

    scanning hidden files ...

    1 Mai 2007 16:40:55

    Bonsoir,

    Télécharge OTMoveIt (d'OldTimer).

    Sauvegarde-le sur ton Bureau.

    Sélectionne les fichiers/dossiers suivants :

    C:\WINDOWS\system32\lfgif13n.dll
    C:\WINDOWS\system32\lfbmp13n.dll
    C:\WINDOWS\system32\ltkrn13n.dll
    C:\WINDOWS\system32\ltimg13n.dll
    C:\WINDOWS\system32\lfcmp13n.dll
    C:\WINDOWS\system32\ltdis13n.dll
    C:\WINDOWS\system32\ltefx13n.dll
    C:\WINDOWS\system32\ltfil13n.dll
    C:\WINDOWS\system32\lfpng13n.dll

    ---> Clique-droit puis Copier

    Double-clique sur OTMoveIt.exe afin de le lancer.
    Fais un Clique-droit sur le cadre de gauche puis choisis Coller.

    Clique maintenant sur MoveIt!

    NOTE : Si un fichier ou dossier ne peut être supprimé immédiatement, le logiciel te demandera de redémarrer ton PC. Accepte en cliquant sur YES .

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    1 Mai 2007 18:23:04

    Bonjour

    Voila le rapport demander mais quand je faisais copier Le coller n'était pas disponible .




    DllUnregisterServer procedure not found in C:\WINDOWS\system32\lfgif13n.dll
    C:\WINDOWS\system32\lfgif13n.dll NOT unregistered.
    C:\WINDOWS\system32\lfgif13n.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\lfbmp13n.dll
    C:\WINDOWS\system32\lfbmp13n.dll NOT unregistered.
    C:\WINDOWS\system32\lfbmp13n.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\ltkrn13n.dll
    C:\WINDOWS\system32\ltkrn13n.dll NOT unregistered.
    C:\WINDOWS\system32\ltkrn13n.dll moved successfully.
    LoadLibrary failed for C:\WINDOWS\system32\ltimg13n.dll
    C:\WINDOWS\system32\ltimg13n.dll NOT unregistered.
    C:\WINDOWS\system32\ltimg13n.dll moved successfully.
    LoadLibrary failed for C:\WINDOWS\system32\lfcmp13n.dll
    C:\WINDOWS\system32\lfcmp13n.dll NOT unregistered.
    C:\WINDOWS\system32\lfcmp13n.dll moved successfully.
    LoadLibrary failed for C:\WINDOWS\system32\ltdis13n.dll
    C:\WINDOWS\system32\ltdis13n.dll NOT unregistered.
    C:\WINDOWS\system32\ltdis13n.dll moved successfully.
    LoadLibrary failed for C:\WINDOWS\system32\ltefx13n.dll
    C:\WINDOWS\system32\ltefx13n.dll NOT unregistered.
    C:\WINDOWS\system32\ltefx13n.dll moved successfully.
    LoadLibrary failed for C:\WINDOWS\system32\ltfil13n.dll
    C:\WINDOWS\system32\ltfil13n.dll NOT unregistered.
    C:\WINDOWS\system32\ltfil13n.dll moved successfully.
    LoadLibrary failed for C:\WINDOWS\system32\lfpng13n.dll
    C:\WINDOWS\system32\lfpng13n.dll NOT unregistered.
    C:\WINDOWS\system32\lfpng13n.dll moved successfully.

    Created on 05-01-2007 18:20:57
    1 Mai 2007 22:27:58

    Bonsoir,

    Refait STP un nouveau scan ComboFix plus un nouveau rapport HijackThis.
    2 Mai 2007 14:14:30

    Bonjour Alors le rapport Hijackthis

    Logfile of HijackThis v1.99.1
    Scan saved at 14:03, on 07-05-02
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
    C:\Program Files\FlashGet\FlashGet.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Documents and Settings\Mehdi\Bureau\Scanner.exe.exe
    C:\WINDOWS\system32\cmd.exe
    C:\ComboFix\vfind.cfexe
    C:\WINDOWS\system32\find.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\scwhhjvy.dll (file missing)
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {39C24603-72E8-4092-B169-E975D2F1D97D} - C:\WINDOWS\system32\awvtr.dll (file missing)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
    O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\ovobjlrl.dll (file missing)
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
    O2 - BHO: (no name) - ¨R¨R2-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - ÈBR497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [eiogcp.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\eiogcp.dll,ybucvaf
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\kdbjqyqs.dll",realset
    O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet\FlashGet.exe" /min
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by125fd.bay125.hotmail.msn.com/resources/MsnPUpl...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: DirectX Service (DirectBilv) - Unknown owner - C:\WINDOWS\system32\directx.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\VIDEOA~1\VideoAcceleratorEngine.exe


    ET le rapport Combofix

    "Mehdi" - 07-05-02 13:55:58 Service Pack 2
    ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Mehdi\Bureau\FICHIER T2L2CHARGER\"


    ((((((((((((((((((((((((((((((( Files Created from 2007-04-02 to 2007-05-02 ))))))))))))))))))))))))))))))))))


    2007-05-01 18:20 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
    2007-05-01 18:20 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
    2007-05-01 18:20 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
    2007-05-01 18:20 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
    2007-05-01 18:20 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
    2007-05-01 18:20 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
    2007-05-01 18:20 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
    2007-05-01 18:20 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
    2007-05-01 18:20 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
    2007-05-01 18:12 673,546 --a------ C:\WINDOWS\unins000.exe
    2007-05-01 18:12 3,851 --a------ C:\WINDOWS\unins000.dat
    2007-05-01 18:11 <REP> d-------- C:\DOCUME~1\Mehdi\APPLIC~1\Free Download Manager
    2007-05-01 15:32 <REP> d-------- C:\Program Files\MAIET
    2007-04-30 15:29 <REP> d---s---- C:\Program Files\Xfire
    2007-04-30 15:29 <REP> d-------- C:\DOCUME~1\Mehdi\APPLIC~1\Xfire
    2007-04-28 11:17 <REP> d-------- C:\VundoFix Backups
    2007-04-27 15:03 <REP> d-------- C:\Downloads
    2007-04-27 14:26 <REP> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Spyware Terminator
    2007-04-26 15:04 <REP> d-------- C:\Program Files\FlashGet
    2007-04-26 10:40 132,660 --a------ C:\WINDOWS\system32\kdbjqyqs.dll
    2007-04-26 10:40 <REP> d-------- C:\DOCUME~1\Yasser\APPLIC~1\Spyware Terminator
    2007-04-25 13:29 <REP> d-------- C:\DOCUME~1\Zahra\APPLIC~1\Spyware Terminator
    2007-04-25 12:41 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-04-25 12:41 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-04-25 12:41 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-04-25 12:39 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
    2007-04-25 12:39 <REP> dr------- C:\DOCUME~1\ADMINI~1\Mes documents
    2007-04-25 12:39 <REP> dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer
    2007-04-25 12:39 <REP> dr------- C:\DOCUME~1\ADMINI~1\Favoris
    2007-04-25 12:39 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau
    2007-04-25 12:39 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression
    2007-04-25 12:39 <REP> d--h----- C:\DOCUME~1\ADMINI~1\ModŠles
    2007-04-25 12:39 <REP> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
    2007-04-25 12:39 <REP> d-------- C:\DOCUME~1\ADMINI~1\Bureau
    2007-04-25 12:39 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
    2007-04-25 12:39 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\CyberLink
    2007-04-25 12:39 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
    2007-04-25 12:28 <REP> d-------- C:\!KillBox
    2007-04-24 22:07 <REP> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Spyware Terminator
    2007-04-24 22:06 135,936 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    2007-04-24 22:04 <REP> d-------- C:\Program Files\Spyware Terminator
    2007-04-24 22:04 <REP> d-------- C:\DOCUME~1\Mehdi\APPLIC~1\Spyware Terminator
    2007-04-24 22:04 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator
    2007-04-24 18:07 <REP> d-------- C:\Program Files\Hitman Pro
    2007-04-24 16:12 123,972 --a------ C:\WINDOWS\system32\hfevwyjc.dll
    2007-04-23 14:04 <REP> d-------- C:\Program Files\CCleaner
    2007-04-23 00:03 7,168 --a------ C:\WINDOWS\system32\vwsrv.exe
    2007-04-22 17:08 <REP> d-------- C:\DOCUME~1\Xbox\APPLIC~1\Yahoo!
    2007-04-22 14:58 86,528 --a------ C:\WINDOWS\system32\eiogcp.dll
    2007-04-21 17:24 <REP> d-------- C:\DOCUME~1\Xbox\APPLIC~1\Real
    2007-04-21 17:23 1,572,864 --ah----- C:\DOCUME~1\Xbox\NTUSER.DAT
    2007-04-21 17:23 <REP> dr------- C:\DOCUME~1\Xbox\Menu D‚marrer
    2007-04-21 17:23 <REP> d--h----- C:\DOCUME~1\Xbox\Voisinage r‚seau
    2007-04-21 17:23 <REP> d--h----- C:\DOCUME~1\Xbox\Voisinage d'impression
    2007-04-21 17:23 <REP> d--h----- C:\DOCUME~1\Xbox\ModŠles
    2007-04-21 17:23 <REP> d---s---- C:\DOCUME~1\Xbox\Mes documents
    2007-04-21 17:23 <REP> d---s---- C:\DOCUME~1\Xbox\Favoris
    2007-04-21 17:23 <REP> d-------- C:\DOCUME~1\Xbox\WINDOWS
    2007-04-21 17:23 <REP> d-------- C:\DOCUME~1\Xbox\Bureau
    2007-04-21 17:23 <REP> d-------- C:\DOCUME~1\Xbox\APPLIC~1\SampleView
    2007-04-21 17:23 <REP> d-------- C:\DOCUME~1\Xbox\APPLIC~1\CyberLink
    2007-04-21 17:23 <REP> d-------- C:\DOCUME~1\Xbox\APPLIC~1\Apple Computer
    2007-04-20 18:31 <REP> d-------- C:\DOCUME~1\Yasser\APPLIC~1\OpenOffice.org2
    2007-04-18 19:17 40,960 --a------ C:\WINDOWS\system32\eax.dll
    2007-04-18 19:09 327,168 --a------ C:\WINDOWS\IsUn040c.exe
    2007-04-18 19:09 <REP> d-------- C:\Program Files\Red Storm Entertainment
    2007-04-18 14:05 <REP> d-------- C:\Program Files\AskPBar
    2007-04-18 14:02 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2007-04-18 13:53 <REP> d-------- C:\DOCUME~1\Mehdi\APPLIC~1\FlashFXP
    2007-04-18 13:52 <REP> d-------- C:\Program Files\FlashFXP
    2007-04-11 20:15 159,744 --a------ C:\WINDOWS\system32\la-core.dll
    2007-04-11 20:15 <REP> d-------- C:\Program Files\GXTranscoder.net
    2007-04-11 19:07 <REP> d-------- C:\Program Files\Fichiers communs\Skype
    2007-04-10 15:57 <REP> d-------- C:\Program Files\SecondLife
    2007-04-10 13:43 <REP> d-------- C:\Program Files\XBC
    2007-04-10 13:43 <REP> d-------- C:\Program Files\WinPcap
    2007-04-06 17:32 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
    2007-04-06 17:32 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
    2007-04-06 17:32 <REP> d-------- C:\Program Files\Replay Converter


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-05-01 20:25 -------- d-------- C:\Program Files\emule
    2007-05-01 18:11 -------- d-------- C:\Program Files\free download manager
    2007-05-01 16:02 -------- d-------- C:\Program Files\warrock22
    2007-05-01 15:45 -------- d-------- C:\DOCUME~1\Mehdi\APPLIC~1\utorrent
    2007-04-24 16:12 -------- d-------- C:\Program Files\dap
    2007-04-23 13:50 -------- d-------- C:\Program Files\axbx
    2007-04-21 15:43 -------- d-------- C:\DOCUME~1\Mehdi\APPLIC~1\teamspeak2
    2007-04-18 14:05 -------- d-------- C:\Program Files\video accelerator
    2007-04-17 20:57 -------- d-------- C:\DOCUME~1\Mehdi\APPLIC~1\openoffice.org2
    2007-04-13 16:40 -------- d-------- C:\Program Files\wolfenstein - enemy territory
    2007-04-11 19:07 -------- d-------- C:\Program Files\skype
    2007-04-10 16:00 -------- d-------- C:\DOCUME~1\Mehdi\APPLIC~1\secondlife
    2007-04-06 17:32 737280 --a------ C:\WINDOWS\iun6002.exe
    2007-04-03 18:06 -------- d-------- C:\Program Files\yu-gi-oh virtual battle 5
    2007-04-03 13:42 -------- d-------- C:\Program Files\warrock
    2007-04-02 12:46 -------- d-------- C:\DOCUME~1\Mehdi\APPLIC~1\screenshot sender
    2007-04-01 19:56 -------- d-------- C:\Program Files\teamspeak2_rc2
    2007-03-30 13:11 49835 --a------ C:\WINDOWS\system32\uninstal.exe
    2007-03-28 16:45 -------- d-------- C:\Program Files\freecorder
    2007-03-27 22:45 -------- d-------- C:\Program Files\room arranger
    2007-03-27 16:28 -------- d--h----- C:\Program Files\installshield installation information
    2007-03-27 16:24 -------- d-------- C:\Program Files\silkroad
    2007-03-26 18:52 -------- d-------- C:\Program Files\journal macro
    2007-03-26 18:21 -------- d-------- C:\Program Files\vid_0e8f&pid_0003
    2007-03-25 19:51 -------- d-------- C:\Program Files\lavalys
    2007-03-25 19:33 -------- d-------- C:\Program Files\radio fr solo
    2007-03-25 15:13 -------- d-------- C:\Program Files\regclean
    2007-03-25 14:52 -------- d-------- C:\Program Files\rivatuner v2.0 final release
    2007-03-25 10:58 75470 --a------ C:\WINDOWS\system32\perfc00c.dat
    2007-03-25 10:58 468402 --a------ C:\WINDOWS\system32\perfh00c.dat
    2007-03-24 16:58 -------- d-------- C:\Program Files\magic karaoke maker
    2007-03-22 17:44 49891 --a------ C:\Uninstal.exe
    2007-03-17 15:44 293376 --a------ C:\WINDOWS\system32\winsrv.dll
    2007-03-15 10:40 -------- d-------- C:\Program Files\picasa2
    2007-03-13 22:54 -------- d-------- C:\Program Files\foreignword
    2007-03-13 16:58 -------- d-------- C:\Program Files\itunes
    2007-03-13 16:57 -------- d-------- C:\Program Files\ipod
    2007-03-13 16:54 -------- d-------- C:\Program Files\quicktime
    2007-03-13 16:06 -------- d-------- C:\Program Files\pc inspector file recovery
    2007-03-13 14:24 -------- d-------- C:\Program Files\messenger plus! live
    2007-03-11 18:55 -------- d-------- C:\Program Files\photo to sketch
    2007-03-09 15:49 -------- d-------- C:\Program Files\topdesk trial
    2007-03-09 09:12 27648 --ahs---- C:\WINDOWS\system32\avsredirect.dll
    2007-03-08 19:43 -------- d-------- C:\Program Files\psycle
    2007-03-08 19:26 -------- d-------- C:\DOCUME~1\Mehdi\APPLIC~1\yahoo!
    2007-03-08 17:37 578560 --a------ C:\WINDOWS\system32\user32.dll
    2007-03-08 17:37 40960 --a------ C:\WINDOWS\system32\mf3216.dll
    2007-03-08 17:37 281600 --a------ C:\WINDOWS\system32\gdi32.dll
    2007-03-08 17:33 1843712 --a------ C:\WINDOWS\system32\win32k.sys
    2007-03-08 17:26 -------- d-------- C:\Program Files\steam
    2007-03-08 16:59 -------- d-------- C:\Program Files\yahoo!
    2007-03-08 14:08 -------- d-------- C:\Program Files\eurobarre
    2007-03-06 11:13 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
    2007-03-05 23:42 -------- d-------- C:\Program Files\spherexp
    2007-03-04 21:28 -------- d-------- C:\Program Files\musetools
    2007-03-04 13:55 719872 --a------ C:\WINDOWS\system32\devil.dll
    2007-03-04 13:55 308224 --a------ C:\WINDOWS\system32\avisynth.dll
    2007-02-25 15:56 504 --ah----- C:\os466477.bin
    2007-02-24 16:11 46377 --a------ C:\WINDOWS\bricopackuninst.cmd
    2007-02-24 16:11 1795 --a------ C:\WINDOWS\bricopackfoldersdelete.cmd
    2007-02-14 11:53 41 --ah----- C:\WINDOWS\dpar8950.dat
    2007-02-11 16:19 49152 --a------ C:\WINDOWS\system32\faceboxsdfr.dll
    2007-02-11 16:19 27648 --a------ C:\WINDOWS\system32\faceboxunfr.exe
    2007-02-11 14:06 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll
    2007-02-05 22:19 185344 --a------ C:\WINDOWS\system32\upnphost.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\system32\scwhhjvy.dll [x]
    {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} C:\Program Files\FlashGet\jccatch.dll
    {39C24603-72E8-4092-B169-E975D2F1D97D} C:\WINDOWS\system32\awvtr.dll [x]
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
    {CC59E0F9-7E43-44FA-9FAA-8377850BF205} C:\Program Files\Free Download Manager\iefdmcks.dll
    {D651AFF4-9590-424d-BD1E-8E33E090DFB3} C:\WINDOWS\system32\ovobjlrl.dll [x]
    {E5A1691B-D188-4419-AD02-90002030B8EE} C:\PROGRA~1\FlashFXP\IEFlash.dll
    {F156768E-81EF-470C-9057-481BA8380DBA} C:\Program Files\FlashGet\getflash.dll
    {F4D76F01-7896-458a-890F-E1F05C46069F} C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "VTTimer"="VTTimer.exe"
    "VTTrayp"="VTtrayp.exe"
    "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
    "Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
    "EoEngine"=""
    "EoClock"=""
    "NWEReboot"=""
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    "SoundMan"="SOUNDMAN.EXE"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "eiogcp.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\eiogcp.dll,ybucvaf"
    "SpywareTerminator"="\"C:\\PROGRA~1\\SPYWAR~1\\SpywareTerminatorShield.exe\""
    "InfoData"="rundll32.exe \"C:\\WINDOWS\\system32\\kdbjqyqs.dll\",realset"
    "FlashGet"="\"C:\\Program Files\\FlashGet\\FlashGet.exe\" /min"
    "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
    "Power2GoExpress"=""
    "PowerBar"=""
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo"=dword:00000000
    "NoResolveSearch"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winubg32

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages REG_MULTI_SZ msv1_0\0\0
    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
    Notification Packages REG_MULTI_SZ scecli\0\0


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Activate Scanner]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ACTIVATE"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Email Protection]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="emlproxy"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\IQONWA~1\\emlproxy.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SCANMSG"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\IQONWA~1\\SCANMSG.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\On-Line Protection]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="CATEYE"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\IQONWA~1\\CATEYE.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Scan]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="sensor"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\IQONWA~1\\sensor.exe /loadrun"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Scheduler]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="UPSCHD"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\IQONWA~1\\UPSCHD.EXE /CHECK"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    ********************************************************************

    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-05-02 14:12:43
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    PowerBar = ????????????|?@?|?@?D??????w???????????????w|?@?|?@????? ???????????g??w???w???????w???wx??????????w???????? ??????????????|x???0???????????? jt???w????????????????????????>???????|?@?|?@????????w??????@?????|?@?H?@?|?@?3??s????????????????????H?@?_??sH?@?H?@

    scanning hidden files ...



    2 Mai 2007 21:42:33

    Bonsoir,

    Le scan SDFix n'est pas complet :( 

    Ensuite peux tu STP refaire un nouveau scan VundoFix.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS