SOS Comment supprimer Security Toolbar 7.1 ?

bjr,
merci pour l'information concernant l'infection de mon micro par vundo.
je vais effectuer ce que tu me conseille de faire.
étant novice en informatique j'espère ne pas avoir trop de soucis pour y arriver.
quand tu écris (colle le rapport) , je suppose que tu souhaites que je mette le rapport de chaque opération ici comme j'ai fait pour les rapports précédents ?
a+

bonsoir,

j'ai exécuté :

- vundofix
- virtumondebegone
- combofix

ci-dessous les rapports de chaque scan

j'ai aussi exécuté hijackthis après chacun des scans ci-dessus
pour moi le contenu des rapports c'est de l'hébreux lol

j'ai aussi lancé bitdefender en ligne mais le scan c'est bloqué au bout de 2 heures environ , j'ai stoppé l'analyse
j'ai l'intention d'essayer panda et secuser après
faut il que j'essaye a nouveau bitdefender ?

les 2 icones qui se trouvaient sur le bureau et la barre security toolbar 7 ainsi que le triangle jaune dans la barre du bas ont disparu
les infections seraient telles supprimées ?

que dois je faire pour etre sur de ne plus avoir à nouveau ces pbs ?

le pb qui reste : j'ai l'appli limewire qui démarre toute seule sur le bureau et je me demande si ce n'est pas par là que j'ai chopé toutes ces merdes...
comment virer limewire?
une fois que tout sera nickel j'ai l'intention d'installer avast ?
encore merci pour ton aide.
______________________________________________

Rapport du scan de Vundofix

VundoFix V6.5.11

Checking Java version...

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Scan started at 20:35:08 13/11/2007

Listing files found while scanning....

C:\WINDOWS\system32\atmfshua.dll

Beginning removal...

Beginning removal...

Attempting to delete C:\WINDOWS\system32\atmfshua.dll
C:\WINDOWS\system32\atmfshua.dll Has been deleted!

Performing Repairs to the registry.
Done!
____________________________________

Rapport de virtumondebegone

[11/13/2007, 21:11:56] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Brice DANIEL\Mes documents\Mes Programmes\Antivirus\VirtumundoBeGone.exe" )
[11/13/2007, 21:12:12] - Detected System Information:
[11/13/2007, 21:12:13] - Windows Version: 5.1.2600, Service Pack 1
[11/13/2007, 21:12:13] - Current Username: Brice DANIEL (Admin)
[11/13/2007, 21:12:13] - Windows is in NORMAL mode.
[11/13/2007, 21:12:13] - Searching for Browser Helper Objects:
[11/13/2007, 21:12:13] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[11/13/2007, 21:12:13] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[11/13/2007, 21:12:13] - BHO 3: {1C1DD717-53B2-485E-A17B-C9977C205E10} ()
[11/13/2007, 21:12:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 21:12:13] - Checking for HKLM\...\Winlogon\Notify\gebbabx
[11/13/2007, 21:12:13] - Found: HKLM\...\Winlogon\Notify\gebbabx - This is probably Virtumundo.
[11/13/2007, 21:12:13] - Assigning {1C1DD717-53B2-485E-A17B-C9977C205E10} MSEvents Object
[11/13/2007, 21:12:13] - BHO list has been changed! Starting over...
[11/13/2007, 21:12:13] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[11/13/2007, 21:12:13] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[11/13/2007, 21:12:13] - BHO 3: {1C1DD717-53B2-485E-A17B-C9977C205E10} (MSEvents Object)
[11/13/2007, 21:12:13] - ALERT: Found MSEvents Object!
[11/13/2007, 21:12:13] - BHO 4: {2BF7CDA0-872B-4164-A239-98DDDEB09E56} ()
[11/13/2007, 21:12:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 21:12:13] - Checking for HKLM\...\Winlogon\Notify\pmkjh
[11/13/2007, 21:12:14] - Key not found: HKLM\...\Winlogon\Notify\pmkjh, continuing.
[11/13/2007, 21:12:14] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} ()
[11/13/2007, 21:12:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 21:12:14] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[11/13/2007, 21:12:14] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[11/13/2007, 21:12:14] - BHO 6: {549B5CA7-4A86-11D7-A4DF-000874180BB3} ()
[11/13/2007, 21:12:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 21:12:14] - No filename found. Continuing.
[11/13/2007, 21:12:14] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/13/2007, 21:12:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 21:12:14] - No filename found. Continuing.
[11/13/2007, 21:12:14] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[11/13/2007, 21:12:14] - BHO 9: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
[11/13/2007, 21:12:14] - BHO 10: {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} (Camfrog Toolbar)
[11/13/2007, 21:12:14] - BHO 11: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[11/13/2007, 21:12:14] - BHO 12: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
[11/13/2007, 21:12:14] - BHO 13: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[11/13/2007, 21:12:14] - BHO 14: {daf2e1aa-af87-40b5-8173-e735cf6f431a} ()
[11/13/2007, 21:12:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 21:12:14] - Checking for HKLM\...\Winlogon\Notify\qjknuajl
[11/13/2007, 21:12:14] - Key not found: HKLM\...\Winlogon\Notify\qjknuajl, continuing.
[11/13/2007, 21:12:14] - BHO 15: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
[11/13/2007, 21:12:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 21:12:15] - No filename found. Continuing.
[11/13/2007, 21:12:15] - Finished Searching Browser Helper Objects
[11/13/2007, 21:12:15] - *** Detected MSEvents Object
[11/13/2007, 21:12:15] - Trying to remove MSEvents Object...
[11/13/2007, 21:12:16] - Terminating Process: IEXPLORE.EXE
[11/13/2007, 21:12:17] - Terminating Process: RUNDLL32.EXE
[11/13/2007, 21:12:17] - Disabling Automatic Shell Restart
[11/13/2007, 21:12:17] - Terminating Process: EXPLORER.EXE
[11/13/2007, 21:12:17] - Suspending the NT Session Manager System Service
[11/13/2007, 21:12:17] - Terminating Windows NT Logon/Logoff Manager
[11/13/2007, 21:12:18] - Re-enabling Automatic Shell Restart
[11/13/2007, 21:12:18] - File to disable: C:\WINDOWS\System32\gebbabx.dll
[11/13/2007, 21:12:18] - Renaming C:\WINDOWS\System32\gebbabx.dll -> C:\WINDOWS\System32\gebbabx.dll.vir
[11/13/2007, 21:12:19] - File successfully renamed!
[11/13/2007, 21:12:19] - Removing HKLM\...\Browser Helper Objects\{1C1DD717-53B2-485E-A17B-C9977C205E10}
[11/13/2007, 21:12:19] - Removing HKCR\CLSID\{1C1DD717-53B2-485E-A17B-C9977C205E10}
[11/13/2007, 21:12:19] - Adding Kill Bit for ActiveX for GUID: {1C1DD717-53B2-485E-A17B-C9977C205E10}
[11/13/2007, 21:12:19] - Deleting ATLEvents/MSEvents Registry entries
[11/13/2007, 21:12:19] - Removing HKLM\...\Winlogon\Notify\gebbabx
[11/13/2007, 21:12:19] - Searching for Browser Helper Objects:
[11/13/2007, 21:12:19] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[11/13/2007, 21:12:19] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[11/13/2007, 21:12:19] - BHO 3: {2BF7CDA0-872B-4164-A239-98DDDEB09E56} ()
[11/13/2007, 21:12:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 21:12:19] - Checking for HKLM\...\Winlogon\Notify\pmkjh
[11/13/2007, 21:12:20] - Key not found: HKLM\...\Winlogon\Notify\pmkjh, continuing.
[11/13/2007, 21:12:20] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[11/13/2007, 21:12:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 21:12:20] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[11/13/2007, 21:12:20] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[11/13/2007, 21:12:20] - BHO 5: {549B5CA7-4A86-11D7-A4DF-000874180BB3} ()
[11/13/2007, 21:12:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 21:12:20] - No filename found. Continuing.
[11/13/2007, 21:12:20] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/13/2007, 21:12:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 21:12:20] - No filename found. Continuing.
[11/13/2007, 21:12:20] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[11/13/2007, 21:12:20] - BHO 8: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
[11/13/2007, 21:12:20] - BHO 9: {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} (Camfrog Toolbar)
[11/13/2007, 21:12:20] - BHO 10: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[11/13/2007, 21:12:20] - BHO 11: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
[11/13/2007, 21:12:20] - BHO 12: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[11/13/2007, 21:12:20] - BHO 13: {daf2e1aa-af87-40b5-8173-e735cf6f431a} ()
[11/13/2007, 21:12:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 21:12:20] - Checking for HKLM\...\Winlogon\Notify\qjknuajl
[11/13/2007, 21:12:20] - Key not found: HKLM\...\Winlogon\Notify\qjknuajl, continuing.
[11/13/2007, 21:12:20] - BHO 14: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
[11/13/2007, 21:12:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/13/2007, 21:12:21] - No filename found. Continuing.
[11/13/2007, 21:12:21] - Finished Searching Browser Helper Objects
[11/13/2007, 21:12:21] - Finishing up...
[11/13/2007, 21:12:21] - A restart is needed.
[11/13/2007, 21:12:33] - Attempting to Restart via STOP error (Blue Screen!)
___________________________________________________________________

Rapport de combofix

ComboFix 07-11-08.1 - Brice DANIEL 2007-11-13 21:38:52.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.1.1252.1.1036.18.100 [GMT 1:00]Running from: C:\Documents and Settings\Brice DANIEL\Mes documents\Mes Programmes\Antivirus\ComboFix.exe
* Created a new restore point
.

Incapable d'obtenir les privilèges Système

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Administrateur\Favoris\Online Security Guide.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\Brice DANIEL\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Brice DANIEL\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Brice DANIEL\Favoris\Online Security Guide.lnk
C:\WINDOWS\b147.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\atmfshua.dllbox
C:\WINDOWS\system32\gtwlkikb.dll
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.bak2
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\rasthsju.dll
C:\WINDOWS\system32\yklssrqa.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-13 to 2007-11-13 ))))))))))))))))))))))))))))))))))))
.

2007-11-13 21:35 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-13 21:34 89,664 --a------ C:\WINDOWS\system32\flehifvy.dll
2007-11-13 21:33 <REP> d-------- C:\Documents and Settings\Brice DANIEL\Incomplete
2007-11-13 21:31 81,472 --a------ C:\WINDOWS\system32\wqvvtnos.dll
2007-11-13 21:28 71,232 --a------ C:\WINDOWS\system32\wuwmbsdj.exe
2007-11-13 21:22 81,472 --a------ C:\WINDOWS\system32\nnwcajcg.dll
2007-11-13 21:15 71,232 --a------ C:\WINDOWS\system32\bbxwnlee.exe
2007-11-13 20:50 81,472 --a------ C:\WINDOWS\system32\qjknuajl.dll
2007-11-13 20:47 71,232 --a------ C:\WINDOWS\system32\ppmxehee.exe
2007-11-13 20:35 <REP> d-------- C:\VundoFix Backups
2007-11-13 20:22 81,472 --a------ C:\WINDOWS\system32\opopbdrr.dll
2007-11-13 00:48 81,472 --a------ C:\WINDOWS\system32\huhsawuh.dll
2007-11-13 00:42 71,232 --a------ C:\WINDOWS\system32\ycacdmgs.exe
2007-11-12 21:57 81,472 --a------ C:\WINDOWS\system32\vbxieobi.dll
2007-11-12 21:07 <REP> d-------- C:\Documents and Settings\Brice DANIEL\Shared
2007-11-12 21:06 <REP> d-------- C:\Documents and Settings\Brice DANIEL\Application Data\LimeWire
2007-11-12 01:00 <REP> d-------- C:\Program Files\Navilog1
2007-11-11 18:10 6,028 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 17:58 <REP> d-------- C:\Documents and Settings\Brice DANIEL\Application Data\Grisoft
2007-11-11 17:53 <REP> C:\Documents and Settings\Administrateur\Application Data\Dossier de t‚l‚chargement Share-to-Web
2007-11-11 17:50 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2007-11-11 17:50 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2007-11-11 17:50 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-11-11 17:50 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2007-11-11 17:50 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2007-11-11 17:50 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2007-11-11 17:50 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2007-11-11 17:50 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-11-11 17:50 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust
2007-11-11 17:44 <REP> d-------- C:\Program Files\a-squared Free
2007-11-11 17:43 <REP> d-------- C:\Program Files\RegCleaner
2007-11-11 17:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-11 17:41 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-11 13:59 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-11 11:30 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-11-11 11:02 79,936 --a------ C:\WINDOWS\system32\eltaqxdw.dll
2007-11-11 09:02 79,936 --a------ C:\WINDOWS\system32\tjynpyck.dll
2007-11-09 00:02 <REP> d-------- C:\Documents and Settings\Brice DANIEL\Application Data\CamfrogWEB
2007-11-08 21:48 145,984 --a------ C:\WINDOWS\system32\rwykldft.dll
2007-11-06 22:47 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-06 22:44 35,328 --a------ C:\WINDOWS\system32\gebbabx.dll.vir
2007-11-06 22:44 82 --a------ C:\n.bat
2007-11-06 22:44 0 --a------ C:\z.dat
2007-11-06 22:43 <REP> d-------- C:\WINDOWS\system32\Mz18r
2007-11-06 22:43 <REP> d-------- C:\Temp\mZOr
2007-11-06 21:33 700,416 --a------ C:\WINDOWS\system32\mcs_cor1.dll
2007-11-06 21:33 245,760 --a------ C:\WINDOWS\system32\mcs_cor2.dll
2007-11-06 21:33 147,456 --a------ C:\WINDOWS\system32\mcs_vfw.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-13 20:26 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-11-13 19:33 --------- d-----w C:\Program Files\Wanadoo
2007-11-13 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-12 20:49 17,332 ----a-w C:\Documents and Settings\Brice DANIEL\Application Data\wklnhst.dat
2007-11-12 20:06 --------- d-----w C:\Program Files\LimeWire
2007-11-11 23:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-11 16:53 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Dossier de téléchargement Share-to-Web
2007-11-11 08:39 --------- d-----w C:\Program Files\TuneUp Utilities 2004
2007-11-09 20:54 49 ----a-w C:\Documents and Settings\Brice DANIEL\Application Data\internaldb41.dat
2007-11-09 20:54 381 ----a-w C:\Documents and Settings\Brice DANIEL\Application Data\internaldb1942.dat
2007-11-09 20:29 18,432 ----a-w C:\Documents and Settings\Brice DANIEL\Application Data\internaldb4827.dat
2007-11-09 20:28 523 ----a-w C:\Documents and Settings\Brice DANIEL\Application Data\internaldb292.dat
2007-11-08 22:16 --------- d-----w C:\Program Files\Norton AntiVirus
2007-11-08 21:29 --------- d-----w C:\Program Files\eMule
2007-11-08 21:29 --------- d-----w C:\Documents and Settings\Brice DANIEL\Application Data\uTorrent
2007-11-08 21:29 --------- d-----w C:\Documents and Settings\Brice DANIEL\Application Data\Camfrog
2007-11-06 21:47 278,544 ----a-w C:\WINDOWS\Fonts\Setup.exe
2007-11-06 21:42 278,543 --sh--w C:\WINDOWS\Fonts\svchost.exe
2007-10-25 18:47 --------- d-----w C:\Program Files\carasexe
2007-09-16 09:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-09-16 09:36 --------- d-----w C:\Program Files\Voile
2007-09-13 22:44 --------- d-----w C:\Program Files\MSN Messenger
2007-09-13 20:16 --------- d-----w C:\Program Files\Google
2006-12-19 20:48 6,144 ----a-w C:\Documents and Settings\Brice DANIEL\Application Data\internaldb8467.dat
2004-04-05 18:37:28 32 --sha-w C:\WINDOWS\{23BC0138-1F89-4B44-8FB4-98FCA06184F6}.dat
2002-08-30 11:00:00 77,824 --sha-w C:\WINDOWS\system32\asycfilt.dll
2002-08-30 11:00:00 557,056 --sha-w C:\WINDOWS\system32\comctl32.dll
2004-04-18 00:00:50 13 -csha-r C:\WINDOWS\system32\IEcacher.dll
2002-08-30 11:00:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll
2002-08-30 11:00:00 401,462 --sha-w C:\WINDOWS\system32\msvcp60.dll
2002-08-30 11:00:00 323,072 --sha-w C:\WINDOWS\system32\msvcrt.dll
2002-08-30 11:00:00 253,952 -csha-w C:\WINDOWS\system32\msvcrt20.dll
2002-08-30 11:00:00 569,344 --sha-w C:\WINDOWS\system32\oleaut32.dll
2002-08-30 11:00:00 106,496 --sha-w C:\WINDOWS\system32\olepro32.dll
2004-03-16 19:44:16 30,749 -csha-w C:\WINDOWS\system32\vbajet32.dll
2004-04-05 18:37:28 32 --sha-w C:\WINDOWS\system32\{1A68DC72-8E74-45DE-B57D-C4370C25788B}.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{176d9a7f-bd96-4c84-b354-0ecc9a0e1b12}]
2007-11-13 21:31 81472 --a------ C:\WINDOWS\System32\wqvvtnos.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOWATCH"="C:\PROGRA~1\WANADOO\Watch.exe" [2004-10-13 16:12]
"WOOTASKBARICON"="C:\PROGRA~1\WANADOO\TaskbarIcon.exe" [2004-10-13 16:12]
"WooCnxMon"="C:\PROGRA~1\WANADOO\CnxMon.exe" [2004-10-13 16:12]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2003-06-30 14:30]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-04-24 16:51]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-04-24 16:44]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42]
"PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 15:02]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-11 00:49]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2002-11-25 10:23]
"LaunchApp"="LaunApp" []
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2003-05-12 14:28]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-29 22:31]
"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2003-05-16 11:49]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-05-12 15:05]
"ccRegVfy"="C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" [2003-07-15 14:42]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2003-07-15 14:36]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-19 21:10]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-02-14 11:59 C:\WINDOWS\AGRSMMSG.exe]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2004-02-25 16:15]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-25 17:15]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-25 17:06]
"SSC_UserPrompt"="C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-10 11:57]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-03-16 16:56]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-07 21:10]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 18:14]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-09 19:12]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-10-25 06:37]
"AS00_WPN511"="C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe" [2006-01-20 13:15]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 15:52]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-11-06 22:42]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"1c207607"="C:\WINDOWS\System32\flehifvy.dll" [2007-11-13 21:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTEGPRS"="C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe" [2004-05-11 09:43]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-03 20:22]
"Microsoft NetMeeting"="C:\Program Files\NetMeeting\conf.exe" [2002-08-30 12:00]
"Camfrog"="C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" [2003-09-29 07:22]
"Wanadoo GPRS"="C:\Program Files\Wanadoo GPRS\WanaGPRS.exe" [2004-01-07 17:15]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"!CleanupNetMeetingDispDriver"="C:\WINDOWS\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\pmkjh.dll

R1 Hotkey;Hotkey;C:\WINDOWS\System32\drivers\Hotkey.sys
R1 Wbutton;Wbutton;C:\WINDOWS\System32\drivers\Wbutton.sys
R3 AWINDIS5;AWINDIS5 Protocol Driver;\??\C:\WINDOWS\System32\AWINDIS5.SYS
R3 POWERKEY;POWERKEY;\??\C:\Program Files\Launch Manager\POWERKEY.sys
S3 Ip6FwHlp;Pare-feu de connexion Internet IPv6;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 NETGEAR_WPN511_SERVICE;NETGEAR WPN511 Wireless Adapter Service;C:\WINDOWS\System32\DRIVERS\wpn511.sys
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\System32\DRIVERS\CamDrL21.sys
S3 SI15CI;SI15CI;\??\C:\WINDOWS\System32\SI15CI.SYS
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\System32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\System32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\System32\DRIVERS\sscdmdm.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-07-13 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
"2007-11-13 21:05:02 C:\WINDOWS\Tasks\ABC232D091EDA76C.job"
- c:\docume~1\briced~1\applic~1\thesix~1\JugsBindGram.exe
"2007-09-21 18:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur.job"
"2007-11-13 19:57:01 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2007-11-12 21:10:00 C:\WINDOWS\Tasks\WebReg 20041009221026.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-13 21:51:37
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-13 22:07:29 - machine was rebooted
.
--- E O F ---
______________________________________________________________________

Rapport de hijackthis après scan vundofix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05:45, on 13/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\WANADOO\TaskbarIcon.exe
C:\PROGRA~1\WANADOO\CnxMon.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\NetMeeting\conf.exe
C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\limewire\limewire.exe
C:\Documents and Settings\Brice DANIEL\Bureau\abcd.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C1DD717-53B2-485E-A17B-C9977C205E10} - C:\WINDOWS\System32\gebbabx.dll
O2 - BHO: (no name) - {2BF7CDA0-872B-4164-A239-98DDDEB09E56} - C:\WINDOWS\System32\pmkjh.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: {a134f6fc-537e-3718-5b04-78faaa1e2fad} - {daf2e1aa-af87-40b5-8173-e735cf6f431a} - C:\WINDOWS\System32\qjknuajl.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AS00_WPN511] C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe -hide
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [1c207607] rundll32.exe "C:\WINDOWS\System32\mpwefxrq.dll",b
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Microsoft NetMeeting] "C:\Program Files\NetMeeting\conf.exe" -Background
O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - HKCU\..\Run: [Wanadoo GPRS] C:\Program Files\Wanadoo GPRS\WanaGPRS.exe /restore
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112fd.bay112.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {A5173EA8-1337-4BAB-A67E-198C9919D9CC} (Loader Class) - http://213.11.100.127/websetup/websetup2.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: gebbabx - C:\WINDOWS\SYSTEM32\gebbabx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\ljniiwvf.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

il me semble qu'il manque un bout du rapport hijackthis apres scan de combofix
ci-dessous le repport

Rapport de hijackthis après scan combofix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:12:07, on 13/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\WANADOO\TaskbarIcon.exe
C:\PROGRA~1\WANADOO\CnxMon.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\NetMeeting\conf.exe
C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\limewire\limewire.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Brice DANIEL\Bureau\abcd.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {21b1e0a9-cce0-453b-48c4-69dbf7a9d671} - {176d9a7f-bd96-4c84-b354-0ecc9a0e1b12} - C:\WINDOWS\System32\wqvvtnos.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AS00_WPN511] C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe -hide
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [1c207607] rundll32.exe "C:\WINDOWS\System32\flehifvy.dll",b
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Microsoft NetMeeting] "C:\Program Files\NetMeeting\conf.exe" -Background
O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - HKCU\..\Run: [Wanadoo GPRS] C:\Program Files\Wanadoo GPRS\WanaGPRS.exe /restore
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112fd.bay112.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {A5173EA8-1337-4BAB-A67E-198C9919D9CC} (Loader Class) - http://213.11.100.127/websetup/websetup2.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

bonsoir,
j'ai effectué toutes les opérations préconisées dans le message précédent.
pas de pbs particuliers de rencontré, tout s'est bien déroulé
ci dessous rapports :
- OTMoveIt
- clean
- conbofix
- hijackthis

faut-il refaire un scan avec bitdefender, panda, secuser, scan ?

merci de m'indiquer la marche à suivre
y a t'il une procédure pariculière pour désinstaller norton antivirus (licence périmée) pour le remplacer par avast

merci d'avance
__________________________________________________
Rapport OTMoveIt

DllUnregisterServer procedure not found in C:\WINDOWS\System32\flehifvy.dll
C:\WINDOWS\System32\flehifvy.dll NOT unregistered.
C:\WINDOWS\System32\flehifvy.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\wqvvtnos.dll
C:\WINDOWS\System32\wqvvtnos.dll NOT unregistered.
C:\WINDOWS\System32\wqvvtnos.dll moved successfully.

Created on 11/14/2007 21:55:30
______________________________________________

Rapport clean

14/11/2007 a 23:35:51,45

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !

_____________________________________________

Rapport combofix

ComboFix 07-11-08.1 - Brice DANIEL 2007-11-14 23:29:30.4 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\Brice DANIEL\Mes documents\Mes Programmes\Antivirus\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-10-14 to 2007-11-14 ))))))))))))))))))))))))))))))))))))
.

2007-11-14 19:26 <REP> d--h----- C:\WINDOWS\PIF
2007-11-14 01:17 <REP> d-------- C:\WINDOWS\report
2007-11-14 01:16 <REP> d-------- C:\WINDOWS\AU_Backup
2007-11-14 01:16 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-11-14 01:16 267,845 --a------ C:\WINDOWS\tsc.exe
2007-11-14 01:16 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-11-14 01:16 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-11-14 01:12 <REP> d-------- C:\WINDOWS\AU_Temp
2007-11-14 01:12 <REP> d-------- C:\WINDOWS\AU_Log
2007-11-14 01:11 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-11-14 01:11 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-11-14 01:11 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-11-13 21:35 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-13 21:33 <REP> d-------- C:\Documents and Settings\Brice DANIEL\Incomplete
2007-11-13 21:22 81,472 --a------ C:\WINDOWS\system32\nnwcajcg.dll
2007-11-13 20:50 81,472 --a------ C:\WINDOWS\system32\qjknuajl.dll
2007-11-13 20:35 <REP> d-------- C:\VundoFix Backups
2007-11-13 20:22 81,472 --a------ C:\WINDOWS\system32\opopbdrr.dll
2007-11-13 00:48 81,472 --a------ C:\WINDOWS\system32\huhsawuh.dll
2007-11-12 21:57 81,472 --a------ C:\WINDOWS\system32\vbxieobi.dll
2007-11-12 21:07 <REP> d-------- C:\Documents and Settings\Brice DANIEL\Shared
2007-11-12 21:06 <REP> d-------- C:\Documents and Settings\Brice DANIEL\Application Data\LimeWire
2007-11-11 18:10 6,028 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 17:58 <REP> d-------- C:\Documents and Settings\Brice DANIEL\Application Data\Grisoft
2007-11-11 17:53 <REP> C:\Documents and Settings\Administrateur\Application Data\Dossier de téléchargement Share-to-Web
2007-11-11 17:50 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2007-11-11 17:50 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2007-11-11 17:50 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-11-11 17:50 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2007-11-11 17:50 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2007-11-11 17:50 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2007-11-11 17:50 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2007-11-11 17:50 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-11-11 17:50 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust
2007-11-11 17:44 <REP> d-------- C:\Program Files\a-squared Free
2007-11-11 17:43 <REP> d-------- C:\Program Files\RegCleaner
2007-11-11 17:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-11 17:41 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-11 13:59 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-11 11:30 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-11-11 11:02 79,936 --a------ C:\WINDOWS\system32\eltaqxdw.dll
2007-11-11 09:02 79,936 --a------ C:\WINDOWS\system32\tjynpyck.dll
2007-11-09 00:02 <REP> d-------- C:\Documents and Settings\Brice DANIEL\Application Data\CamfrogWEB
2007-11-08 21:48 145,984 --a------ C:\WINDOWS\system32\rwykldft.dll
2007-11-06 22:47 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-06 22:44 35,328 --a------ C:\WINDOWS\system32\gebbabx.dll.vir
2007-11-06 22:44 82 --a------ C:\n.bat
2007-11-06 22:44 0 --a------ C:\z.dat
2007-11-06 22:43 <REP> d-------- C:\WINDOWS\system32\Mz18r
2007-11-06 22:43 <REP> d-------- C:\Temp\mZOr
2007-11-06 21:33 700,416 --a------ C:\WINDOWS\system32\mcs_cor1.dll
2007-11-06 21:33 245,760 --a------ C:\WINDOWS\system32\mcs_cor2.dll
2007-11-06 21:33 147,456 --a------ C:\WINDOWS\system32\mcs_vfw.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-14 22:22 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-11-14 22:16 --------- d-----w C:\Program Files\Wanadoo
2007-11-14 20:50 --------- d-----w C:\Program Files\Java
2007-11-14 20:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-13 22:51 22 ----a-w C:\WINDOWS\Fonts\a.zip
2007-11-12 20:49 17,332 ----a-w C:\Documents and Settings\Brice DANIEL\Application Data\wklnhst.dat
2007-11-12 20:06 --------- d-----w C:\Program Files\LimeWire
2007-11-11 23:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-11 08:39 --------- d-----w C:\Program Files\TuneUp Utilities 2004
2007-11-09 20:54 49 ----a-w C:\Documents and Settings\Brice DANIEL\Application Data\internaldb41.dat
2007-11-09 20:54 381 ----a-w C:\Documents and Settings\Brice DANIEL\Application Data\internaldb1942.dat
2007-11-09 20:29 18,432 ----a-w C:\Documents and Settings\Brice DANIEL\Application Data\internaldb4827.dat
2007-11-09 20:28 523 ----a-w C:\Documents and Settings\Brice DANIEL\Application Data\internaldb292.dat
2007-11-08 22:16 --------- d-----w C:\Program Files\Norton AntiVirus
2007-11-08 21:29 --------- d-----w C:\Program Files\eMule
2007-11-08 21:29 --------- d-----w C:\Documents and Settings\Brice DANIEL\Application Data\uTorrent
2007-11-08 21:29 --------- d-----w C:\Documents and Settings\Brice DANIEL\Application Data\Camfrog
2007-10-25 18:47 --------- d-----w C:\Program Files\carasexe
2007-09-16 09:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-09-16 09:36 --------- d-----w C:\Program Files\Voile
2006-12-19 20:48 6,144 ----a-w C:\Documents and Settings\Brice DANIEL\Application Data\internaldb8467.dat
2004-04-05 18:37:28 32 --sha-w C:\WINDOWS\{23BC0138-1F89-4B44-8FB4-98FCA06184F6}.dat
2002-08-30 11:00:00 77,824 --sha-w C:\WINDOWS\system32\asycfilt.dll
2002-08-30 11:00:00 557,056 --sha-w C:\WINDOWS\system32\comctl32.dll
2004-04-18 00:00:50 13 -csha-r C:\WINDOWS\system32\IEcacher.dll
2002-08-30 11:00:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll
2002-08-30 11:00:00 401,462 --sha-w C:\WINDOWS\system32\msvcp60.dll
2002-08-30 11:00:00 323,072 --sha-w C:\WINDOWS\system32\msvcrt.dll
2002-08-30 11:00:00 253,952 -csha-w C:\WINDOWS\system32\msvcrt20.dll
2002-08-30 11:00:00 569,344 --sha-w C:\WINDOWS\system32\oleaut32.dll
2002-08-30 11:00:00 106,496 --sha-w C:\WINDOWS\system32\olepro32.dll
2004-03-16 19:44:16 30,749 -csha-w C:\WINDOWS\system32\vbajet32.dll
2004-04-05 18:37:28 32 --sha-w C:\WINDOWS\system32\{1A68DC72-8E74-45DE-B57D-C4370C25788B}.dat
.

((((((((((((((((((((((((((((( snapshot@2007-11-13_21.54.43.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 00:46:20 71,749 ----a-w C:\WINDOWS\AU_Temp\1\27\hcextoutput.dll
+ 2007-11-07 00:46:20 267,845 ----a-w C:\WINDOWS\AU_Temp\1\27\tsc.exe
+ 2005-11-09 19:05:12 86,094 ----a-w C:\WINDOWS\AU_Temp\2\4\BPMNT.dll
+ 2007-06-12 17:49:28 1,163,344 ----a-w C:\WINDOWS\AU_Temp\2\4\vsapi32.dll
+ 1999-07-23 09:53:20 129,536 ----a-w C:\WINDOWS\AuHCcup1.dll
+ 2007-11-13 21:19:43 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2007-11-13 21:19:44 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2007-11-13 21:19:44 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2007-11-13 21:19:49 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
- 2006-05-25 00:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2007-11-14 02:04:20 77,824 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2007-11-13 21:19:50 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2007-11-13 21:19:44 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2002-10-15 13:29:40 77,824 ----a-w C:\WINDOWS\loadhttp.dll
+ 2001-12-14 12:34:46 164,864 ----a-w C:\WINDOWS\patchw32.dll
+ 2005-11-02 17:07:12 99,328 ----a-w C:\WINDOWS\runtsckl.exe
- 2007-11-13 19:57:01 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-11-14 19:57:04 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-11-13 19:57:01 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2007-11-14 19:57:04 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2007-11-14 19:57:04 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-08-26 14:55:46 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-24 21:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2005-08-26 14:55:58 49,250 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-24 21:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2005-08-26 17:14:46 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-09-24 22:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOWATCH"="C:\PROGRA~1\WANADOO\Watch.exe" [2004-10-13 16:12]
"WOOTASKBARICON"="C:\PROGRA~1\WANADOO\TaskbarIcon.exe" [2004-10-13 16:12]
"WooCnxMon"="C:\PROGRA~1\WANADOO\CnxMon.exe" [2004-10-13 16:12]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2003-06-30 14:30]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-04-24 16:51]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-04-24 16:44]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42]
"PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 15:02]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-11 00:49]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2002-11-25 10:23]
"LaunchApp"="LaunApp" []
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2003-05-12 14:28]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-29 22:31]
"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2003-05-16 11:49]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-05-12 15:05]
"ccRegVfy"="C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" [2003-07-15 14:42]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2003-07-15 14:36]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-19 21:10]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-02-14 11:59 C:\WINDOWS\AGRSMMSG.exe]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2004-02-25 16:15]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-25 17:15]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-25 17:06]
"SSC_UserPrompt"="C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-10 11:57]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-03-16 16:56]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-07 21:10]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-10-25 06:37]
"AS00_WPN511"="C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe" [2006-01-20 13:15]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 15:52]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTEGPRS"="C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe" [2004-05-11 09:43]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"Microsoft NetMeeting"="C:\Program Files\NetMeeting\conf.exe" [2002-08-30 12:00]
"Camfrog"="C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" [2003-09-29 07:22]
"Wanadoo GPRS"="C:\Program Files\Wanadoo GPRS\WanaGPRS.exe" [2004-01-07 17:15]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-05 15:18:26]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2004-12-25 19:22:49]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-04-03 20:22:29]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-01-11 22:56:13]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"=0 (0x0)

R1 Wbutton;Wbutton;C:\WINDOWS\System32\drivers\Wbutton.sys
S1 Hotkey;Hotkey;C:\WINDOWS\System32\drivers\Hotkey.sys
S3 AWINDIS5;AWINDIS5 Protocol Driver;\??\C:\WINDOWS\System32\AWINDIS5.SYS
S3 Ip6FwHlp;Pare-feu de connexion Internet IPv6;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 NETGEAR_WPN511_SERVICE;NETGEAR WPN511 Wireless Adapter Service;C:\WINDOWS\System32\DRIVERS\wpn511.sys
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\System32\DRIVERS\CamDrL21.sys
S3 POWERKEY;POWERKEY;\??\C:\Program Files\Launch Manager\POWERKEY.sys
S3 SI15CI;SI15CI;\??\C:\WINDOWS\System32\SI15CI.SYS
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\System32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\System32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\System32\DRIVERS\sscdmdm.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS

*Newly Created Service* - ADILOADER
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-07-13 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
"2007-11-14 22:00:00 C:\WINDOWS\Tasks\ABC232D091EDA76C.job"
- c:\docume~1\briced~1\applic~1\thesix~1\JugsBindGram.exe
"2007-09-21 18:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur.job"
"2007-11-14 19:57:08 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2007-11-14 21:10:00 C:\WINDOWS\Tasks\WebReg 20041009221026.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-14 23:33:11
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-14 23:34:27
.
--- E O F ---
__________________________________________________________

Rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:46:54, on 14/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\WANADOO\TaskbarIcon.exe
C:\PROGRA~1\WANADOO\CnxMon.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\NetMeeting\conf.exe
C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Brice DANIEL\Bureau\abcd.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AS00_WPN511] C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe -hide
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft NetMeeting] "C:\Program Files\NetMeeting\conf.exe" -Background
O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - HKCU\..\Run: [Wanadoo GPRS] C:\Program Files\Wanadoo GPRS\WanaGPRS.exe /restore
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112fd.bay112.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

bonsoir,
ci dessous rapport de virus total pour :

C:\WINDOWS\system32\nnwcajcg.dll
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.11.16.02007.11.15 -
AntiVir 7.6.0.34 2007.11.15 TR/Dldr.ConHook.Gen
Authentium 4.93.8 2007.11.15 -
Avast 4.7.1074.0 2007.11.14 -
AVG 7.5.0.503 2007.11.15 Lop
BitDefender 7.2 2007.11.15 -
CAT-QuickHeal9.00 2007.11.15 -
ClamAV 0.91.2 2007.11.15 -
DrWeb 4.44.0.091702007.11.15 -
eSafe 7.0.15.0 2007.11.14 -
eTrust-Vet 31.2.5297 2007.11.15 -
Ewido 4.0 2007.11.15 -
FileAdvisor 1 2007.11.15 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.14 -
F-Secure 6.70.13030.02007.11.15 Vundo.gen49
Ikarus T3.1.1.12 2007.11.15 -
Kaspersky 7.0.0.125 2007.11.15 -
McAfee 5164 2007.11.15 Vundo
Microsoft 1.3007 2007.11.12 -
NOD32v2 2661 2007.11.15 -
Norman 5.80.02 2007.11.15 W32/Virtumonde.IJR
Panda 9.0.0.4 2007.11.15 Suspicious file
Prevx1 V2 2007.11.15 Trojan.Vundo
Rising 20.18.31.00 2007.11.15 -
Sophos 4.23.0 2007.11.15 -
Sunbelt 2.2.907.0 2007.11.15 -
Symantec 10 2007.11.15 -
TheHacker 6.2.9.129 2007.11.15 -
VBA32 3.12.2.5 2007.11.15 -
VirusBuster 4.3.26:9 2007.11.15 -
Webwasher-Gateway6.0.12007.11.15 Trojan.Dldr.ConHook.Gen

Information additionnelle
File size: 81472 bytes
MD5: b7a8148c8915295a9e8bfd34871748ab
SHA1: b8b641a6058efd57eeb9a6f9ee79904ec7568699
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=3821B1D140B8653B3E1801F596078B0080CEAC18
____________________________________________

a suivre ...

bsr,
la barre de sécurity toolbar 7.1 n'apparait plus ainsi qyue le triangle jaune.
il n'y a plus d'affichage de pop up.

j'ai effectué un scan avec norton qui se trouve sur mon pc et il n'a rien détecté mais il est périmé depuis 3 mois : doute sur la fiabilité de la base des signatures de virus.

j'ai executé clean,
j'ai fait un scan en ligne avec symantec et mc afee et ensuite hijackthis
ci dessous les rapports

reste t'il quelque chose ?

rapport clean :
19/11/2007 a 19:04:04,50

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !

rapport panda :
Incident Statut Analyse

Outil indésirable:Application/Pskill.K No Désinfecté C:\Documents and Settings\Brice DANIEL\Bureau\clean\pskill.exe
Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Brice DANIEL\Bureau\SmitfraudFix\Process.exe
Outil indésirable:Application/SuperFast No Désinfecté C:\Documents and Settings\Brice DANIEL\Bureau\SmitfraudFix\restart.exe
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Brice DANIEL\Cookies\brice daniel@xiti[1].txt
Outil indésirable:Application/Pskill.K No Désinfecté C:\Documents and Settings\Brice DANIEL\Mes documents\Mes Programmes\Antivirus\clean.zip[clean/pskill.exe]
Outil indésirable:Application/NirCmd.A No Désinfecté C:\Documents and Settings\Brice DANIEL\Mes documents\Mes Programmes\Antivirus\ComboFix.exe[nircmd.exe]
Outil indésirable:Application/NirCmd.A No Désinfecté C:\Documents and Settings\Brice DANIEL\Mes documents\Mes Programmes\Antivirus\ComboFix.exe[nircmd.cfexe]
Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Brice DANIEL\Mes documents\Mes Programmes\Antivirus\SmitfraudFix\Process.exe
Outil indésirable:Application/SuperFast No Désinfecté C:\Documents and Settings\Brice DANIEL\Mes documents\Mes Programmes\Antivirus\SmitfraudFix\restart.exe
Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Brice DANIEL\Mes documents\Mes Programmes\Antivirus\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Outil indésirable:Application/SuperFast No Désinfecté C:\Documents and Settings\Brice DANIEL\Mes documents\Mes Programmes\Antivirus\SmitfraudFix.zip[SmitfraudFix/restart.exe]
Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Brice DANIEL\Mes documents\Mes Programmes\Antivirus\VirtumundoBeGone.exe
Spyware:Spyware/Virtumonde No Désinfecté C:\Documents and Settings\Brice DANIEL\Mes documents\Rapports\upload_moi_BD.tar.gz[upload_moi.tar][_OTMoveIt/MovedFiles/WINDOWS/System32/rwykldft.dll]
Spyware:Spyware/Virtumonde No Désinfecté C:\Documents and Settings\Brice DANIEL\Mes documents\Rapports\upload_moi_BD.tar.gz[upload_moi.tar][qoobox/Quarantine/catchme2007-11-13_215109.32.zip][pmkjh.dll]
Spyware:Spyware/Virtumonde No Désinfecté C:\qoobox\Quarantine\catchme2007-11-13_215109.32.zip[pmkjh.dll]
Spyware:Spyware/Virtumonde No Désinfecté C:\RECYCLER\S-1-5-21-2619762233-471999340-2045519698-1005\Dc2.gz[upload_moi.tar][qoobox/Quarantine/catchme2007-11-13_215109.32.zip][pmkjh.dll]
Spyware:Spyware/Virtumonde No Désinfecté C:\RECYCLER\S-1-5-21-2619762233-471999340-2045519698-1005\Dc2.gz[upload_moi.tar][WINDOWS/System32/rwykldft.dll]
Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\atmfshua.dll.bad
Outil indésirable:Application/NirCmd.A No Désinfecté C:\WINDOWS\NirCmd.exe
Adware:Adware/Beginto No Désinfecté C:\WINDOWS\system32\SearchEnhancer\uninstallSE.exe
Spyware:Spyware/Virtumonde No Désinfecté C:\_OTMoveIt\MovedFiles\WINDOWS\System32\rwykldft.dll
rapport symantec :
Etat des virus : Infecté !
Votre ordinateur est infecté par au moins une menace connue. Etat des virus :




136090 fichiers analysés, 4 fichier(s) infecté(s) sur vos lecteurs de disque.


Aucun virus n'a été détecté en mémoire.
Votre ordinateur ne contient pas de menaces connues. La détection de virus ne vérifie pas les fichiers compressés.
Votre ordinateur semble à présent en sécurité. Pour bénéficier d'une protection en temps réel contre les virus, les pirates et le vol d'informations, effectuez une mise à niveau vers Norton Internet Security(tm).

Aucun virus n'a été détecté en mémoire.
L'analyse a été annulée avant la fin. Pour redémarrer l'analyse, cliquez ici.
Votre ordinateur ne contient pas de menaces connues. La détection de virus ne vérifie pas les fichiers compressés.
Votre ordinateur semble à présent en sécurité. Pour bénéficier d'une protection en temps réel contre les virus, les pirates et le vol d'informations, effectuez une mise à niveau vers Norton Internet Security(tm).
Recherchez le nom des menaces indiquées ci-dessous sur le site Symantec Security Response pour obtenir des conseils de suppression.

Attention ! L'analyse a détecté un virus actif dans la mémoire de l'ordinateur.
L'analyse a été interrompue pour éviter toute infection ultérieure.
Vous devriez fermer l'ordinateur immédiatement et le redémarrer avec un disque de secours antivirus ou similaire.

Aucun virus n'a été détecté en mémoire.
Votre ordinateur est infecté par au moins un virus ou cheval de Troie connu.
Recherchez le nom des menaces indiquées ci-dessous sur le site Symantec Security Response pour obtenir des conseils de suppression.

Aucun virus n'a été détecté en mémoire.
Votre ordinateur est infecté par au moins un virus ou cheval de Troie connu.

Remarque : l'analyse a été annulée avant la fin. Il peut rester des fichiers infectés sur l'ordinateur.
Recherchez le nom des menaces indiquées ci-dessous sur le site Symantec Security Response pour obtenir des conseils de suppression.
Aucune analyse n'a été exécutée. Pour lancer la détection de virus, cliquez ici.
C:\_OTMoveIt\MovedFiles\WINDOWS\System32\eltaqxdw.dll est infecté par Trojan.Vundo.
C:\_OTMoveIt\MovedFiles\WINDOWS\System32\rwykldft.dll est infecté par Trojan.Vundo.
C:\_OTMoveIt\MovedFiles\WINDOWS\System32\tjynpyck.dll est infecté par Trojan.Vundo.
C:\VundoFix Backups\atmfshua.dll.bad est infecté par Trojan.Vundo.

rapport mcafee :
Liste des fichiers détectés
Nom du fichier
Nom de la menace
C:\Documents and Settings\...\clean.zip
RemAdm-PSKill
C:\Documents and Settings\...\Process.exe
PrcViewer
C:\Documents and Settings\...\SmitfraudFix.zip
PrcViewer
C:\...\upload_moi_BD.tar.gz
Vundo
C:\...\upload_moi_BD.tar.gz
Vundo
C:\...\upload_moi_BD.tar.gz
Vundo
C:\...\upload_moi_BD.tar.gz
Vundo
C:\...\upload_moi_BD.tar.gz
Vundo
C:\...\upload_moi_BD.tar.gz
Vundo
C:\...\upload_moi_BD.tar.gz
Vundo
C:\...\upload_moi_BD.tar.gz
Vundo
C:\...\upload_moi_BD.tar.gz
Vundo
C:\...\upload_moi_BD.tar.gz
Vundo


Liste des fichiers détectés
Nom du fichier
Nom de la menace
C:\Documents and Settings\...\clean\pskill.exe
RemAdm-PSKill
C:\Documents and Settings\...\Process.exe
PrcViewer
C:\Documents and Settings\...\SmitfraudFix.exe
PrcViewer
C:\Documents and Settings\...\SmitfraudFix.exe
Generic PUP.g
C:\Documents and Settings\...\clean.zip
RemAdm-PSKill
C:\Documents and Settings\...\Process.exe
PrcViewer
C:\Documents and Settings\...\SmitfraudFix.zip
PrcViewer
C:\...\upload_moi_BD.tar.gz
Vundo
C:\...\upload_moi_BD.tar.gz
Vundo
C:\...\upload_moi_BD.tar.gz
Vundo
C:\...\upload_moi_BD.tar.gz
Vundo
C:\...\upload_moi_BD.tar.gz
Vundo
C:\...\upload_moi_BD.tar.gz
Vundo
C:\...\upload_moi_BD.tar.gz
Vundo
C:\...\upload_moi_BD.tar.gz
Vundo
C:\...\upload_moi_BD.tar.gz
Vundo
C:\...\upload_moi_BD.tar.gz
Vundo
C:\qoobox\...\catchme2007-11-13_215109.32.zip
Vundo
C:\RECYCLER\...\Dc2.gz
Vundo
C:\RECYCLER\...\Dc2.gz
Vundo
C:\RECYCLER\...\Dc2.gz
Vundo
C:\RECYCLER\...\Dc2.gz
Vundo
C:\RECYCLER\...\Dc2.gz
Vundo
C:\RECYCLER\...\Dc2.gz
Vundo
C:\RECYCLER\...\Dc2.gz
Vundo

rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:38, on 19/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\WANADOO\TaskbarIcon.exe
C:\PROGRA~1\WANADOO\CnxMon.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\NetMeeting\conf.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Documents and Settings\Brice DANIEL\Bureau\abcd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AS00_WPN511] C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - HKCU\..\Run: [Wanadoo GPRS] C:\Program Files\Wanadoo GPRS\WanaGPRS.exe /restore
O4 - HKCU\..\Run: [Microsoft NetMeeting] "C:\Program Files\NetMeeting\conf.exe" -Background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112fd.bay112.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5165/mcfscan.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe