Votre question

Infection Memscan et adware.virtumonde

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
15 Mars 2007 19:52:00

Bonjour,
J'ai une grosse infection de trojan et autre, je n'arrive pas à m'en défaire. Est-ce que quelqu'un peut m'aider?

voici le rapport de HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 19:30:49, on 15/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\FTRTSVC.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\PROGRA~1\SOFTWIN\BITDEF~1\bdswitch.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\SOFTWIN\BITDEF~1\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
D:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\WANADOO\ComComp.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
c:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.incredimail.com/french
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {21B95237-3A9A-45CB-940F-1BD8DFA37F0c} - C:\WINDOWS\system32\opeccdbd.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B41F1182-2C05-4CCF-8008-E1311CF2E5A1} - C:\WINDOWS\system32\awtqn.dll (file missing)
O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\rqrssro.dll (file missing)
O2 - BHO: IE DevToolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: &Accessibility Toolbar - {11352A67-0178-46B1-8855-D50B2F81C054} - C:\PROGRA~1\WAT_FR1\ACCESS~1.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Install5G] E:\Install.exe plug_ethernet
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\xwfcfhwd.dll",setvm
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\SOFTWIN\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z Toolbar.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {10B80391-96A7-11D3-B7A6-00A0C94C6AE0} (ParallelGraphics Cortona Java Support) - http://www.parallelgraphics.com/bin/cortjava.cab
O16 - DPF: {10B80396-96A7-11D3-B7A6-00A0C94C6AE0} (ParallelGraphics Cortona VRML 1.0 to VRML 2.0 convertor) - http://www.parallelgraphics.com/bin/cortvrml10.cab
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader....
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4440221E-9A4D-432A-B970-D4202B3C0651}: NameServer = 80.118.196.40
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awtqn - C:\WINDOWS\system32\awtqn.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: rqrssro - rqrssro.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Autres pages sur : infection memscan adware virtumonde

15 Mars 2007 19:56:21

Bonsoir,

Tu es bien infecté !! On commence :) 

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    15 Mars 2007 21:32:17

    D'abord merci de ta réactivité!


    Alors voici le rapport de vundo:

    VundoFix V6.3.15

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Scan started at 23:28:00 13/03/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\awtqn.dll
    C:\WINDOWS\system32\nqtwa.bak1
    C:\WINDOWS\system32\nqtwa.bak2
    C:\WINDOWS\system32\nqtwa.ini
    C:\WINDOWS\system32\nqtwa.ini2
    C:\WINDOWS\system32\nqtwa.tmp
    C:\WINDOWS\system32\rqrssro.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\nqtwa.bak1
    C:\WINDOWS\system32\nqtwa.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nqtwa.bak2
    C:\WINDOWS\system32\nqtwa.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nqtwa.ini
    C:\WINDOWS\system32\nqtwa.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nqtwa.ini2
    C:\WINDOWS\system32\nqtwa.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nqtwa.tmp
    C:\WINDOWS\system32\nqtwa.tmp Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.15

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Scan started at 20:18:17 15/03/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\awtqn.dll
    C:\WINDOWS\system32\nqtwa.bak1
    C:\WINDOWS\system32\nqtwa.ini
    C:\WINDOWS\system32\rqrssro.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\nqtwa.bak1
    C:\WINDOWS\system32\nqtwa.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nqtwa.ini
    C:\WINDOWS\system32\nqtwa.ini Has been deleted!

    Performing Repairs to the registry.
    Done!


    et voici celui de Hijackthis:
    Logfile of HijackThis v1.99.1
    Scan saved at 21:30:40, on 15/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    D:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Acer\eRecovery\Monitor.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Softwin\BitDefender9\vsserv.exe
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\acer\epm\epm-dm.exe
    C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    C:\progra~1\softwin\bitdef~1\bdswitch.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\WANADOO\TaskBarIcon.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\SOFTWIN\BITDEF~1\bdmcon.exe
    C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
    C:\progra~1\softwin\bitdef~1\bdnagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    D:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    D:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.incredimail.com/french
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {21B95237-3A9A-45CB-940F-1BD8DFA37F0c} - C:\WINDOWS\system32\opeccdbd.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {AFAD932E-0B47-4960-BC6A-2DE699CC19D1} - C:\WINDOWS\system32\awtqn.dll (file missing)
    O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\rqrssro.dll (file missing)
    O2 - BHO: IE DevToolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
    O3 - Toolbar: &Accessibility Toolbar - {11352A67-0178-46B1-8855-D50B2F81C054} - C:\PROGRA~1\WAT_FR1\ACCESS~1.DLL
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\SOFTWIN\BITDEF~1\bdswitch.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [Install5G] E:\Install.exe plug_ethernet
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\xwfcfhwd.dll",setvm
    O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\SOFTWIN\BITDEF~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
    O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\SOFTWIN\BITDEF~1\bdnagent.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Stardock ObjectDock.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    O4 - Startup: Y'z Toolbar.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {10B80391-96A7-11D3-B7A6-00A0C94C6AE0} (ParallelGraphics Cortona Java Support) - http://www.parallelgraphics.com/bin/cortjava.cab
    O16 - DPF: {10B80396-96A7-11D3-B7A6-00A0C94C6AE0} (ParallelGraphics Cortona VRML 1.0 to VRML 2.0 convertor) - http://www.parallelgraphics.com/bin/cortvrml10.cab
    O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader....
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4440221E-9A4D-432A-B970-D4202B3C0651}: NameServer = 80.118.196.40
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: awtqn - C:\WINDOWS\system32\awtqn.dll (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: rqrssro - rqrssro.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - D:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

    Contenus similaires
    Pas de réponse à votre question ? Demandez !
    15 Mars 2007 22:21:12

    J'avais bien essayé d'enlever ces trojans et companie avec adaware, spyboth & destroy mais ca ne supprime pas tout, et ils reviennent de suite.
    C'est énervant!

    16 Mars 2007 18:28:47

    Bob où es tu? tu m'as laissé en plan et personne me répond
    a b 8 Sécurité
    16 Mars 2007 18:30:29

    Bonjour,

    Télécharge Clean.zip (de Malekal),
    Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
    Ouvre le dossier clean, double-clique sur clean.cmd.
    Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.

    &

  • Télécharge combofix.exe (par sUBs) sur ton Bureau
  • Double clique combofix.exe.
  • Tape sur la touche Y (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    16 Mars 2007 21:48:55

    Désolé du retard!
    voici le rapport de clean:
    Rapport clean par Malekal_morte - http://www.malekal.com
    Option 1, executee le 16/03/2007 a 21:05:30,25

    *** Recherche de fichiers sur C:
    C:\unwise.exe FOUND

    *** Recherche des fichiers dans C:\WINDOWS\

    *** Recherche des fichiers dans C:\WINDOWS\system32
    C:\WINDOWS\system32\bdod.bin FOUND
    C:\WINDOWS\system32\mcrh.tmp FOUND
    C:\WINDOWS\system32\SpoonUninstall.exe FOUND

    "C:\Program Files\VSAdd-in\" FOUND
    *** Fin du rapport !



    et voici celui de combofix:
    "Laure" - 07-03-16 21:09:56 Service Pack 2
    ComboFix 07-03-15.2 - Running from: "C:\Program Files\Mozilla Firefox"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\INSTALL.LOG
    C:\WINDOWS\system32\nvs2.inf
    C:\INSTALL.LOG
    C:\WINDOWS\system32\drivers\npf.sys
    C:\Program Files\VSAdd-in
    C:\WINDOWS\system32\nvs2.inf
    C:\WINDOWS\system32\nvs2.inf
    C:\WINDOWS\system32\srbmqluink_navps.dat . . . . failed to delete
    C:\WINDOWS\system32\srbmqluink.exe . . . . failed to delete
    C:\WINDOWS\system32\srbmqluink.dat . . . . failed to delete
    C:\WINDOWS\system32\srbmqluink_nav.dat . . . . failed to delete


    ((((((((((((((((((((((((((((((( Files Created from 2007-02-16 to 2007-03-16 ))))))))))))))))))))))))))))))))))


    2007-03-15 21:40 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
    2007-03-14 19:39 4,497 --a------ C:\WINDOWS\system32\srbmqluink.dat
    2007-03-14 19:39 314,368 --a------ C:\WINDOWS\system32\srbmqluink.exe
    2007-03-14 19:39 218,653 --a------ C:\WINDOWS\system32\srbmqluink_nav.dat
    2007-03-14 19:39 1,118 --a------ C:\WINDOWS\system32\srbmqluink_navps.dat
    2007-03-13 23:27 <REP> d-------- C:\VundoFix Backups
    2007-03-13 23:14 218,112 --a------ C:\scanner.exe
    2007-03-13 20:06 <REP> d-------- C:\Program Files\Yahoo!
    2007-03-13 20:04 <REP> d-------- C:\Program Files\CCleaner
    2007-03-11 23:36 131,604 --a------ C:\WINDOWS\system32\pulhwdvv.dll
    2007-03-11 23:07 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-03-11 21:15 131,604 --a------ C:\WINDOWS\system32\qcvertlx.dll
    2007-03-11 19:48 131,604 --a------ C:\WINDOWS\system32\cgopkhdj.dll
    2007-03-11 19:43 131,604 --a------ C:\WINDOWS\system32\effirauv.dll
    2007-03-11 19:07 44,544 --------- C:\WINDOWS\AWuninstall.exe
    2007-03-11 17:58 131,604 --a------ C:\WINDOWS\system32\ftkumdru.dll
    2007-03-10 13:05 131,604 --a------ C:\WINDOWS\system32\ekfnbxms.dll
    2007-03-09 19:18 131,604 --a------ C:\WINDOWS\system32\coicupvv.dll
    2007-03-05 19:45 <REP> d-------- C:\DOCUME~1\Laure\Heroes.S01E18.HDTV.XviD-LOL
    2007-03-03 12:10 <REP> d-------- C:\DOCUME~1\Laure\O&O Products AIO (9 in 1)
    2007-03-02 19:30 282,164 C:\WINDOWS\system32\awtqn.dll
    2007-03-02 19:24 26,637 C:\WINDOWS\system32\rqrssro.dll
    2007-03-02 19:17 <REP> d-------- C:\Program Files\Cakewalk
    2007-03-02 19:15 <REP> d-------- C:\CAKE9
    2007-02-25 19:21 <REP> d-------- C:\Program Files\MultipleIEs
    2007-02-25 19:12 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2007-02-25 19:04 <REP> d-------- C:\WINDOWS\network diagnostic
    2007-02-20 19:55 <REP> d-------- C:\Program Files\Nero
    2007-02-20 19:55 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-03-16 21:39 81984 --a------ C:\WINDOWS\system32\bdod.bin
    2007-03-16 21:36 450897 ---hs---- C:\WINDOWS\system32\nqtwa.bak1
    2007-03-16 21:04 2709 --a------ C:\DOCUME~1\Laure\APPLIC~1\quickzip45.ini
    2007-03-16 20:31 32 --a------ C:\WINDOWS\system32\getfile.dat
    2007-03-13 21:20 73728 --a------ C:\WINDOWS\system32\sockspy.dll
    2007-03-13 21:19 77824 --a------ C:\WINDOWS\system32\xcomm.dll
    2007-02-13 21:02 68392 --a------ C:\DOCUME~1\Laure\APPLIC~1\gdipfontcachev1.dat
    2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
    2007-01-08 19:01 17408 --a------ C:\WINDOWS\system32\corpol.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "IncrediMail"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe /c"
    "LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
    "MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
    "WOOKIT"="C:\\PROGRA~1\\WANADOO\\Shell.exe appLaunchClientZone.shl|PARAM= cnx"
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "updateMgr"="c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMBgMonitor.exe\""
    "srbmqluink"="c:\\windows\\system32\\srbmqluink.exe srbmqluink"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "LaunchApp"="Alaunch"
    "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
    "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
    "Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe"
    "AzMixerSel"="C:\\Program Files\\Realtek\\InstallShield\\AzMixerSel.exe"
    "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
    "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
    "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
    "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
    "RTHDCPL"="RTHDCPL.EXE"
    "Alcmtr"="ALCMTR.EXE"
    "PCMService"="\"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe\""
    "EPM-DM"="c:\\acer\\epm\\epm-dm.exe"
    "ePowerManagement"="C:\\Acer\\ePM\\ePM.exe boot"
    "LManager"="C:\\PROGRA~1\\LAUNCH~1\\QtZgAcer.EXE"
    "eRecoveryService"="C:\\Program Files\\Acer\\eRecovery\\Monitor.exe"
    "BDSwitchAgent"="\"C:\\PROGRA~1\\SOFTWIN\\BITDEF~1\\bdswitch.exe\""
    "REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
    "InCD"="D:\\Program Files\\Ahead\\InCD\\InCD.exe"
    "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
    "LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
    "LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
    "NeroFilterCheck"="C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NeroCheck.exe"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "WOOWATCH"="C:\\PROGRA~1\\WANADOO\\Watch.exe"
    "WOOTASKBARICON"="C:\\PROGRA~1\\WANADOO\\GestMaj.exe TaskBarIcon.exe"
    "Install5G"="E:\\Install.exe plug_ethernet"
    "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
    "2chkdsk"="rundll32.exe \"C:\\WINDOWS\\system32\\xwfcfhwd.dll\",setvm"
    "BDMCon"="C:\\PROGRA~1\\SOFTWIN\\BITDEF~1\\bdmcon.exe"
    "BDOESRV"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdoesrv.exe\""
    "BDNewsAgent"="\"C:\\PROGRA~1\\SOFTWIN\\BITDEF~1\\bdnagent.exe\""
    "srbmqluink"="c:\\windows\\system32\\srbmqluink.exe srbmqluink"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{C47A9554-195A-4769-9B13-04F15B450A39}"=""

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqn
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrssro

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0



    ********************************************************************

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-03-16 21:46:16



    Merci
    a b 8 Sécurité
    16 Mars 2007 21:53:59

    Re,

    Il y a du Egdaccess en plus.

    Avant de commencer, lis la licence de Blacklight (F-Secure)
    En lisant ce document, tu as pris connaissance et accepté les conditions d'utilisation de ce programme inclus dans Navilog1.zip.

    Télécharge maintenant Navilog1.zip (Il Mafioso)
    Enregistre-le sur ton Bureau.
    Dézippe le contenu de l'archive en faisant un Clique droit sur Navilog1.zip puis en choisissant Tout Extraire.

    Double clique sur Navilog1.bat.
    Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
    ! N'utilise pas l'option 2, 3 et 4 sans notre accord !
    Patiente jusqu'à l'apparition de ce message :
    "*** Analyse Termine le ..... ***"
    Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

    -> Edition / Sélectionner tout
    -> Edition / Copier
    -> Clique-Droit / Coller dans ta réponse


    NOTE : Le rapport se trouve également ici : C:\fixnavi.txt
    16 Mars 2007 22:07:09

    voici le rapport:
    Search Navipromo version 1.0.7 commencé le 16/03/2007 à 22:01:26,14

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Poster ce rapport sur le forum pour le faire analyser !!!
    !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

    Fix lancé depuis C:\Documents and Settings\Laure\Bureau\navilog
    Mise a jour le 12.03.2007 a 18h00 by IL-MAFIOSO

    Executé en mode normal

    *** Recherche Programmes installes ***




    *** Recherche dossiers dans C:\WINDOWS ***




    *** Recherche dossiers dans C:\Program Files ***




    *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




    *** Recherche dossiers dans C:\Documents and Settings\Laure\Application Data ***



    *** Recherche avec BlackLight Engine/F-secure ***
    BlackLight Engine est un produit de F-secure, pour + d'infos :
    http://www.f-secure.com/blacklight/blacklight_help.html

    Fichier(s) caché(s) dans C:\WINDOWS\system32 :


    Processus caché(s) dans C:\WINDOWS\system32 :

    C:\windows\system32\srbmqluink.exe


    *** Recherche fichiers ***


    C:\WINDOWS\pack.epk trouvé !


    *** Recherche cles registre ***


    Recharche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]



    Recharche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]



    Recherche Clé Magic Control

    HKEY_CURRENT_USER\Software\Lanconfig trouvé !


    *** Module de recherche complémentaire ***
    (recherche fichiers spécifiques)

    1)Recherche fichiers connus:


    2)Recherche Heuristique :
    *
    C:\WINDOWS\system32\srbmqluink.dat trouvé !
    **
    C:\WINDOWS\system32\srbmqluink.dat trouvé !
    ***
    ****
    C:\WINDOWS\system32\srbmqluink_navps.dat trouvé !
    *****
    ******
    *******
    ********
    C:\WINDOWS\system32\srbmqluink.exe trouvé !


    *** Analyse Terminé le 16/03/2007 à 22:06:26,23 ***
    a b 8 Sécurité
    16 Mars 2007 22:11:42

    On attaque d'abord egaccess.

    Redémarre en mode sans échec

    Double clique sur Navilog1.bat.
    Suis les instructions. Choisis ensuite l'option 2 puis valide.
    Laisse toi guider et réponds aux questions éventuelles.

    Ton bureau va disparaître, c'est normal !

    Patiente jusqu'à l'apparition de ce message :
    "*** Nettoyage Termine le ..... ***"

    Appuie sur une touche comme demandé, le Bloc-notes va s'ouvrir.
    Sauvegarde le rapport de manière à le retrouver en mode normal.
    Referme le Bloc-notes. Ton bureau va maintenant réapparaître.
    Redémarre normalement puis poste le rapport sauvegardé auparavant (C:\cleannavi.txt)
    Ainsi qu'un nouveau rapport Hijackthis.

    Ferme Internet Explorer puis Démarrer/Panneau de Configuration/Options Internet.
    Choisis l'onglet Contenu puis onglet Certificats.
    Si tu trouves les programmes suivant (en particulier dans Editeurs approuvés), supprime-les :
    electronic-group
    egroup
    Montorgueil
    VIP
    "Sunny Day Design Ltd"
    16 Mars 2007 22:53:46

    Voilà j'ai fait ce que tu m'as dit.
    J'ai supprimé electronic group dans les éditeurs approuvés, il n'y avait que celui là.

    et voici le rapport de navilog:
    Clean Navipromo version 1.0.7 commencé le 16/03/2007 à 22:38:42,51

    Fix lancé depuis C:\Documents and Settings\Laure\Bureau\navilog
    Mise a jour le 12.03.2007 a 18h00 by IL-MAFIOSO

    Executé en mode sans echec

    Mode suppression automatique avec prise en charge résultats Blacklight


    ** 2ème passage **

    C:\WINDOWS\system32\srbmqluink_navup.dat absent !
    C:\WINDOWS\system32\srbmqluink_navtmp.dat absent !
    C:\WINDOWS\system32\srbmqluink_m2s.xml absent !


    C:\WINDOWS\system32\srbmqluink.dat trouvé !
    Copie C:\WINDOWS\system32\srbmqluink.dat réalisé avec succès !
    C:\WINDOWS\system32\srbmqluink.dat supprimé !

    C:\WINDOWS\system32\srbmqluink_nav.dat trouvé !
    Copie C:\WINDOWS\system32\srbmqluink_nav.dat réalisé avec succès !
    C:\WINDOWS\system32\srbmqluink_nav.dat supprimé !

    C:\WINDOWS\system32\srbmqluink_navps.dat trouvé !
    Copie C:\WINDOWS\system32\srbmqluink_navps.dat réalisé avec succès !
    C:\WINDOWS\system32\srbmqluink_navps.dat supprimé !

    C:\WINDOWS\prefetch\srbmqluink*.pf trouvé !
    Copie C:\WINDOWS\prefetch\srbmqluink*.pf réalisé avec succès !
    C:\WINDOWS\prefetch\srbmqluink*.pf supprimé !

    C:\WINDOWS\system32\srbmqluink.exe trouvé !
    Copie C:\WINDOWS\system32\srbmqluink.exe réalisé avec succès !
    C:\WINDOWS\system32\srbmqluink.exe supprimé !

    *** Suppression dossiers dans C:\WINDOWS ***


    *** Suppression dossiers dans C:\Program Files ***


    *** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***


    *** Suppression dossiers dans C:\Documents and Settings\Laure\Application Data ***



    *** Suppression fichiers ***

    C:\WINDOWS\pack.epk supprimé !

    *** Suppression fichiers temporaires ***

    Nettoyage contenu C:\WINDOWS\Temp effectué !
    Nettoyage contenu C:\Documents and Settings\Laure\Local Settings\Temp effectué !


    *** Sauvegarde du registre vers dossier Backupnavi***


    sauvegarde du registre réalisée avec succès !


    *** Nettoyage registre ***


    Nettoyage registre Ok

    *** Traitement Recherche complémentaire ***

    1)Recherche fichiers connus:


    2)Recherche et Suppression Heuristique :

    *
    **
    ***
    ****
    *****
    ******
    *******
    ********

    *** Nettoyage termine le 16/03/2007 à 22:41:25,93 ***



    et celui de hijackthis:
    Logfile of HijackThis v1.99.1
    Scan saved at 22:51:15, on 16/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    D:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Acer\eRecovery\Monitor.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\acer\epm\epm-dm.exe
    C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    C:\Program Files\Softwin\BitDefender9\vsserv.exe
    C:\PROGRA~1\SOFTWIN\BITDEF~1\bdswitch.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    D:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\WANADOO\TaskBarIcon.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\SOFTWIN\BITDEF~1\bdmcon.exe
    C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
    C:\PROGRA~1\SOFTWIN\BITDEF~1\bdnagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    D:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    D:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\scanner.exe
    C:\Program Files\Mozilla Firefox\firefox.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.incredimail.com/french
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {021FA03F-D76B-4687-93CF-35499CB39C31} - C:\WINDOWS\system32\awtqn.dll (file missing)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {21B95237-3A9A-45CB-940F-1BD8DFA37F0c} - C:\WINDOWS\system32\opeccdbd.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\rqrssro.dll (file missing)
    O2 - BHO: IE DevToolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
    O3 - Toolbar: &Accessibility Toolbar - {11352A67-0178-46B1-8855-D50B2F81C054} - C:\PROGRA~1\WAT_FR1\ACCESS~1.DLL
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\SOFTWIN\BITDEF~1\bdswitch.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [Install5G] E:\Install.exe plug_ethernet
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\xwfcfhwd.dll",setvm
    O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\SOFTWIN\BITDEF~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
    O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\SOFTWIN\BITDEF~1\bdnagent.exe"
    O4 - HKLM\..\Run: [srbmqluink] c:\windows\system32\srbmqluink.exe srbmqluink
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [srbmqluink] c:\windows\system32\srbmqluink.exe srbmqluink
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Stardock ObjectDock.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    O4 - Startup: Y'z Toolbar.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {10B80391-96A7-11D3-B7A6-00A0C94C6AE0} (ParallelGraphics Cortona Java Support) - http://www.parallelgraphics.com/bin/cortjava.cab
    O16 - DPF: {10B80396-96A7-11D3-B7A6-00A0C94C6AE0} (ParallelGraphics Cortona VRML 1.0 to VRML 2.0 convertor) - http://www.parallelgraphics.com/bin/cortvrml10.cab
    O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader....
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4440221E-9A4D-432A-B970-D4202B3C0651}: NameServer = 80.118.196.40
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: awtqn - C:\WINDOWS\system32\awtqn.dll (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: rqrssro - rqrssro.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - D:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

    a b 8 Sécurité
    17 Mars 2007 13:00:43

    Reposte un rapport Combofix maintenant.
    17 Mars 2007 13:30:06

    voilà le rapport combofix:

    "Laure" - 07-03-17 13:16:03 Service Pack 2
    ComboFix 07-03-15.2 - Running from: "C:\Documents and Settings\Laure\Bureau"

    ((((((((((((((((((((((((((((((( Files Created from 2007-02-17 to 2007-03-17 ))))))))))))))))))))))))))))))))))


    2007-03-16 21:36 450,897 ---hs---- C:\WINDOWS\system32\nqtwa.bak1
    2007-03-15 21:40 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
    2007-03-13 23:27 <REP> d-------- C:\VundoFix Backups
    2007-03-13 23:14 218,112 --a------ C:\scanner.exe
    2007-03-13 20:06 <REP> d-------- C:\Program Files\Yahoo!
    2007-03-13 20:04 <REP> d-------- C:\Program Files\CCleaner
    2007-03-11 23:36 131,604 --a------ C:\WINDOWS\system32\pulhwdvv.dll
    2007-03-11 23:07 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-03-11 21:15 131,604 --a------ C:\WINDOWS\system32\qcvertlx.dll
    2007-03-11 19:48 131,604 --a------ C:\WINDOWS\system32\cgopkhdj.dll
    2007-03-11 19:43 131,604 --a------ C:\WINDOWS\system32\effirauv.dll
    2007-03-11 19:07 44,544 --------- C:\WINDOWS\AWuninstall.exe
    2007-03-11 17:58 131,604 --a------ C:\WINDOWS\system32\ftkumdru.dll
    2007-03-10 13:05 131,604 --a------ C:\WINDOWS\system32\ekfnbxms.dll
    2007-03-09 19:18 131,604 --a------ C:\WINDOWS\system32\coicupvv.dll
    2007-03-05 19:45 <REP> d-------- C:\DOCUME~1\Laure\Heroes.S01E18.HDTV.XviD-LOL
    2007-03-03 12:10 <REP> d-------- C:\DOCUME~1\Laure\O&O Products AIO (9 in 1)
    2007-03-02 19:30 282,164 C:\WINDOWS\system32\awtqn.dll
    2007-03-02 19:24 26,637 C:\WINDOWS\system32\rqrssro.dll
    2007-03-02 19:17 <REP> d-------- C:\Program Files\Cakewalk
    2007-03-02 19:15 <REP> d-------- C:\CAKE9
    2007-02-25 19:21 <REP> d-------- C:\Program Files\MultipleIEs
    2007-02-25 19:12 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2007-02-25 19:04 <REP> d-------- C:\WINDOWS\network diagnostic
    2007-02-20 19:55 <REP> d-------- C:\Program Files\Nero
    2007-02-20 19:55 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-03-17 13:23 81984 --a------ C:\WINDOWS\system32\bdod.bin
    2007-03-17 12:52 32 --a------ C:\WINDOWS\system32\getfile.dat
    2007-03-16 21:58 2770 --a------ C:\DOCUME~1\Laure\APPLIC~1\quickzip45.ini
    2007-03-13 21:20 73728 --a------ C:\WINDOWS\system32\sockspy.dll
    2007-03-13 21:19 77824 --a------ C:\WINDOWS\system32\xcomm.dll
    2007-02-13 21:02 68392 --a------ C:\DOCUME~1\Laure\APPLIC~1\gdipfontcachev1.dat
    2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
    2007-01-08 19:01 17408 --a------ C:\WINDOWS\system32\corpol.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "IncrediMail"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe /c"
    "LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
    "MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
    "WOOKIT"="C:\\PROGRA~1\\WANADOO\\Shell.exe appLaunchClientZone.shl|PARAM= cnx"
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "updateMgr"="c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMBgMonitor.exe\""
    "srbmqluink"="c:\\windows\\system32\\srbmqluink.exe srbmqluink"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "LaunchApp"="Alaunch"
    "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
    "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
    "Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe"
    "AzMixerSel"="C:\\Program Files\\Realtek\\InstallShield\\AzMixerSel.exe"
    "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
    "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
    "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
    "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
    "RTHDCPL"="RTHDCPL.EXE"
    "Alcmtr"="ALCMTR.EXE"
    "PCMService"="\"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe\""
    "EPM-DM"="c:\\acer\\epm\\epm-dm.exe"
    "ePowerManagement"="C:\\Acer\\ePM\\ePM.exe boot"
    "LManager"="C:\\PROGRA~1\\LAUNCH~1\\QtZgAcer.EXE"
    "eRecoveryService"="C:\\Program Files\\Acer\\eRecovery\\Monitor.exe"
    "BDSwitchAgent"="\"c:\\progra~1\\softwin\\bitdef~1\\bdswitch.exe\""
    "REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
    "InCD"="D:\\Program Files\\Ahead\\InCD\\InCD.exe"
    "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
    "LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
    "LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
    "NeroFilterCheck"="C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NeroCheck.exe"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "WOOWATCH"="C:\\PROGRA~1\\WANADOO\\Watch.exe"
    "WOOTASKBARICON"="C:\\PROGRA~1\\WANADOO\\GestMaj.exe TaskBarIcon.exe"
    "Install5G"="E:\\Install.exe plug_ethernet"
    "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
    "2chkdsk"="rundll32.exe \"C:\\WINDOWS\\system32\\xwfcfhwd.dll\",setvm"
    "BDMCon"="C:\\PROGRA~1\\SOFTWIN\\BITDEF~1\\bdmcon.exe"
    "BDOESRV"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdoesrv.exe\""
    "BDNewsAgent"="\"c:\\progra~1\\softwin\\bitdef~1\\bdnagent.exe\""
    "srbmqluink"="c:\\windows\\system32\\srbmqluink.exe srbmqluink"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"="sockspy.dll"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{C47A9554-195A-4769-9B13-04F15B450A39}"=""

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqn
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrssro

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0

    *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_INT15.SYS


    ********************************************************************

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-03-17 13:28:12
    C:\ComboFix2.txt ... 07-03-16 21:46
    a b 8 Sécurité
    17 Mars 2007 13:43:37

    Re,

    Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
    Double-clique sur OTMoveIt.exe afin de le lancer.
    Sélectionne TOUS les emplacements ci-dessous :

    C:\WINDOWS\system32\pulhwdvv.dll
    C:\WINDOWS\system32\qcvertlx.dll
    C:\WINDOWS\system32\cgopkhdj.dll
    C:\WINDOWS\system32\effirauv.dll
    C:\WINDOWS\system32\ftkumdru.dll
    C:\WINDOWS\system32\ekfnbxms.dll
    C:\WINDOWS\system32\coicupvv.dll
    C:\WINDOWS\system32\rqrssro.dll


    ---> Clique-droit puis Copier

    Retourne sur OTMoveIt, fais un Clique-droit sur le cadre de gauche puis choisis Coller.
    Clique maintenant sur [#ff0000]MoveIt![/#f]

    !! Si un fichier ou dossier ne peut être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport est la date de sa création.

    Clique sur le menu Démarrer puis executer et copie/colle ceci :
    "%userprofile%\Bureau\combofix.exe" /v awtqn
    puis clic sur OK.

    Suis les invites.

    Ne touche a rien et attends que combofix ait terminé, un rapport sera créé. Poste le rapport.


    17 Mars 2007 14:29:41

    voici le rapport de moveit:
    C:\WINDOWS\system32\pulhwdvv.dll unregistered successfully.
    C:\WINDOWS\system32\pulhwdvv.dll moved successfully.
    C:\WINDOWS\system32\qcvertlx.dll unregistered successfully.
    C:\WINDOWS\system32\qcvertlx.dll moved successfully.
    C:\WINDOWS\system32\cgopkhdj.dll unregistered successfully.
    C:\WINDOWS\system32\cgopkhdj.dll moved successfully.
    C:\WINDOWS\system32\effirauv.dll unregistered successfully.
    C:\WINDOWS\system32\effirauv.dll moved successfully.
    C:\WINDOWS\system32\ftkumdru.dll unregistered successfully.
    C:\WINDOWS\system32\ftkumdru.dll moved successfully.
    C:\WINDOWS\system32\ekfnbxms.dll unregistered successfully.
    C:\WINDOWS\system32\ekfnbxms.dll moved successfully.
    C:\WINDOWS\system32\coicupvv.dll unregistered successfully.
    C:\WINDOWS\system32\coicupvv.dll moved successfully.
    LoadLibrary failed for C:\WINDOWS\system32\rqrssro.dll
    C:\WINDOWS\system32\rqrssro.dll NOT unregistered.
    File move failed. C:\WINDOWS\system32\rqrssro.dll scheduled to be moved on reboot.

    Created on 03/17/2007 13:50:50


    voici le rapport de combofix:
    "Laure" - 07-03-17 14:05:39 Service Pack 2
    ComboFix 07-03-15.2 - Running from: "C:\Documents and Settings\Laure\Bureau"
    Command switches used :: /v awtqn

    (((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\awtqn.dll
    C:\WINDOWS\system32\nqtwa.ini
    C:\WINDOWS\system32\nqtwa.bak1


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    "C:\WINDOWS\system32\awtqn.dll"

    ((((((((((((((((((((((((((((((( Files Created from 2007-02-17 to 2007-03-17 ))))))))))))))))))))))))))))))))))


    2007-03-15 21:40 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
    2007-03-13 23:27 <REP> d-------- C:\VundoFix Backups
    2007-03-13 23:14 218,112 --a------ C:\scanner.exe
    2007-03-13 20:06 <REP> d-------- C:\Program Files\Yahoo!
    2007-03-13 20:04 <REP> d-------- C:\Program Files\CCleaner
    2007-03-11 23:07 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-03-11 19:07 44,544 --------- C:\WINDOWS\AWuninstall.exe
    2007-03-05 19:45 <REP> d-------- C:\DOCUME~1\Laure\Heroes.S01E18.HDTV.XviD-LOL
    2007-03-03 12:10 <REP> d-------- C:\DOCUME~1\Laure\O&O Products AIO (9 in 1)
    2007-03-02 19:30 282,164 C:\WINDOWS\system32\awtqn.dll
    2007-03-02 19:24 26,637 C:\WINDOWS\system32\rqrssro.dll
    2007-03-02 19:17 <REP> d-------- C:\Program Files\Cakewalk
    2007-03-02 19:15 <REP> d-------- C:\CAKE9
    2007-02-25 19:21 <REP> d-------- C:\Program Files\MultipleIEs
    2007-02-25 19:12 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2007-02-25 19:04 <REP> d-------- C:\WINDOWS\network diagnostic
    2007-02-20 19:55 <REP> d-------- C:\Program Files\Nero
    2007-02-20 19:55 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-03-17 14:21 81984 --a------ C:\WINDOWS\system32\bdod.bin
    2007-03-17 14:01 32 --a------ C:\WINDOWS\system32\getfile.dat
    2007-03-16 21:58 2770 --a------ C:\DOCUME~1\Laure\APPLIC~1\quickzip45.ini
    2007-03-13 21:20 73728 --a------ C:\WINDOWS\system32\sockspy.dll
    2007-03-13 21:19 77824 --a------ C:\WINDOWS\system32\xcomm.dll
    2007-02-13 21:02 68392 --a------ C:\DOCUME~1\Laure\APPLIC~1\gdipfontcachev1.dat
    2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
    2007-01-08 19:01 17408 --a------ C:\WINDOWS\system32\corpol.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "IncrediMail"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe /c"
    "LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
    "MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
    "WOOKIT"="C:\\PROGRA~1\\WANADOO\\Shell.exe appLaunchClientZone.shl|PARAM= cnx"
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "updateMgr"="c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMBgMonitor.exe\""
    "srbmqluink"="c:\\windows\\system32\\srbmqluink.exe srbmqluink"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "LaunchApp"="Alaunch"
    "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
    "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
    "Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe"
    "AzMixerSel"="C:\\Program Files\\Realtek\\InstallShield\\AzMixerSel.exe"
    "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
    "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
    "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
    "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
    "RTHDCPL"="RTHDCPL.EXE"
    "Alcmtr"="ALCMTR.EXE"
    "PCMService"="\"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe\""
    "EPM-DM"="c:\\acer\\epm\\epm-dm.exe"
    "ePowerManagement"="C:\\Acer\\ePM\\ePM.exe boot"
    "LManager"="C:\\PROGRA~1\\LAUNCH~1\\QtZgAcer.EXE"
    "eRecoveryService"="C:\\Program Files\\Acer\\eRecovery\\Monitor.exe"
    "BDSwitchAgent"="\"C:\\PROGRA~1\\SOFTWIN\\BITDEF~1\\bdswitch.exe\""
    "REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
    "InCD"="D:\\Program Files\\Ahead\\InCD\\InCD.exe"
    "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
    "LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
    "LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
    "NeroFilterCheck"="C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NeroCheck.exe"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "WOOWATCH"="C:\\PROGRA~1\\WANADOO\\Watch.exe"
    "WOOTASKBARICON"="C:\\PROGRA~1\\WANADOO\\GestMaj.exe TaskBarIcon.exe"
    "Install5G"="E:\\Install.exe plug_ethernet"
    "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
    "2chkdsk"="rundll32.exe \"C:\\WINDOWS\\system32\\xwfcfhwd.dll\",setvm"
    "BDMCon"="C:\\PROGRA~1\\SOFTWIN\\BITDEF~1\\bdmcon.exe"
    "BDOESRV"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdoesrv.exe\""
    "BDNewsAgent"="\"C:\\PROGRA~1\\SOFTWIN\\BITDEF~1\\bdnagent.exe\""
    "srbmqluink"="c:\\windows\\system32\\srbmqluink.exe srbmqluink"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"="sockspy.dll"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{C47A9554-195A-4769-9B13-04F15B450A39}"=""

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrssro

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0



    ********************************************************************

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-03-17 14:25:13
    C:\ComboFix3.txt ... 07-03-16 21:46
    C:\ComboFix2.txt ... 07-03-17 13:28
    a b 8 Sécurité
    17 Mars 2007 14:30:44

    Tu peux reposter un rapport Hijackthis ?
    17 Mars 2007 14:34:17

    voilà:
    Logfile of HijackThis v1.99.1
    Scan saved at 14:33:53, on 17/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    D:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender9\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\acer\epm\epm-dm.exe
    C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    C:\Program Files\Acer\eRecovery\Monitor.exe
    C:\progra~1\softwin\bitdef~1\bdswitch.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    D:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\WANADOO\TaskBarIcon.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\SOFTWIN\BITDEF~1\bdmcon.exe
    C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
    C:\progra~1\softwin\bitdef~1\bdnagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    D:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    D:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.incredimail.com/french
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {21B95237-3A9A-45CB-940F-1BD8DFA37F0c} - C:\WINDOWS\system32\coicupvv.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\rqrssro.dll (file missing)
    O2 - BHO: IE DevToolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
    O3 - Toolbar: &Accessibility Toolbar - {11352A67-0178-46B1-8855-D50B2F81C054} - C:\PROGRA~1\WAT_FR1\ACCESS~1.DLL
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\SOFTWIN\BITDEF~1\bdswitch.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [Install5G] E:\Install.exe plug_ethernet
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\xwfcfhwd.dll",setvm
    O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\SOFTWIN\BITDEF~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
    O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\SOFTWIN\BITDEF~1\bdnagent.exe"
    O4 - HKLM\..\Run: [srbmqluink] c:\windows\system32\srbmqluink.exe srbmqluink
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [srbmqluink] c:\windows\system32\srbmqluink.exe srbmqluink
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Stardock ObjectDock.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    O4 - Startup: Y'z Toolbar.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {10B80391-96A7-11D3-B7A6-00A0C94C6AE0} (ParallelGraphics Cortona Java Support) - http://www.parallelgraphics.com/bin/cortjava.cab
    O16 - DPF: {10B80396-96A7-11D3-B7A6-00A0C94C6AE0} (ParallelGraphics Cortona VRML 1.0 to VRML 2.0 convertor) - http://www.parallelgraphics.com/bin/cortvrml10.cab
    O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader....
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4440221E-9A4D-432A-B970-D4202B3C0651}: NameServer = 80.118.196.40
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: rqrssro - rqrssro.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - D:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

    a b 8 Sécurité
    17 Mars 2007 14:38:21

    Re,

    - Lance Hijackthis ->Do a system scan only
    ->Coche les lignes ci-dessous :

    O2 - BHO: (no name) - {21B95237-3A9A-45CB-940F-1BD8DFA37F0c} - C:\WINDOWS\system32\coicupvv.dll (file missing)
    O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\rqrssro.dll (file missing)
    O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\xwfcfhwd.dll",setvm
    O4 - HKLM\..\Run: [srbmqluink] c:\windows\system32\srbmqluink.exe srbmqluink
    O4 - HKCU\..\Run: [srbmqluink] c:\windows\system32\srbmqluink.exe srbmqluink

    Clique sur Fix checked (en bas à gauche)

    Double-clique sur OTMoveIt.exe afin de le lancer.
    Sélectionne TOUS les emplacements ci-dessous :

    C:\WINDOWS\system32\xwfcfhwd.dll
    C:\WINDOWS\system32\awtqn.dll
    C:\WINDOWS\system32\rqrssro.dll


    ---> Clique-droit puis Copier

    Retourne sur OTMoveIt, fais un Clique-droit sur le cadre de gauche puis choisis Coller.
    Clique maintenant sur [#ff0000]MoveIt![/#f]

    !! Si un fichier ou dossier ne peut être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport est la date de sa création.
    17 Mars 2007 14:55:47

    voilà le rapport de moveit:
    File/Folder C:\WINDOWS\system32\xwfcfhwd.dll not found.
    LoadLibrary failed for C:\WINDOWS\system32\awtqn.dll
    C:\WINDOWS\system32\awtqn.dll NOT unregistered.
    File move failed. C:\WINDOWS\system32\awtqn.dll scheduled to be moved on reboot.
    LoadLibrary failed for C:\WINDOWS\system32\rqrssro.dll
    C:\WINDOWS\system32\rqrssro.dll NOT unregistered.
    File move failed. C:\WINDOWS\system32\rqrssro.dll scheduled to be moved on reboot.

    Created on 03/17/2007 14:45:19
    a b 8 Sécurité
    17 Mars 2007 14:57:28

    Reposte un rapport Hijackthis.
    17 Mars 2007 15:00:33

    voilà:
    Logfile of HijackThis v1.99.1
    Scan saved at 15:00:13, on 17/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    D:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender9\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\Program Files\Acer\eRecovery\Monitor.exe
    C:\acer\epm\epm-dm.exe
    C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    C:\PROGRA~1\SOFTWIN\BITDEF~1\bdswitch.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    D:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\SOFTWIN\BITDEF~1\bdmcon.exe
    C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
    C:\PROGRA~1\SOFTWIN\BITDEF~1\bdnagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\WANADOO\TaskBarIcon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    D:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    D:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.incredimail.com/french
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\rqrssro.dll (file missing)
    O2 - BHO: IE DevToolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
    O3 - Toolbar: &Accessibility Toolbar - {11352A67-0178-46B1-8855-D50B2F81C054} - C:\PROGRA~1\WAT_FR1\ACCESS~1.DLL
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\SOFTWIN\BITDEF~1\bdswitch.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [Install5G] E:\Install.exe plug_ethernet
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\SOFTWIN\BITDEF~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
    O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\SOFTWIN\BITDEF~1\bdnagent.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Stardock ObjectDock.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    O4 - Startup: Y'z Toolbar.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {10B80391-96A7-11D3-B7A6-00A0C94C6AE0} (ParallelGraphics Cortona Java Support) - http://www.parallelgraphics.com/bin/cortjava.cab
    O16 - DPF: {10B80396-96A7-11D3-B7A6-00A0C94C6AE0} (ParallelGraphics Cortona VRML 1.0 to VRML 2.0 convertor) - http://www.parallelgraphics.com/bin/cortvrml10.cab
    O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader....
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4440221E-9A4D-432A-B970-D4202B3C0651}: NameServer = 80.118.196.40
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: rqrssro - rqrssro.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - D:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

    a b 8 Sécurité
    17 Mars 2007 15:02:30

    Tu peux reposter un rapport Combofix ?
    17 Mars 2007 15:20:06

    voilà le rapport combofix:
    "Laure" - 07-03-17 15:05:56 Service Pack 2
    ComboFix 07-03-15.2 - Running from: "C:\Documents and Settings\Laure\Bureau"

    ((((((((((((((((((((((((((((((( Files Created from 2007-02-17 to 2007-03-17 ))))))))))))))))))))))))))))))))))


    2007-03-17 14:43 <REP> d-------- C:\backups
    2007-03-15 21:40 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
    2007-03-13 23:27 <REP> d-------- C:\VundoFix Backups
    2007-03-13 23:14 218,112 --a------ C:\scanner.exe
    2007-03-13 20:06 <REP> d-------- C:\Program Files\Yahoo!
    2007-03-13 20:04 <REP> d-------- C:\Program Files\CCleaner
    2007-03-11 23:07 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-03-11 19:07 44,544 --------- C:\WINDOWS\AWuninstall.exe
    2007-03-05 19:45 <REP> d-------- C:\DOCUME~1\Laure\Heroes.S01E18.HDTV.XviD-LOL
    2007-03-03 12:10 <REP> d-------- C:\DOCUME~1\Laure\O&O Products AIO (9 in 1)
    2007-03-02 19:30 282,164 C:\WINDOWS\system32\awtqn.dll
    2007-03-02 19:24 26,637 C:\WINDOWS\system32\rqrssro.dll
    2007-03-02 19:17 <REP> d-------- C:\Program Files\Cakewalk
    2007-03-02 19:15 <REP> d-------- C:\CAKE9
    2007-02-25 19:21 <REP> d-------- C:\Program Files\MultipleIEs
    2007-02-25 19:12 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2007-02-25 19:04 <REP> d-------- C:\WINDOWS\network diagnostic
    2007-02-20 19:55 <REP> d-------- C:\Program Files\Nero
    2007-02-20 19:55 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-03-17 15:07 81984 --a------ C:\WINDOWS\system32\bdod.bin
    2007-03-17 15:01 32 --a------ C:\WINDOWS\system32\getfile.dat
    2007-03-16 21:58 2770 --a------ C:\DOCUME~1\Laure\APPLIC~1\quickzip45.ini
    2007-03-13 21:20 73728 --a------ C:\WINDOWS\system32\sockspy.dll
    2007-03-13 21:19 77824 --a------ C:\WINDOWS\system32\xcomm.dll
    2007-02-13 21:02 68392 --a------ C:\DOCUME~1\Laure\APPLIC~1\gdipfontcachev1.dat
    2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
    2007-01-08 19:01 17408 --a------ C:\WINDOWS\system32\corpol.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "IncrediMail"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe /c"
    "LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
    "MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
    "WOOKIT"="C:\\PROGRA~1\\WANADOO\\Shell.exe appLaunchClientZone.shl|PARAM= cnx"
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "updateMgr"="c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMBgMonitor.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "LaunchApp"="Alaunch"
    "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
    "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
    "Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe"
    "AzMixerSel"="C:\\Program Files\\Realtek\\InstallShield\\AzMixerSel.exe"
    "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
    "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
    "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
    "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
    "RTHDCPL"="RTHDCPL.EXE"
    "Alcmtr"="ALCMTR.EXE"
    "PCMService"="\"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe\""
    "EPM-DM"="c:\\acer\\epm\\epm-dm.exe"
    "ePowerManagement"="C:\\Acer\\ePM\\ePM.exe boot"
    "LManager"="C:\\PROGRA~1\\LAUNCH~1\\QtZgAcer.EXE"
    "eRecoveryService"="C:\\Program Files\\Acer\\eRecovery\\Monitor.exe"
    "BDSwitchAgent"="\"C:\\PROGRA~1\\SOFTWIN\\BITDEF~1\\bdswitch.exe\""
    "REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
    "InCD"="D:\\Program Files\\Ahead\\InCD\\InCD.exe"
    "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
    "LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
    "LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
    "NeroFilterCheck"="C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NeroCheck.exe"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "WOOWATCH"="C:\\PROGRA~1\\WANADOO\\Watch.exe"
    "WOOTASKBARICON"="C:\\PROGRA~1\\WANADOO\\GestMaj.exe TaskBarIcon.exe"
    "Install5G"="E:\\Install.exe plug_ethernet"
    "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
    "BDMCon"="C:\\PROGRA~1\\SOFTWIN\\BITDEF~1\\bdmcon.exe"
    "BDOESRV"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdoesrv.exe\""
    "BDNewsAgent"="\"C:\\PROGRA~1\\SOFTWIN\\BITDEF~1\\bdnagent.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"="sockspy.dll"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{C47A9554-195A-4769-9B13-04F15B450A39}"=""

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrssro

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0

    *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_INT15.SYS


    ********************************************************************

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-03-17 15:14:42
    C:\ComboFix3.txt ... 07-03-17 13:28
    C:\ComboFix2.txt ... 07-03-17 14:25
    a b 8 Sécurité
    17 Mars 2007 15:22:42

    Toujours ces deux .dll...

    Clique sur le menu Démarrer puis executer et copie/colle ceci :
    "%userprofile%\Bureau\combofix.exe" /v awtqn rqrssro
    puis clic sur OK.

    Suis les invites.

    Ne touche a rien et attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    17 Mars 2007 16:10:41

    le rapport combofix:
    "Laure" - 07-03-17 15:55:41 Service Pack 2
    ComboFix 07-03-15.2 - Running from: "C:\Documents and Settings\Laure\Bureau"
    Command switches used :: /v awtqn rqrssro

    (((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\awtqn.dll
    C:\WINDOWS\system32\rqrssro.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    "C:\WINDOWS\system32\awtqn.dll"
    "C:\WINDOWS\system32\rqrssro.dll"

    ((((((((((((((((((((((((((((((( Files Created from 2007-02-17 to 2007-03-17 ))))))))))))))))))))))))))))))))))


    (((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\awtqn.dll
    C:\WINDOWS\system32\rqrssro.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    "C:\WINDOWS\system32\awtqn.dll"
    "C:\WINDOWS\system32\rqrssro.dll"

    ((((((((((((((((((((((((((((((( Files Created from 2007-02-17 to 2007-03-17 ))))))))))))))))))))))))))))))))))


    2007-03-17 14:43 <REP> d-------- C:\backups
    2007-03-17 14:43 <REP> d-------- C:\backups
    2007-03-15 21:40 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
    2007-03-13 23:27 <REP> d-------- C:\VundoFix Backups
    2007-03-13 23:27 <REP> d-------- C:\VundoFix Backups
    2007-03-13 23:14 218,112 --a------ C:\scanner.exe
    2007-03-13 23:14 218,112 --a------ C:\scanner.exe
    2007-03-13 20:06 <REP> d-------- C:\Program Files\Yahoo!
    2007-03-13 20:06 <REP> d-------- C:\Program Files\Yahoo!
    2007-03-13 20:04 <REP> d-------- C:\Program Files\CCleaner
    2007-03-11 23:07 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-03-11 19:07 44,544 --------- C:\WINDOWS\AWuninstall.exe
    2007-03-11 19:07 44,544 --------- C:\WINDOWS\AWuninstall.exe
    2007-03-03 12:10 <REP> d-------- C:\DOCUME~1\Laure\O&O Products AIO (9 in 1)
    2007-03-02 19:30 282,164 C:\WINDOWS\system32\awtqn.dll
    2007-03-02 19:30 282,164 C:\WINDOWS\system32\awtqn.dll
    2007-03-02 19:24 26,637 C:\WINDOWS\system32\rqrssro.dll
    2007-03-02 19:17 <REP> d-------- C:\Program Files\Cakewalk
    2007-03-02 19:17 <REP> d-------- C:\Program Files\Cakewalk
    2007-03-02 19:15 <REP> d-------- C:\CAKE9
    2007-03-02 19:15 <REP> d-------- C:\CAKE9
    2007-02-25 19:21 <REP> d-------- C:\Program Files\MultipleIEs
    2007-02-25 19:12 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2007-02-25 19:04 <REP> d-------- C:\WINDOWS\network diagnostic
    2007-02-25 19:04 <REP> d-------- C:\WINDOWS\network diagnostic
    2007-02-20 19:55 <REP> d-------- C:\Program Files\Nero
    2007-02-20 19:55 <REP> d-------- C:\Program Files\Nero
    2007-02-20 19:55 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-03-17 16:00 81984 --a------ C:\WINDOWS\system32\bdod.bin
    2007-03-17 15:01 32 --a------ C:\WINDOWS\system32\getfile.dat
    2007-03-16 21:58 2770 --a------ C:\DOCUME~1\Laure\APPLIC~1\quickzip45.ini
    2007-03-13 21:20 73728 --a------ C:\WINDOWS\system32\sockspy.dll
    2007-03-13 21:19 77824 --a------ C:\WINDOWS\system32\xcomm.dll
    2007-02-13 21:02 68392 --a------ C:\DOCUME~1\Laure\APPLIC~1\gdipfontcachev1.dat
    2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
    2007-01-08 19:01 17408 --a------ C:\WINDOWS\system32\corpol.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "IncrediMail"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe /c"
    "LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
    "MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
    "WOOKIT"="C:\\PROGRA~1\\WANADOO\\Shell.exe appLaunchClientZone.shl|PARAM= cnx"
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "updateMgr"="c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMBgMonitor.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "LaunchApp"="Alaunch"
    "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
    "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
    "Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe"
    "AzMixerSel"="C:\\Program Files\\Realtek\\InstallShield\\AzMixerSel.exe"
    "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
    "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
    "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
    "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
    "RTHDCPL"="RTHDCPL.EXE"
    "Alcmtr"="ALCMTR.EXE"
    "PCMService"="\"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe\""
    "EPM-DM"="c:\\acer\\epm\\epm-dm.exe"
    "ePowerManagement"="C:\\Acer\\ePM\\ePM.exe boot"
    "LManager"="C:\\PROGRA~1\\LAUNCH~1\\QtZgAcer.EXE"
    "eRecoveryService"="C:\\Program Files\\Acer\\eRecovery\\Monitor.exe"
    "BDSwitchAgent"="\"C:\\PROGRA~1\\SOFTWIN\\BITDEF~1\\bdswitch.exe\""
    "REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
    "InCD"="D:\\Program Files\\Ahead\\InCD\\InCD.exe"
    "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
    "LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
    "LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
    "NeroFilterCheck"="C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NeroCheck.exe"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "WOOWATCH"="C:\\PROGRA~1\\WANADOO\\Watch.exe"
    "WOOTASKBARICON"="C:\\PROGRA~1\\WANADOO\\GestMaj.exe TaskBarIcon.exe"
    "Install5G"="E:\\Install.exe plug_ethernet"
    "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
    "BDMCon"="C:\\PROGRA~1\\SOFTWIN\\BITDEF~1\\bdmcon.exe"
    "BDOESRV"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdoesrv.exe\""
    "BDNewsAgent"="\"C:\\PROGRA~1\\SOFTWIN\\BITDEF~1\\bdnagent.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"="sockspy.dll"


    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0



    ********************************************************************

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-03-17 16:06:34
    C:\ComboFix2.txt ... 07-03-17 15:53
    C:\ComboFix3.txt ... 07-03-17 15:14
    a b 8 Sécurité
    17 Mars 2007 16:14:47

    Les .dll reviennent.

    Télécharge Clean.zip (de Malekal),
    Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
    Ouvre le dossier clean, double-clique sur clean.cmd.
    Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.

    17 Mars 2007 16:20:19

    voilà le rapport de clean:
    Rapport clean par Malekal_morte - http://www.malekal.com
    Option 1, executee le 17/03/2007 a 16:19:12,10

    *** Recherche de fichiers sur C:
    C:\unwise.exe FOUND

    *** Recherche des fichiers dans C:\WINDOWS\

    *** Recherche des fichiers dans C:\WINDOWS\system32
    C:\WINDOWS\system32\bdod.bin FOUND
    C:\WINDOWS\system32\mcrh.tmp FOUND
    C:\WINDOWS\system32\SpoonUninstall.exe FOUND

    *** Fin du rapport !
    a b 8 Sécurité
    17 Mars 2007 16:34:53

    Re,

    Télécharge puis installe AVG Anti-Spyware (AVG AS)
    Une fois AVG AS lancé, clique sur "Mise à jour"
    Ferme le programme.
    AIDE : Tuto sur AVG Antispyware (Malekal)

    Redémarre en mode sans échec

    Relance AVG AS puis choisis l'onglet "Analyse"
    Puis l'onglet "Paramètres"
    Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
    Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

    /!\ Si un fichier est infecté en fin d'analyse /!\
    Clique sur "Appliquer toutes les actions"

    Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
    Enregistre ce fichier texte sur ton bureau.

    Ouvre le dossier clean, double-clique sur clean.cmd.
    Choisis l'option 2 puis patiente.

    Redémarre normalement
    Copie/Colle le rapport AVG AS ainsi qu'un rapport Hijackthis.
    17 Mars 2007 18:59:46

    rapport AVG spyware:
    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 18:50:25 17/03/2007

    + Résultat de l'analyse:



    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
    HKU\S-1-5-21-1019634464-2694597187-1998045826-1005\Software\Microsoft\Internet Explorer\SearchScopes\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
    C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP392\A0046413.dll -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
    C:\WINDOWS\system32\rqrssro.dll -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
    :mozilla.160:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.161:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.112:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.123:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.419:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.90:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.91:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.92:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.150:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
    :mozilla.153:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
    :mozilla.236:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Adbrite : Nettoyé.
    :mozilla.237:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Adbrite : Nettoyé.
    :mozilla.291:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Adjuggler : Nettoyé.
    :mozilla.292:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Adjuggler : Nettoyé.
    :mozilla.296:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Admarketplace : Nettoyé.
    :mozilla.230:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Adrevolver : Nettoyé.
    :mozilla.231:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Adrevolver : Nettoyé.
    :mozilla.56:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Adtech : Nettoyé.
    :mozilla.58:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Adtech : Nettoyé.
    :mozilla.175:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.176:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.177:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.377:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.378:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.379:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.111:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
    :mozilla.28:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Atdmt : Nettoyé.
    C:\Documents and Settings\Laure\Cookies\laure@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
    :mozilla.165:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
    :mozilla.46:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Bluestreak : Nettoyé.
    C:\Documents and Settings\Laure\Cookies\laure@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
    :mozilla.260:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Clickbank : Nettoyé.
    :mozilla.278:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Clickhype : Nettoyé.
    :mozilla.279:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Clickhype : Nettoyé.
    :mozilla.161:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.162:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.163:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.134:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Coremetrics : Nettoyé.
    :mozilla.136:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Coremetrics : Nettoyé.
    :mozilla.45:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Doubleclick : Nettoyé.
    :mozilla.51:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
    C:\Documents and Settings\Laure\Cookies\laure@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
    :mozilla.156:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Estat : Nettoyé.
    :mozilla.372:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Estat : Nettoyé.
    :mozilla.64:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Falkag : Nettoyé.
    :mozilla.65:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Falkag : Nettoyé.
    :mozilla.66:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Falkag : Nettoyé.
    :mozilla.67:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Falkag : Nettoyé.
    :mozilla.68:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Falkag : Nettoyé.
    :mozilla.69:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Falkag : Nettoyé.
    :mozilla.70:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Falkag : Nettoyé.
    :mozilla.71:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Falkag : Nettoyé.
    :mozilla.72:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Falkag : Nettoyé.
    :mozilla.147:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
    :mozilla.148:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
    :mozilla.59:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Fastclick : Nettoyé.
    :mozilla.60:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Fastclick : Nettoyé.
    :mozilla.115:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.198:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.103:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.104:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.105:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.158:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.48:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Mediaplex : Nettoyé.
    :mozilla.50:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
    :mozilla.109:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Overture : Nettoyé.
    :mozilla.110:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Overture : Nettoyé.
    :mozilla.195:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Paycounter : Nettoyé.
    :mozilla.84:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Paypal : Nettoyé.
    :mozilla.100:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
    :mozilla.101:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
    :mozilla.94:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
    :mozilla.95:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
    :mozilla.96:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
    :mozilla.97:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
    :mozilla.98:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
    :mozilla.99:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
    :mozilla.277:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Revenue : Nettoyé.
    :mozilla.329:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.330:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.331:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.332:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.333:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.334:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.35:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.36:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.37:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.38:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.39:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.40:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.186:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Sexcounter : Nettoyé.
    :mozilla.187:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Sexcounter : Nettoyé.
    :mozilla.188:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Sexcounter : Nettoyé.
    :mozilla.189:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Sexcounter : Nettoyé.
    :mozilla.184:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Sitestat : Nettoyé.
    :mozilla.185:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Sitestat : Nettoyé.
    :mozilla.100:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.101:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.22:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.23:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.24:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.99:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.138:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
    :mozilla.232:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Statcounter : Nettoyé.
    :mozilla.234:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Statcounter : Nettoyé.
    :mozilla.235:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Statcounter : Nettoyé.
    :mozilla.225:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Tacoda : Nettoyé.
    :mozilla.226:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Tacoda : Nettoyé.
    :mozilla.120:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.121:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.122:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.123:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.134:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.135:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.430:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Tribalfusion : Nettoyé.
    :mozilla.41:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.42:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.43:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.44:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Weborama : Nettoyé.
    C:\Documents and Settings\Laure\Cookies\laure@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.136:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Webtrendslive : Nettoyé.
    :mozilla.141:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.142:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.143:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.144:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.206:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.207:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.368:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Zedo : Nettoyé.
    :mozilla.369:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies-1.txt -> TrackingCookie.Zedo : Nettoyé.
    :mozilla.91:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
    :mozilla.92:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
    :mozilla.93:C:\Documents and Settings\Laure\Application Data\Mozilla\Firefox\Profiles\ohq6a5zk.Laure\cookies.txt -> TrackingCookie.Zedo : Nettoyé.


    Fin du rapport


    rapport clean:
    Script execute en mode normal
    Rapport clean par Malekal_morte - http://www.malekal.com
    Option 2, executee le 17/03/2007 a 18:56:28,56

    Microsoft Windows XP [version 5.1.2600]

    *** Suppression de fichiers sur C:
    tentative de suppression de C:\unwise.exe

    *** Suppression des fichiers dans C:\WINDOWS\

    *** Suppression des fichiers dans C:\WINDOWS\system32
    tentative de suppression de C:\WINDOWS\system32\bdod.bin
    tentative de suppression de C:\WINDOWS\system32\mcrh.tmp
    tentative de suppression de C:\WINDOWS\system32\SpoonUninstall.exe


    *** Suppression des clefs du registre effectuee..
    *** Fin du rapport !


    rapport hijackthis:
    Script execute en mode normal
    Rapport clean par Malekal_morte - http://www.malekal.com
    Option 2, executee le 17/03/2007 a 18:56:28,56

    Microsoft Windows XP [version 5.1.2600]

    *** Suppression de fichiers sur C:
    tentative de suppression de C:\unwise.exe

    *** Suppression des fichiers dans C:\WINDOWS\

    *** Suppression des fichiers dans C:\WINDOWS\system32
    tentative de suppression de C:\WINDOWS\system32\bdod.bin
    tentative de suppression de C:\WINDOWS\system32\mcrh.tmp
    tentative de suppression de C:\WINDOWS\system32\SpoonUninstall.exe


    *** Suppression des clefs du registre effectuee..
    *** Fin du rapport !
    a b 8 Sécurité
    17 Mars 2007 19:02:15

    et Hijackthis ?
    17 Mars 2007 19:05:32

    excuse j'ai pas copier le bon, le voilà:
    Logfile of HijackThis v1.99.1
    Scan saved at 19:05:07, on 17/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\acer\epm\epm-dm.exe
    C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    C:\Program Files\Acer\eRecovery\Monitor.exe
    C:\Acer\eManager\anbmServ.exe
    C:\progra~1\softwin\bitdef~1\bdswitch.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    D:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
    C:\progra~1\softwin\bitdef~1\bdnagent.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\WANADOO\TaskBarIcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    D:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    D:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    D:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender9\vsserv.exe
    c:\progra~1\softwin\bitdef~1\bdmcon.exe
    C:\scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.incredimail.com/french
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: IE DevToolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
    O3 - Toolbar: &Accessibility Toolbar - {11352A67-0178-46B1-8855-D50B2F81C054} - C:\PROGRA~1\WAT_FR1\ACCESS~1.DLL
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [BDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [Install5G] E:\Install.exe plug_ethernet
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\SOFTWIN\BITDEF~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
    O4 - HKLM\..\Run: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Stardock ObjectDock.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    O4 - Startup: Y'z Toolbar.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {10B80391-96A7-11D3-B7A6-00A0C94C6AE0} (ParallelGraphics Cortona Java Support) - http://www.parallelgraphics.com/bin/cortjava.cab
    O16 - DPF: {10B80396-96A7-11D3-B7A6-00A0C94C6AE0} (ParallelGraphics Cortona VRML 1.0 to VRML 2.0 convertor) - http://www.parallelgraphics.com/bin/cortvrml10.cab
    O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader....
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4440221E-9A4D-432A-B970-D4202B3C0651}: NameServer = 80.118.196.40
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - D:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

    a b 8 Sécurité
    17 Mars 2007 19:07:31

    Refais un scan Combofix.
    17 Mars 2007 19:14:46

    rapport combofix:
    "Laure" - 07-03-17 19:10:46 Service Pack 2
    ComboFix 07-03-15.2 - Running from: "C:\Documents and Settings\Laure\Bureau"

    ((((((((((((((((((((((((((((((( Files Created from 2007-02-17 to 2007-03-17 ))))))))))))))))))))))))))))))))))


    2007-03-17 18:59 81,984 --a------ C:\WINDOWS\system32\bdod.bin
    2007-03-17 16:43 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-03-17 14:43 <REP> d-------- C:\backups
    2007-03-15 21:40 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
    2007-03-13 23:27 <REP> d-------- C:\VundoFix Backups
    2007-03-13 23:14 218,112 --a------ C:\scanner.exe
    2007-03-13 20:06 <REP> d-------- C:\Program Files\Yahoo!
    2007-03-13 20:04 <REP> d-------- C:\Program Files\CCleaner
    2007-03-11 23:07 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-03-11 19:07 44,544 --------- C:\WINDOWS\AWuninstall.exe
    2007-03-05 19:45 <REP> d-------- C:\DOCUME~1\Laure\Heroes.S01E18.HDTV.XviD-LOL
    2007-03-03 12:10 <REP> d-------- C:\DOCUME~1\Laure\O&O Products AIO (9 in 1)
    2007-03-02 19:30 282,164 C:\WINDOWS\system32\awtqn.dll
    2007-03-02 19:17 <REP> d-------- C:\Program Files\Cakewalk
    2007-03-02 19:15 <REP> d-------- C:\CAKE9
    2007-02-25 19:21 <REP> d-------- C:\Program Files\MultipleIEs
    2007-02-25 19:12 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2007-02-25 19:04 <REP> d-------- C:\WINDOWS\network diagnostic
    2007-02-20 19:55 <REP> d-------- C:\Program Files\Nero
    2007-02-20 19:55 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-03-17 18:59 32 --a------ C:\WINDOWS\system32\getfile.dat
    2007-03-16 21:58 2770 --a------ C:\DOCUME~1\Laure\APPLIC~1\quickzip45.ini
    2007-03-13 21:20 73728 --a------ C:\WINDOWS\system32\sockspy.dll
    2007-03-13 21:19 77824 --a------ C:\WINDOWS\system32\xcomm.dll
    2007-02-13 21:02 68392 --a------ C:\DOCUME~1\Laure\APPLIC~1\gdipfontcachev1.dat
    2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
    2007-01-08 19:01 17408 --a------ C:\WINDOWS\system32\corpol.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "IncrediMail"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe /c"
    "LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
    "MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
    "WOOKIT"="C:\\PROGRA~1\\WANADOO\\Shell.exe appLaunchClientZone.shl|PARAM= cnx"
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "updateMgr"="c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMBgMonitor.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "LaunchApp"="Alaunch"
    "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
    "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
    "Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe"
    "AzMixerSel"="C:\\Program Files\\Realtek\\InstallShield\\AzMixerSel.exe"
    "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
    "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
    "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
    "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
    "RTHDCPL"="RTHDCPL.EXE"
    "Alcmtr"="ALCMTR.EXE"
    "PCMService"="\"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe\""
    "EPM-DM"="c:\\acer\\epm\\epm-dm.exe"
    "ePowerManagement"="C:\\Acer\\ePM\\ePM.exe boot"
    "LManager"="C:\\PROGRA~1\\LAUNCH~1\\QtZgAcer.EXE"
    "eRecoveryService"="C:\\Program Files\\Acer\\eRecovery\\Monitor.exe"
    "BDSwitchAgent"="\"c:\\progra~1\\softwin\\bitdef~1\\bdswitch.exe\""
    "REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
    "InCD"="D:\\Program Files\\Ahead\\InCD\\InCD.exe"
    "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
    "LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
    "LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
    "NeroFilterCheck"="C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NeroCheck.exe"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "WOOWATCH"="C:\\PROGRA~1\\WANADOO\\Watch.exe"
    "WOOTASKBARICON"="C:\\PROGRA~1\\WANADOO\\GestMaj.exe TaskBarIcon.exe"
    "Install5G"="E:\\Install.exe plug_ethernet"
    "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
    "BDMCon"="C:\\PROGRA~1\\SOFTWIN\\BITDEF~1\\bdmcon.exe"
    "BDOESRV"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdoesrv.exe\""
    "BDNewsAgent"="\"c:\\progra~1\\softwin\\bitdef~1\\bdnagent.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"="sockspy.dll"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0

    *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_INT15.SYS


    ********************************************************************

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-03-17 19:14:11
    C:\ComboFix3.txt ... 07-03-17 15:53
    C:\ComboFix2.txt ... 07-03-17 16:06
    a b 8 Sécurité
    17 Mars 2007 19:28:10

    Re,

    Télécharge Silent Runners
    http://www.silentrunners.org/Silent%20Runners.zip

    Dézippe le sur ton bureau ou dans un dossier dédié.
    Double Clique ensuite sur ce fichier, patiente jusqu'à l'affichage d'un message.
    Un rapport est généré dans le meme dossier, colle le ici.

    NOTE : Si tu as une alerte de ton antivirus au cours du téléchargement, ou au cours de l'utilisation, n'en tiens pas compte.
    17 Mars 2007 19:32:39

    voilà le rapport:
    "Silent Runners.vbs", revision R50, http://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
    "IncrediMail" = "C:\Program Files\IncrediMail\bin\IncMail.exe /c" ["IncrediMail, Ltd."]
    "LogitechSoftwareUpdate" = ""C:\Program Files\Logitech\Video\ManifestEngine.exe" boot" ["Logitech Inc."]
    "MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart" ["Patchou"]
    "WOOKIT" = "C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx" [empty string]
    "msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
    "updateMgr" = "c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9" ["Adobe Systems Incorporated"]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "LaunchApp" = "Alaunch" ["Acer Inc."]
    "IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
    "HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
    "Persistence" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"]
    "High Definition Audio Property Page Shortcut" = "HDAShCut.exe" ["Windows (R) Server 2003 DDK provider"]
    "AzMixerSel" = "C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" ["Realtek Semiconductor Corp."]
    "IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS]
    "MSPY2002" = "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC" [null data]
    "PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]
    "PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]
    "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
    "Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
    "PCMService" = ""C:\Program Files\Acer\Acer Arcade\PCMService.exe"" ["CyberLink Corp."]
    "EPM-DM" = "c:\acer\epm\epm-dm.exe" ["Acer Inc"]
    "ePowerManagement" = "C:\Acer\ePM\ePM.exe boot" ["Acer Value Labs, Taiwan"]
    "LManager" = "C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" ["Dritek System Inc."]
    "eRecoveryService" = "C:\Program Files\Acer\eRecovery\Monitor.exe" ["acer Inc."]
    "BDSwitchAgent" = ""c:\progra~1\softwin\bitdef~1\bdswitch.exe"" [null data]
    "REGSHAVE" = "C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN" ["FUJI PHOTO FILM CO., LTD."]
    "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
    "InCD" = "D:\Program Files\Ahead\InCD\InCD.exe" ["Ahead Software AG"]
    "LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Logitech Inc."]
    "LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe" ["Logitech Inc."]
    "LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech Inc."]
    "NeroFilterCheck" = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
    "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
    "WOOWATCH" = "C:\PROGRA~1\WANADOO\Watch.exe" ["France Télécom R&D"]
    "WOOTASKBARICON" = "C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe" ["France Télécom R&D"]
    "Install5G" = "E:\Install.exe plug_ethernet" [file not found]
    "TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
    "BDMCon" = "C:\PROGRA~1\SOFTWIN\BITDEF~1\bdmcon.exe" ["SOFTWIN S.R.L."]
    "BDOESRV" = ""C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"" ["SOFTWIN SRL"]
    "BDNewsAgent" = ""c:\progra~1\softwin\bitdef~1\bdnagent.exe"" ["SOFTWIN S.R.L"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
    \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
    {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "SSVHelper Class"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Windows Live Sign-in Helper"
    \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
    {CC7E636D-39AA-49b6-B511-65413DA137A1}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "IE DevToolbar BHO"
    \InProcServer32\(Default) = "C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
    -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
    \InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
    17 Mars 2007 19:33:33

    désolé il était pas terminé, le voilà en entier:
    "Silent Runners.vbs", revision R50, http://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
    "IncrediMail" = "C:\Program Files\IncrediMail\bin\IncMail.exe /c" ["IncrediMail, Ltd."]
    "LogitechSoftwareUpdate" = ""C:\Program Files\Logitech\Video\ManifestEngine.exe" boot" ["Logitech Inc."]
    "MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart" ["Patchou"]
    "WOOKIT" = "C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx" [empty string]
    "msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
    "updateMgr" = "c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9" ["Adobe Systems Incorporated"]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "LaunchApp" = "Alaunch" ["Acer Inc."]
    "IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
    "HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
    "Persistence" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"]
    "High Definition Audio Property Page Shortcut" = "HDAShCut.exe" ["Windows (R) Server 2003 DDK provider"]
    "AzMixerSel" = "C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" ["Realtek Semiconductor Corp."]
    "IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS]
    "MSPY2002" = "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC" [null data]
    "PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]
    "PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]
    "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
    "Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
    "PCMService" = ""C:\Program Files\Acer\Acer Arcade\PCMService.exe"" ["CyberLink Corp."]
    "EPM-DM" = "c:\acer\epm\epm-dm.exe" ["Acer Inc"]
    "ePowerManagement" = "C:\Acer\ePM\ePM.exe boot" ["Acer Value Labs, Taiwan"]
    "LManager" = "C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" ["Dritek System Inc."]
    "eRecoveryService" = "C:\Program Files\Acer\eRecovery\Monitor.exe" ["acer Inc."]
    "BDSwitchAgent" = ""c:\progra~1\softwin\bitdef~1\bdswitch.exe"" [null data]
    "REGSHAVE" = "C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN" ["FUJI PHOTO FILM CO., LTD."]
    "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
    "InCD" = "D:\Program Files\Ahead\InCD\InCD.exe" ["Ahead Software AG"]
    "LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Logitech Inc."]
    "LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe" ["Logitech Inc."]
    "LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech Inc."]
    "NeroFilterCheck" = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
    "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
    "WOOWATCH" = "C:\PROGRA~1\WANADOO\Watch.exe" ["France Télécom R&D"]
    "WOOTASKBARICON" = "C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe" ["France Télécom R&D"]
    "Install5G" = "E:\Install.exe plug_ethernet" [file not found]
    "TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
    "BDMCon" = "C:\PROGRA~1\SOFTWIN\BITDEF~1\bdmcon.exe" ["SOFTWIN S.R.L."]
    "BDOESRV" = ""C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"" ["SOFTWIN SRL"]
    "BDNewsAgent" = ""c:\progra~1\softwin\bitdef~1\bdnagent.exe"" ["SOFTWIN S.R.L"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
    \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
    {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "SSVHelper Class"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Windows Live Sign-in Helper"
    \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
    {CC7E636D-39AA-49b6-B511-65413DA137A1}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "IE DevToolbar BHO"
    \InProcServer32\(Default) = "C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
    -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
    \InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
    "{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0}" = "EPM-PO Shell Extension"
    -> {HKLM...CLSID} = "EPM-PO Shell Extensions"
    \InProcServer32\(Default) = "epm-po.dll" ["Acer Labs USA"]
    "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}" = "BitDefender Antivirus v9"
    -> {HKLM...CLSID} = "BitDefender Antivirus v9"
    \InProcServer32\(Default) = "C:\Program Files\Softwin\BitDefender9\bdshelxt.dll" [null data]
    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
    -> {HKLM...CLSID} = "Outlook File Icon Extension"
    \InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
    "{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
    -> {HKLM...CLSID} = "Shell Extension for CDRW"
    \InProcServer32\(Default) = "D:\Program Files\Ahead\InCD\incdshx.dll" ["Ahead Software, Karlsbad, Germany"]
    "{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1"
    -> {HKLM...CLSID} = "dBpShell Class"
    \InProcServer32\(Default) = "D:\Program Files\Illustrate\dBpowerAMP\dBShell.dll" [empty string]
    "{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter"
    -> {HKLM...CLSID} = "dMCIShell Class"
    \InProcServer32\(Default) = "D:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll" [empty string]
    "{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender"
    -> {HKLM...CLSID} = "CMenuExtender"
    \InProcServer32\(Default) = "D:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll" ["Revenger inc."]
    "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "Mes photos Logitech"
    -> {HKLM...CLSID} = "Mes photos Logitech"
    \InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
    -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
    \InProcServer32\(Default) = "D:\Program Files\RealPLayer\rpshell.dll" ["RealNetworks, Inc."]
    "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
    -> {HKLM...CLSID} = "Mes dossiers de partage"
    \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
    "{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
    -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
    \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
    "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
    -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
    \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
    "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
    -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
    \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
    <<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
    -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
    <<!>> "AppInit_DLLs" = "sockspy.dll" [null data]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    <<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]

    HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
    {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
    -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
    \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
    -> {HKLM...CLSID} = "PDF Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
    -> {HKLM...CLSID} = "CContextScan Object"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
    BitDefender Antivirus v8\(Default) = "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"
    -> {HKLM...CLSID} = "BitDefender Antivirus v9"
    \InProcServer32\(Default) = "C:\Program Files\Softwin\BitDefender9\bdshelxt.dll" [null data]
    Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
    -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
    \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
    -> {HKLM...CLSID} = "CContextScan Object"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
    CMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}"
    -> {HKLM...CLSID} = "CMenuExtender"
    \InProcServer32\(Default) = "D:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll" ["Revenger inc."]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    BitDefender Antivirus v8\(Default) = "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"
    -> {HKLM...CLSID} = "BitDefender Antivirus v9"
    \InProcServer32\(Default) = "C:\Program Files\Softwin\BitDefender9\bdshelxt.dll" [null data]


    Group Policies {policy setting}:
    --------------------------------

    Note: detected settings may not have any effect.

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

    "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
    {Shutdown: Allow system to be shut down without having to log on}

    "undockwithoutlogon" = (REG_DWORD) hex:0x00000001
    {Devices: Allow undock without having to log on}


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop may be disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
    "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

    Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\Documents and Settings\Laure\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


    Startup items in "Laure" & "All Users" startup folders:
    -------------------------------------------------------

    C:\Documents and Settings\Laure\Menu Démarrer\Programmes\Démarrage
    "Adobe Gamma" -> shortcut to: "C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
    "Stardock ObjectDock" -> shortcut to: "D:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe" ["Stardock"]
    "Y'z Toolbar" -> shortcut to: "D:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe" ["Y'z@Home"]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    "Microsoft Office" -> shortcut to: "D:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
    "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{11352A67-0178-46B1-8855-D50B2F81C054}"
    -> {HKLM...CLSID} = "&Accessibility Toolbar"
    \InProcServer32\(Default) = "C:\PROGRA~1\WAT_FR1\ACCESS~1.DLL" ["NILS Accessible Information Solutions"]

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\
    "{11352A67-0178-46B1-8855-D50B2F81C054}" = (no title provided)
    -> {HKLM...CLSID} = "&Accessibility Toolbar"
    \InProcServer32\(Default) = "C:\PROGRA~1\WAT_FR1\ACCESS~1.DLL" ["NILS Accessible Information Solutions"]
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
    -> {HKLM...CLSID} = "Yahoo! Toolbar avec bloqueur de fenêtres pop-up"
    \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

    Explorer Bars

    HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
    {A202B231-EF71-4A08-BDB9-4CE5AE8BDE0A}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "IE DOM Explorer"
    \InProcServer32\(Default) = "C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll" [MS]

    HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo"
    Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
    InProcServer32\(Default) = "C:\PROGRA~1\WANADOO\audience\audience.dll" [empty string]

    HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class"
    Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
    InProcServer32\(Default) = "C:\PROGRA~1\WANADOO\audience\audience.dll" [empty string]

    HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo"
    Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
    InProcServer32\(Default) = "C:\PROGRA~1\WANADOO\audience\audience.dll" [empty string]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKCU\Software\Microsoft\Internet Explorer\Extensions\
    {1462651F-F4BA-4C76-A001-C4284D0FE16E}\
    "ButtonText" = "Orange"
    "Exec" = "http://www.orange.fr" [file not found]

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
    "MenuText" = "Console Java (Sun)"
    "CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
    -> {HKCU...CLSID} = "Java Plug-in"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
    -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

    {48FFE35F-36D9-44BD-A6CC-1D34414EAC0D}\
    "ButtonText" = "IE Developer Toolbar"
    "CLSIDExtension" = "{CC962137-2E78-4F94-975E-FC0C07DBD78F}"
    -> {HKLM...CLSID} = "Developer Toolbar"
    \InProcServer32\(Default) = "C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll" [MS]

    {E2E2DD38-D088-4134-82B7-F2BA38496583}\
    "MenuText" = "@xpsp3res.dll,-20001"
    "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]


    Miscellaneous IE Hijack Points
    ------------------------------

    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
    <<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)
    -> {HKLM...CLSID} = "Search Class"
    \InProcServer32\(Default) = "C:\PROGRA~1\WANADOO\SEARCH~1.DLL" [empty string]
    <<H>> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
    -> {HKLM...CLSID} = "Yahoo! Toolbar avec bloqueur de fenêtres pop-up"
    \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]


    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    BitDefender Communicator, XCOMM, ""C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service" ["Softwin"]
    BitDefender Desktop Update Service, LIVESRV, ""C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service" ["SOFTWIN S.R.L."]
    BitDefender Scan Server, bdss, ""C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service" [null data]
    BitDefender Virus Shield, VSSERV, ""C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service" ["SOFTWIN S.R.L."]
    CyberLink Background Capture Service (CBCS), CLCapSvc, ""C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe"" [empty string]
    CyberLink Media Library Service, CyberLink Media Library Service, ""C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe"" ["Cyberlink"]
    Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Program Files\CyberLink\Shared Files\RichVideo.exe"" [empty string]
    CyberLink Task Scheduler (CTS), CLSched, ""C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe"" [empty string]
    EvtEng, EvtEng, "C:\Program Files\Intel\Wireless\Bin\EvtEng.exe" ["Intel Corporation"]
    France Telecom Routing Table Service, FTRTSVC, "C:\WINDOWS\System32\FTRTSVC.exe" ["France Telecom"]
    InCD Helper, InCDsrv, "D:\Program Files\Ahead\InCD\InCDsrv.exe" ["AHEAD Software"]
    Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
    NMIndexingService, NMIndexingService, ""C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe"" ["Nero AG"]
    Notebook Manager Service, anbmService, "C:\Acer\eManager\anbmServ.exe" ["OSA Technologies Inc."]
    RegSrvc, RegSrvc, "C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe" ["Intel Corporation"]
    Spectrum24 Event Monitor, S24EventMonitor, "C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe" ["Intel Corporation "]
    Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


    Print Monitors:
    ---------------

    HKLM\System\CurrentControlSet\Control\Print\Monitors\
    Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
    PDFCreator\Driver = "pdfcmnnt.dll" [null data]


    ----------
    <<!>>: Suspicious data at a malware launch point.
    <<H>>: Suspicious data at a browser hijack point.

    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + To search all directories of local fixed drives for DESKTOP.INI
    DLL launch points, use the -supp parameter or answer "No" at the
    first message box and "Yes" at the second message box.
    ---------- (total run time: 56 seconds, including 8 seconds for message boxes)
    a b 8 Sécurité
    17 Mars 2007 19:35:39

    Re,

  • Double-clique VundoFix.exe afin de le lancer
  • NE clique PAS sur le bouton Scan for Vundo
  • Clique Droit dans la fenêtre blanche, choisis Add more files ?
  • Rajoute dans la première ligne :
    C:\WINDOWS\system32\awtqn.dll
  • Clique successivement sur :
    - Add Files
    - Close Windows
    - Remove Vundo
  • Si l'outil te demande de redémarrer, accepte.
  • Copie/Colle ensuite le rapport C:\vundofix.txt
    17 Mars 2007 19:53:15

    voilà j'ai fai ce que tu m'as demandé et voici ce qu'il y avait dans le fichier VundoFix.txt:


    Beginning removal...

    Performing Repairs to the registry.
    Done!


    a b 8 Sécurité
    17 Mars 2007 20:09:00

    Il n'y avait que ça ?
    Tu peux refaire un scan Combofix.
    18 Mars 2007 00:27:06

    Excuse pour le retard, j'ai été retenue.
    Voilà le rapport combofix:

    "Laure" - 07-03-18 0:22:42 Service Pack 2
    ComboFix 07-03-15.2 - Running from: "C:\Documents and Settings\Laure\Bureau"

    ((((((((((((((((((((((((((((((( Files Created from 2007-02-18 to 2007-03-18 ))))))))))))))))))))))))))))))))))


    2007-03-17 18:59 81,984 --a------ C:\WINDOWS\system32\bdod.bin
    2007-03-17 16:43 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-03-17 14:43 <REP> d-------- C:\backups
    2007-03-15 21:40 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
    2007-03-13 23:27 <REP> d-------- C:\VundoFix Backups
    2007-03-13 23:14 218,112 --a------ C:\scanner.exe
    2007-03-13 20:06 <REP> d-------- C:\Program Files\Yahoo!
    2007-03-13 20:04 <REP> d-------- C:\Program Files\CCleaner
    2007-03-11 23:07 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-03-11 19:07 44,544 --------- C:\WINDOWS\AWuninstall.exe
    2007-03-05 19:45 <REP> d-------- C:\DOCUME~1\Laure\Heroes.S01E18.HDTV.XviD-LOL
    2007-03-03 12:10 <REP> d-------- C:\DOCUME~1\Laure\O&O Products AIO (9 in 1)
    2007-03-02 19:30 282,164 C:\WINDOWS\system32\awtqn.dll
    2007-03-02 19:17 <REP> d-------- C:\Program Files\Cakewalk
    2007-03-02 19:15 <REP> d-------- C:\CAKE9
    2007-02-25 19:21 <REP> d-------- C:\Program Files\MultipleIEs
    2007-02-25 19:12 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2007-02-25 19:04 <REP> d-------- C:\WINDOWS\network diagnostic
    2007-02-20 19:55 <REP> d-------- C:\Program Files\Nero
    2007-02-20 19:55 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-03-18 00:00 32 --a------ C:\WINDOWS\system32\getfile.dat
    2007-03-17 19:31 2823 --a------ C:\DOCUME~1\Laure\APPLIC~1\quickzip45.ini
    2007-03-13 21:20 73728 --a------ C:\WINDOWS\system32\sockspy.dll
    2007-03-13 21:19 77824 --a------ C:\WINDOWS\system32\xcomm.dll
    2007-02-13 21:02 68392 --a------ C:\DOCUME~1\Laure\APPLIC~1\gdipfontcachev1.dat
    2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
    2007-01-08 19:01 17408 --a------ C:\WINDOWS\system32\corpol.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "IncrediMail"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe /c"
    "LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
    "MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
    "WOOKIT"="C:\\PROGRA~1\\WANADOO\\Shell.exe appLaunchClientZone.shl|PARAM= cnx"
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "updateMgr"="c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMBgMonitor.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "LaunchApp"="Alaunch"
    "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
    "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
    "Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe"
    "AzMixerSel"="C:\\Program Files\\Realtek\\InstallShield\\AzMixerSel.exe"
    "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
    "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
    "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
    "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
    "RTHDCPL"="RTHDCPL.EXE"
    "Alcmtr"="ALCMTR.EXE"
    "PCMService"="\"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe\""
    "EPM-DM"="c:\\acer\\epm\\epm-dm.exe"
    "ePowerManagement"="C:\\Acer\\ePM\\ePM.exe boot"
    "LManager"="C:\\PROGRA~1\\LAUNCH~1\\QtZgAcer.EXE"
    "eRecoveryService"="C:\\Program Files\\Acer\\eRecovery\\Monitor.exe"
    "BDSwitchAgent"="\"c:\\progra~1\\softwin\\bitdef~1\\bdswitch.exe\""
    "REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
    "InCD"="D:\\Program Files\\Ahead\\InCD\\InCD.exe"
    "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
    "LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
    "LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
    "NeroFilterCheck"="C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NeroCheck.exe"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "WOOWATCH"="C:\\PROGRA~1\\WANADOO\\Watch.exe"
    "WOOTASKBARICON"="C:\\PROGRA~1\\WANADOO\\GestMaj.exe TaskBarIcon.exe"
    "Install5G"="E:\\Install.exe plug_ethernet"
    "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
    "BDMCon"="C:\\PROGRA~1\\SOFTWIN\\BITDEF~1\\bdmcon.exe"
    "BDOESRV"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdoesrv.exe\""
    "BDNewsAgent"="\"c:\\progra~1\\softwin\\bitdef~1\\bdnagent.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"="sockspy.dll"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0



    ********************************************************************

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-03-18 0:26:12
    C:\ComboFix2.txt ... 07-03-17 19:14
    C:\ComboFix3.txt ... 07-03-17 16:06
    a b 8 Sécurité
    18 Mars 2007 11:30:47

    Il ne veut vraiment pas partir !

    1/ Télécharge The Avenger (par Swandog46) sur ton Bureau.
    Dézippe-le ensuite sur ton Bureau.

    2/ Copie tout le texte en rouge[/#f] ci-dessous :

    Citation :
    [#ff1c00]Files to delete:
    C:\WINDOWS\system32\bdod.bin
    C:\WINDOWS\system32\awtqn.dll


    ---> Clique-droit puis Copier

    Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
    si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.


    3/ Maintenant, lance The Avenger en cliquant sur l'icône présente sur le Bureau.
    Sous "Script file to execute" choisis "Input Script Manually".
    Puis clique sur l'icône en forme de loupe qui va ouvrir une nouvelle fenêtre "View/edit script"
    Dans cette fenêtre, colle le texte précedemment copié sur le bureau.
    Clique sur "Done"
    Ensuite clique sur l'icône en forme de Feu Vert pour démarrer l'exécution du script.
    Réponds par "Yes" deux fois quand cela te sera demandé.

    4/ The Avenger va automatiquement faire ce qui suit :
    Il va redémarrer le système. ( Dans les cas où le script contient un/des "Drivers to Unload", The Avenger redémarrera votre système 2 fois)
    Pendant le redémarrage, il apparaitra brièvement une fenêtre de commande de Windows noire sur votre bureau, ceci est NORMAL.
    Après le redémarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
    The Avenger aura également sauvegardé tous les fichiers, etc., que vous lui avez demandé de supprimer, les aura compactés (zipped) et tranféré l'archive zip ici : C:\avenger\backup.zip.

    5/ Pour finir copie/colle le contenu du ficher c:\avenger.txt dans votre réponse avec un nouveau rapport HijackThis.
    18 Mars 2007 14:07:00

    alors voilà le rapport avenger:
    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\vxgwbpth

    *******************

    Script file located at: \??\C:\WINDOWS\system32\vhqakviv.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    File C:\WINDOWS\system32\bdod.bin deleted successfully.
    File C:\WINDOWS\system32\awtqn.dll deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.


    et celui de hijackthis:
    Logfile of HijackThis v1.99.1
    Scan saved at 14:05:56, on 18/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\acer\epm\epm-dm.exe
    C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Acer\eRecovery\Monitor.exe
    C:\PROGRA~1\SOFTWIN\BITDEF~1\bdswitch.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    D:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\SOFTWIN\BITDEF~1\bdmcon.exe
    C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
    C:\PROGRA~1\SOFTWIN\BITDEF~1\bdnagent.exe
    C:\PROGRA~1\WANADOO\TaskBarIcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    D:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    D:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    D:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender9\vsserv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.incredimail.com/french
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: IE DevToolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
    O3 - Toolbar: &Accessibility Toolbar - {11352A67-0178-46B1-8855-D50B2F81C054} - C:\PROGRA~1\WAT_FR1\ACCESS~1.DLL
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\SOFTWIN\BITDEF~1\bdswitch.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [Install5G] E:\Install.exe plug_ethernet
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\SOFTWIN\BITDEF~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
    O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\SOFTWIN\BITDEF~1\bdnagent.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Stardock ObjectDock.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    O4 - Startup: Y'z Toolbar.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {10B80391-96A7-11D3-B7A6-00A0C94C6AE0} (ParallelGraphics Cortona Java Support) - http://www.parallelgraphics.com/bin/cortjava.cab
    O16 - DPF: {10B80396-96A7-11D3-B7A6-00A0C94C6AE0} (ParallelGraphics Cortona VRML 1.0 to VRML 2.0 convertor) - http://www.parallelgraphics.com/bin/cortvrml10.cab
    O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader....
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4440221E-9A4D-432A-B970-D4202B3C0651}: NameServer = 80.118.196.40
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - D:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)



    18 Mars 2007 14:34:19

    Je pense que ca y est je n'ai plus d'infection, tout a été supprimé, non? moi en tout cas je n'ai plus d'alertes de mon antivirus.

    Alors je te remercie beaucoup car c'était une vrai plaie ces trucs.

    Tu as fait du super boulot!!!!!!!
    Merci merci
    a b 8 Sécurité
    18 Mars 2007 20:20:47

    J'espère que c'est ok.
    Reposte un rapport Hijackthis.
    18 Mars 2007 23:50:09

    voilà je t'en reposte un:
    Logfile of HijackThis v1.99.1
    Scan saved at 23:49:43, on 18/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\acer\epm\epm-dm.exe
    C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Acer\eRecovery\Monitor.exe
    C:\PROGRA~1\SOFTWIN\BITDEF~1\bdswitch.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    D:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
    C:\PROGRA~1\SOFTWIN\BITDEF~1\bdnagent.exe
    C:\PROGRA~1\WANADOO\TaskBarIcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    D:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    D:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    D:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Program Files\eMule\emule.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender9\vsserv.exe
    c:\progra~1\softwin\bitdef~1\bdmcon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.incredimail.com/french
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: IE DevToolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
    O3 - Toolbar: &Accessibility Toolbar - {11352A67-0178-46B1-8855-D50B2F81C054} - C:\PROGRA~1\WAT_FR1\ACCESS~1.DLL
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [BDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [Install5G] E:\Install.exe plug_ethernet
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\SOFTWIN\BITDEF~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
    O4 - HKLM\..\Run: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Stardock ObjectDock.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    O4 - Startup: Y'z Toolbar.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {10B80391-96A7-11D3-B7A6-00A0C94C6AE0} (ParallelGraphics Cortona Java Support) - http://www.parallelgraphics.com/bin/cortjava.cab
    O16 - DPF: {10B80396-96A7-11D3-B7A6-00A0C94C6AE0} (ParallelGraphics Cortona VRML 1.0 to VRML 2.0 convertor) - http://www.parallelgraphics.com/bin/cortvrml10.cab
    O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader....
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4440221E-9A4D-432A-B970-D4202B3C0651}: NameServer = 80.118.196.40
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - D:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

    a b 8 Sécurité
    19 Mars 2007 13:19:24

    Tu as d'autres problèmes ?
    20 Mars 2007 20:09:22

    Non tout est ok merci beaucoup à toi tu m'as bcp aidé, sans toi je m'en serai jamais sorti.

    Merci merci et j'epère pas a bientot.


    a b 8 Sécurité
    20 Mars 2007 20:17:27

    Bonne continuation :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS