System Doctor

Re,
Cliques sur demarrer, executer, tapes: services.msc ,cherches dans la liste ces ligne et regles les sur "desactivé"

Secure Network Interface (sniSvc)
Win32Sr

Cliques sur demarrer, rechercher, cherches et supprimes ces fichiers si present

win32ssr.exe
ynwily.exe
newname2.exe
mlztcmsn.exe
xbwmdth.dll
blah32.exe
jarjbjid.dll
ibm00009.exe

cliques sur demarrer, poste de travail, C:, program files, cherches et supprimes ce dossier:

otwo

Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.


Supprimer les mouchards avec AdAware ou Spybot:
http://www.ordi-netfr.org/tutorialadaware.html
http://www.safer-networking.org/index.php?page=download&lang=fr
pense a les mettre a jour avant de scanner ton pc
et pour spyboot tu supprimes tous ce qu il trouve en cliquant sur corriger et pense aussi a clicquer sur vaccination
pour adadware tu peut aussi tous virer.

Anti Trojan
http://www.emsisoft.net/fr/
Faite scan en ligne et coller le rapport ici sur le post
utiliser l'antivirus en ligne suivant :
http://www.ravantivirus.com/scan/
Cliquer sur "To continue without subscribing click here" et attendre quelques minutes.

Lorsque "Ready" est affiché dans "status", cocher la case "Autoclean" puis cliquer sur "Scan my PC"
A la fin de l'analyse, copier/coller le rapport ici.

SDFix: Version 1.104

Run by Propri‚taire on 16/09/2007 at 10:37

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\PROPRI~1\Bureau\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\Documents and Settings\Propri‚taire\new.txt - Deleted
C:\WINDOWS\ktd32.atm - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\PROPRI~1\Bureau\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\gdiplus.dll
C:\Documents and Settings\Propri‚taire\Mes documents\lame_enc.dll
C:\Program Files\eRightSoft\SUPER\cygwin1.dll
C:\Program Files\eRightSoft\SUPER\cygz.dll
C:\Program Files\eRightSoft\SUPER\_Setup.dll
C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll
C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll
C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll
C:\Program Files\MSN Messenger\winmm.dll
C:\Program Files\Windows Live\Messenger\winmm.dll
C:\WINDOWS\system32\flvDX.dll
C:\WINDOWS\system32\msfDX.dll
C:\Documents and Settings\Propri‚taire\Mes documents\lame.exe
C:\hp\patches\42WW1REC\src\App00153.exe
C:\hp\patches\42WW1REC\src\App00292.exe
C:\hp\patches\42WW1REC\src\App00491.exe
C:\hp\patches\42WW1REC\src\App02995.exe
C:\hp\patches\42WW1REC\src\App04827.exe
C:\hp\patches\42WW1REC\src\App05447.exe
C:\hp\patches\42WW1REC\src\App05705.exe
C:\hp\patches\42WW1REC\src\App09961.exe
C:\hp\patches\42WW1REC\src\App14604.exe
C:\hp\patches\42WW1REC\src\App16827.exe
C:\hp\patches\42WW1REC\src\App17421.exe
C:\hp\patches\42WW1REC\src\App18716.exe
C:\hp\patches\42WW1REC\src\App19169.exe
C:\hp\patches\42WW1REC\src\App19718.exe
C:\hp\patches\42WW1REC\src\App19895.exe
C:\hp\patches\42WW1REC\src\App23281.exe
C:\hp\patches\42WW1REC\src\App24464.exe
C:\hp\patches\42WW1REC\src\App26962.exe
C:\hp\patches\42WW1REC\src\App29358.exe
C:\hp\patches\42WW1REC\src\App32391.exe
C:\hp\patches\42WW1REC\src\App99990.exe
C:\hp\patches\42WW1REC\src\App99992.exe
C:\hp\patches\42WW1REC\src\App99993.exe
C:\hp\patches\42WW1REC\src\xApp14604.exe
C:\Program Files\eRightSoft\SUPER\Setup.exe
C:\Program Files\MessengerDiscovery\SpellCHK.exe
C:\Documents and Settings\Propri‚taire\Mes documents\Vyk12\vid‚os.rar
C:\WINDOWS\SMINST\HPCD.SYS
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\WINDOWS\system32\config\SAM.tmp.LOG
C:\WINDOWS\system32\config\SECURITY.tmp.LOG
C:\Documents and Settings\Propri‚taire\Mes documents\misc\Lame.vbs
C:\Documents and Settings\Propri‚taire\Mes documents\lame-3.96.1.zip

Finished!

Télécharge Flash_Disinfector sUBs http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe
Il fonctionne comme ceci:
Double clic sur Flash_Disinfector.exe pour le lancer.
Quand le message : "Plug in yours flash drive & clic Ok to begin disinfection" apparaitra :
Connecte ta clé USB ou DD externes
Attends quelques secondes qu'ils soient reconnus par Windows, puis clique sur Ok
Les icônes sur le bureau vont disparaitre jusqu'à l'apparition du message: Done!!
Appuie sur [OK], pour faire réapparaitre le bureau.
Si tout s'est bien déroulé, l'infection devrait être pratiquement éradiquée dès la fin de cette étape.

ComboFix 07-09-21.2 - "Propri‚taire" 2007-09-24 17:34:24.1 - NTFSx86 MINIMAL
Microsoft Windows XP �dition familiale 5.1.2600.2.1252.33.1036.18.348 [GMT 2:00]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2007-08-24 to 2007-09-24 ))))))))))))))))))))))))))))))))))))
.

2007-09-22 15:49 <REP> d-------- C:\Program Files\Navilog1
2007-09-22 14:44 <REP> d-------- C:\Documents
2007-09-22 14:44 <REP> d-------- C:\DOCUME~1\PROPRI~1\Settings
2007-09-22 14:44 <REP> d-------- C:\DOCUME~1\PROPRI~1\and
2007-09-22 12:05 <REP> d-------- C:\Program Files\Jetico
2007-09-21 18:38 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-09-19 13:27 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-09-18 18:00 <REP> d-------- C:\Program Files\Axon Data
2007-09-17 19:07 <REP> d-------- C:\Program Files\FileZilla Client
2007-09-16 16:55 <REP> d-------- C:\Program Files\FolderSecurityGuard
2007-09-16 10:52 <REP> d-------- C:\autorun.inf
2007-09-16 10:51 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-16 10:36 <REP> d-------- C:\WINDOWS\ERUNT
2007-09-15 18:14 <REP> d-------- C:\Program Files\ConWare
2007-09-13 20:26 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
2007-09-13 20:26 <REP> d-------- C:\Program Files\GeoVid
2007-09-10 17:54 <REP> d-------- C:\Program Files\PhotoFiltre
2007-09-07 14:28 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-09-07 14:28 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
2007-09-07 14:18 <REP> d-------- C:\Program Files\PlayFirst
2007-09-07 14:16 <REP> d-------- C:\Downloads
2007-09-07 12:48 <REP> d-------- C:\Program Files\MessengerDiscovery
2007-09-07 11:54 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2007-09-07 11:54 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2007-09-07 11:54 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2007-09-07 11:54 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2007-09-07 11:54 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-09-06 21:43 36,734 --a------ C:\WINDOWS\system32\OggDSuninst.exe
2007-09-06 21:43 36,704 --a------ C:\WINDOWS\system32\SubtitDSuninst.exe
2007-09-06 18:29 30,601 --a------ C:\DOCUME~1\PROPRI~1\x.exe
2007-09-06 18:21 <REP> d-------- C:\DOCUME~1\PROPRI~1\vw
2007-09-06 18:20 <REP> d-------- C:\Program Files\VisualRoute
2007-09-06 18:12 <REP> d-------- C:\Program Files\NeoTrace Express
2007-09-06 17:23 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-09-06 17:23 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-09-06 17:23 267,845 --a------ C:\WINDOWS\tsc.exe
2007-09-06 17:23 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-09-06 17:23 <REP> d-------- C:\WINDOWS\report
2007-09-06 17:23 <REP> d-------- C:\WINDOWS\AU_Backup
2007-09-06 17:20 <REP> d-------- C:\WINDOWS\AU_Temp
2007-09-06 17:20 <REP> d-------- C:\WINDOWS\AU_Log
2007-09-06 17:19 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-09-06 17:19 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-09-06 17:19 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-09-06 15:12 <REP> d-------- C:\Program Files\AusLogics Disk Defrag
2007-09-04 20:40 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-04 20:39 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-08-31 23:47 <REP> d-------- C:\Program Files\MIKSOFT
2007-08-30 23:34 299,520 --a------ C:\WINDOWS\uninst.exe
2007-08-30 23:34 <REP> d-------- C:\Program Files\Digilex
2007-08-29 19:22 344,576 --a------ C:\WINDOWS\system32\Sesam v2.5.exe
2007-08-29 14:54 <REP> d-------- C:\Program Files\CCleaner
2007-08-26 19:49 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-08-26 19:43 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2007-08-26 11:06 <REP> d-------- C:\Program Files\DivX
2007-08-25 18:33 <REP> d-------- C:\Program Files\AVI GIF Converter
2007-08-25 13:22 <REP> d-------- C:\Program Files\YouTUBE (TM) movie downloader
2007-08-25 12:57 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-24 17:18 --------- d-------- C:\Program Files\Wanadoo
2007-09-22 12:34 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-15 18:28 --------- d-------- C:\Program Files\Paint.NET
2007-09-07 12:50 --------- d-------- C:\Program Files\MSN Messenger
2007-09-05 18:43 --------- d-------- C:\Program Files\SAGEM Wi-Fi USB 802.11g
2007-09-05 18:43 --------- d-------- C:\Program Files\QuickTime
2007-09-05 18:40 --------- d-------- C:\Program Files\Messenger Plus! Live
2007-09-04 20:40 --------- d-------- C:\Program Files\Lavasoft
2007-09-03 11:03 --------- d-------- C:\Program Files\Livre Album Fuji Photo
2007-09-03 11:00 --------- d-------- C:\Program Files\FlashGet
2007-08-29 19:07 --------- d-------- C:\Program Files\LeapFTP
2007-08-29 18:12 --------- d-------- C:\Program Files\Yahoo!
2007-08-26 19:44 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2007-08-21 19:36 --------- d-------- C:\Program Files\SmartFTP Client
2007-08-21 16:06 --------- d-------- C:\Program Files\WMI Asset Logger
2007-08-20 18:08 --------- d-------- C:\Program Files\Trend Micro
2007-08-20 17:35 0 --a------ C:\DOCUME~1\PROPRI~1\CFCleanUp.bat
2007-08-16 14:31 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-16 14:31 --------- d-------- C:\Program Files\ToniArts
2007-08-16 14:09 --------- d-------- C:\Program Files\ElcomSoft
2007-08-15 19:58 --------- d-------- C:\Program Files\mIRC
2007-08-15 14:03 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
2007-08-15 14:02 --------- d-------- C:\Program Files\Windows Live
2007-07-31 18:54 --------- d-------- C:\Program Files\VirtualDub
2007-07-31 15:46 --------- d-------- C:\Program Files\Teamspeak2_RC2
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-04 13:25 91727 --a------ C:\winsfr.exe
2007-07-03 19:04 200 --a------ C:\winbbs.exe
2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2006-05-03 09:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 04:23]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 09:01]
"VTTimer"="VTTimer.exe" []
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 00:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 22:10]
"orahssStartup"="C:\Program Files\OrangeHSS\Launcher\Launcher.exe" [2007-01-04 11:40]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-09-19 13:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acme.PCHButton"="C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe" [2004-01-01 12:42]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09]
"Orange Desktop Search"="C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" [2006-11-02 16:08]
"WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 14:50]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-06-01 08:21]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 13:19:24]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56]
SAGEM Wi-Fi 11g USB adapter LAN Utility.lnk - C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2007-05-06 21:43:33]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystrayORAHSS]
"C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"

S3 Bcfilter;Jetico Personal Firewall Network Monitor;C:\WINDOWS\system32\DRIVERS\bcfilter.sys
S3 BcfilterMP;BcfilterMP;C:\WINDOWS\system32\DRIVERS\bcfilter.sys
S3 GcKernel;Pilote de filtre Microsoft SideWinder Value Add;C:\WINDOWS\system32\DRIVERS\GcKernel.sys
S3 HIDSwvd;Minipilote de périphérique Microsoft SideWinder HID virtuel;C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\C:\WINDOWS\System32\ZDCndis5.SYS
S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\ZDPNDIS5.SYS
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-05-20 07:54:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-24 17:36:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-09-24 17:38:02
C:\ComboFix-quarantined-files.txt ... 2007-09-24 17:37
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17:41:53, on 24/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [orahssStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SAGEM Wi-Fi 11g USB adapter LAN Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/w(...)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/m(...)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housec(...)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 10215 bytes

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\winbbs.exe] 2F0359358FA3FDC500C8E59B3F46F695
[C:\winsfr.exe] 9827AD6A3D406080C75895D3A2DD675C
[C:\Documents and Settings\Propriétaire\x.exe] B4FCA8A5B1B357BF9E2B7A279827B8B4

C:\winbbs.exe
C:\winsfr.exe
C:\Documents and Settings\Propriétaire\x.exe

je peux supprimer le dossier _OTMovIt à la racine du disque ? :/

et aussi, dans C:\Documents and Settings\Propriétaire (là où il y avait x.exe) il y a un fichier nommé "x.log" ou"x.txt" je sais plus, à supprimer aussi ou pas ? :/