trojan obtenu par msn, pc infecté : rapport hijackthis

Bonjour. Sur msn, j'ai attrapé un trojan par l'intermédiaire de photos, comme pas mal de gens. Voici mon rapport hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 11:22:03, on 04/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cgybsyxt.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Packard Bell\SrvCDEject.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
c:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\apps\ABoard\ABoard.exe
C:\Program Files\WiPen\wpmanage.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\APPS\SMP\SmpSys.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Ares\Ares.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\Watch.exe
c:\Program Files\ATI Technologies\ATI.ACE\cli.exe
c:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\LONGY\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi- [...] key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DriveIcons] "C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe"
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [WiPen] C:\Program Files\WiPen\wpmanage.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\jwhouwnv.dll",forkonce
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://wanadoofr.oberon-media.com/ [...] uncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\cgybsyxt.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SrvCDEject - Unknown owner - C:\Program Files\Packard Bell\SrvCDEject.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Merci à vous de m'aider!

voila le rapport vundofix:


VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Scan started at 12:03:57 04/07/2007

Listing files found while scanning....

C:\windows\system32\amuqumec.exe
C:\WINDOWS\system32\awtsrom.dll
C:\windows\system32\ayfdasgv.exe
C:\windows\system32\aypmpwve.exe
C:\windows\system32\baibxacl.exe
C:\windows\system32\bhbnlafo.ini
C:\windows\system32\bjjaioep.exe
C:\windows\system32\bmpbhltv.ini
C:\windows\system32\byxxwxw.dll
C:\windows\system32\cbpobjwd.dll
C:\windows\system32\cuqqwgqv.ini
C:\windows\system32\ddcbxvt.dll
C:\WINDOWS\system32\dfhkj.bak1
C:\WINDOWS\system32\dfhkj.bak2
C:\WINDOWS\system32\dfhkj.ini
C:\WINDOWS\system32\dfhkj.ini2
C:\WINDOWS\system32\dfhkj.tmp
C:\windows\system32\dwjbopbc.ini
C:\windows\system32\eqkjrlgn.ini
C:\windows\system32\fccyxwu.dll
C:\windows\system32\gapaxgjw.exe
C:\windows\system32\ggrqjcgi.exe
C:\windows\system32\gshthwlq.exe
C:\windows\system32\hggfgde.dll
C:\windows\system32\hslspfwc.exe
C:\windows\system32\hworkidx.exe
C:\windows\system32\icmimkhk.exe
C:\windows\system32\iglkmycb.exe
C:\windows\system32\iifgded.dll
C:\windows\system32\iqrldipp.exe
C:\windows\system32\iymvdfal.ini
C:\windows\system32\jjbyrmrx.dll
C:\windows\system32\jjoajxwa.exe
C:\WINDOWS\system32\jkhfd.dll
C:\windows\system32\jmrdbpnm.ini
C:\windows\system32\jnoviaqo.exe
C:\windows\system32\jxruxbyy.exe
C:\windows\system32\kaqshegf.exe
C:\windows\system32\kldpfnsj.exe
C:\windows\system32\klnigqtg.exe
C:\windows\system32\klsquohp.exe
C:\windows\system32\kmxasjcd.exe
C:\windows\system32\laekhyil.exe
C:\windows\system32\lafdvmyi.dll
C:\windows\system32\lndacexs.ini
C:\windows\system32\lxfnjuuj.exe
C:\windows\system32\lyevnmrc.exe
C:\windows\system32\mljhgfe.dll
C:\windows\system32\mnpbdrmj.dll
C:\windows\system32\mqklocnd.exe
C:\windows\system32\mupotmpy.exe
C:\windows\system32\ndpadarx.exe
C:\windows\system32\nglrjkqe.dll
C:\windows\system32\nhhqempp.exe
C:\windows\system32\nohrjoke.exe
C:\windows\system32\nwhubpja.exe
C:\windows\system32\ofalnbhb.dll
C:\windows\system32\pkketcjv.exe
C:\windows\system32\pmnomkl.dll
C:\windows\system32\poahmlng.exe
C:\windows\system32\qdqxrmro.exe
C:\windows\system32\qjixrrwq.exe
C:\windows\system32\sghpemhj.exe
C:\WINDOWS\system32\sxecadnl.dll
C:\windows\system32\ttsubchw.ini
C:\windows\system32\tuvwtrp.dll
C:\windows\system32\tvbaqjyy.exe
C:\windows\system32\ugaimnrl.exe
C:\windows\system32\vdpmtykr.exe
C:\windows\system32\vqgwqquc.dll
C:\windows\system32\vtlhbpmb.dll
C:\windows\system32\vxonticx.exe
C:\windows\system32\whcbustt.dll
C:\windows\system32\wralsslt.exe
C:\WINDOWS\system32\wviuwnvb.dll
C:\windows\system32\xdbqxkdm.exe
C:\windows\system32\xflkqoaf.exe
C:\windows\system32\xrmrybjj.ini
C:\windows\system32\xtrhjhxp.exe
C:\windows\system32\xxyvssp.dll
C:\windows\system32\ycsyefwd.exe
C:\windows\system32\yigfobwx.exe

Beginning removal...

Attempting to delete C:\windows\system32\amuqumec.exe
C:\windows\system32\amuqumec.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtsrom.dll
C:\WINDOWS\system32\awtsrom.dll Could not be deleted.

Attempting to delete C:\windows\system32\ayfdasgv.exe
C:\windows\system32\ayfdasgv.exe Has been deleted!

Attempting to delete C:\windows\system32\aypmpwve.exe
C:\windows\system32\aypmpwve.exe Has been deleted!

Attempting to delete C:\windows\system32\baibxacl.exe
C:\windows\system32\baibxacl.exe Has been deleted!

Attempting to delete C:\windows\system32\bhbnlafo.ini
C:\windows\system32\bhbnlafo.ini Has been deleted!

Attempting to delete C:\windows\system32\bjjaioep.exe
C:\windows\system32\bjjaioep.exe Has been deleted!

Attempting to delete C:\windows\system32\bmpbhltv.ini
C:\windows\system32\bmpbhltv.ini Has been deleted!

Attempting to delete C:\windows\system32\byxxwxw.dll
C:\windows\system32\byxxwxw.dll Has been deleted!

Attempting to delete C:\windows\system32\cbpobjwd.dll
C:\windows\system32\cbpobjwd.dll Has been deleted!

Attempting to delete C:\windows\system32\cuqqwgqv.ini
C:\windows\system32\cuqqwgqv.ini Has been deleted!

Attempting to delete C:\windows\system32\ddcbxvt.dll
C:\windows\system32\ddcbxvt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dfhkj.bak1
C:\WINDOWS\system32\dfhkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\dfhkj.bak2
C:\WINDOWS\system32\dfhkj.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\dfhkj.ini
C:\WINDOWS\system32\dfhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\dfhkj.ini2
C:\WINDOWS\system32\dfhkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\dfhkj.tmp
C:\WINDOWS\system32\dfhkj.tmp Has been deleted!

Attempting to delete C:\windows\system32\dwjbopbc.ini
C:\windows\system32\dwjbopbc.ini Has been deleted!

Attempting to delete C:\windows\system32\eqkjrlgn.ini
C:\windows\system32\eqkjrlgn.ini Has been deleted!

Attempting to delete C:\windows\system32\fccyxwu.dll
C:\windows\system32\fccyxwu.dll Has been deleted!

Attempting to delete C:\windows\system32\gapaxgjw.exe
C:\windows\system32\gapaxgjw.exe Has been deleted!

Attempting to delete C:\windows\system32\ggrqjcgi.exe
C:\windows\system32\ggrqjcgi.exe Has been deleted!

Attempting to delete C:\windows\system32\gshthwlq.exe
C:\windows\system32\gshthwlq.exe Has been deleted!

Attempting to delete C:\windows\system32\hggfgde.dll
C:\windows\system32\hggfgde.dll Has been deleted!

Attempting to delete C:\windows\system32\hslspfwc.exe
C:\windows\system32\hslspfwc.exe Has been deleted!

Attempting to delete C:\windows\system32\hworkidx.exe
C:\windows\system32\hworkidx.exe Has been deleted!

Attempting to delete C:\windows\system32\icmimkhk.exe
C:\windows\system32\icmimkhk.exe Has been deleted!

Attempting to delete C:\windows\system32\iglkmycb.exe
C:\windows\system32\iglkmycb.exe Has been deleted!

Attempting to delete C:\windows\system32\iifgded.dll
C:\windows\system32\iifgded.dll Has been deleted!

Attempting to delete C:\windows\system32\iqrldipp.exe
C:\windows\system32\iqrldipp.exe Has been deleted!

Attempting to delete C:\windows\system32\iymvdfal.ini
C:\windows\system32\iymvdfal.ini Has been deleted!

Attempting to delete C:\windows\system32\jjbyrmrx.dll
C:\windows\system32\jjbyrmrx.dll Has been deleted!

Attempting to delete C:\windows\system32\jjoajxwa.exe
C:\windows\system32\jjoajxwa.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\jkhfd.dll Has been deleted!

Attempting to delete C:\windows\system32\jmrdbpnm.ini
C:\windows\system32\jmrdbpnm.ini Has been deleted!

Attempting to delete C:\windows\system32\jnoviaqo.exe
C:\windows\system32\jnoviaqo.exe Has been deleted!

Attempting to delete C:\windows\system32\jxruxbyy.exe
C:\windows\system32\jxruxbyy.exe Has been deleted!

Attempting to delete C:\windows\system32\kaqshegf.exe
C:\windows\system32\kaqshegf.exe Has been deleted!

Attempting to delete C:\windows\system32\kldpfnsj.exe
C:\windows\system32\kldpfnsj.exe Has been deleted!

Attempting to delete C:\windows\system32\klnigqtg.exe
C:\windows\system32\klnigqtg.exe Has been deleted!

Attempting to delete C:\windows\system32\klsquohp.exe
C:\windows\system32\klsquohp.exe Has been deleted!

Attempting to delete C:\windows\system32\kmxasjcd.exe
C:\windows\system32\kmxasjcd.exe Has been deleted!

Attempting to delete C:\windows\system32\laekhyil.exe
C:\windows\system32\laekhyil.exe Has been deleted!

Attempting to delete C:\windows\system32\lafdvmyi.dll
C:\windows\system32\lafdvmyi.dll Has been deleted!

Attempting to delete C:\windows\system32\lndacexs.ini
C:\windows\system32\lndacexs.ini Has been deleted!

Attempting to delete C:\windows\system32\lxfnjuuj.exe
C:\windows\system32\lxfnjuuj.exe Has been deleted!

Attempting to delete C:\windows\system32\lyevnmrc.exe
C:\windows\system32\lyevnmrc.exe Has been deleted!

Attempting to delete C:\windows\system32\mljhgfe.dll
C:\windows\system32\mljhgfe.dll Has been deleted!

Attempting to delete C:\windows\system32\mnpbdrmj.dll
C:\windows\system32\mnpbdrmj.dll Has been deleted!

Attempting to delete C:\windows\system32\mqklocnd.exe
C:\windows\system32\mqklocnd.exe Has been deleted!

Attempting to delete C:\windows\system32\mupotmpy.exe
C:\windows\system32\mupotmpy.exe Has been deleted!

Attempting to delete C:\windows\system32\ndpadarx.exe
C:\windows\system32\ndpadarx.exe Has been deleted!

Attempting to delete C:\windows\system32\nglrjkqe.dll
C:\windows\system32\nglrjkqe.dll Has been deleted!

Attempting to delete C:\windows\system32\nhhqempp.exe
C:\windows\system32\nhhqempp.exe Has been deleted!

Attempting to delete C:\windows\system32\nohrjoke.exe
C:\windows\system32\nohrjoke.exe Has been deleted!

Attempting to delete C:\windows\system32\nwhubpja.exe
C:\windows\system32\nwhubpja.exe Has been deleted!

Attempting to delete C:\windows\system32\ofalnbhb.dll
C:\windows\system32\ofalnbhb.dll Has been deleted!

Attempting to delete C:\windows\system32\pkketcjv.exe
C:\windows\system32\pkketcjv.exe Has been deleted!

Attempting to delete C:\windows\system32\pmnomkl.dll
C:\windows\system32\pmnomkl.dll Has been deleted!

Attempting to delete C:\windows\system32\poahmlng.exe
C:\windows\system32\poahmlng.exe Has been deleted!

Attempting to delete C:\windows\system32\qdqxrmro.exe
C:\windows\system32\qdqxrmro.exe Has been deleted!

Attempting to delete C:\windows\system32\qjixrrwq.exe
C:\windows\system32\qjixrrwq.exe Has been deleted!

Attempting to delete C:\windows\system32\sghpemhj.exe
C:\windows\system32\sghpemhj.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\sxecadnl.dll
C:\WINDOWS\system32\sxecadnl.dll Has been deleted!

Attempting to delete C:\windows\system32\ttsubchw.ini
C:\windows\system32\ttsubchw.ini Has been deleted!

Attempting to delete C:\windows\system32\tuvwtrp.dll
C:\windows\system32\tuvwtrp.dll Has been deleted!

Attempting to delete C:\windows\system32\tvbaqjyy.exe
C:\windows\system32\tvbaqjyy.exe Has been deleted!

Attempting to delete C:\windows\system32\ugaimnrl.exe
C:\windows\system32\ugaimnrl.exe Has been deleted!

Attempting to delete C:\windows\system32\vdpmtykr.exe
C:\windows\system32\vdpmtykr.exe Has been deleted!

Attempting to delete C:\windows\system32\vqgwqquc.dll
C:\windows\system32\vqgwqquc.dll Has been deleted!

Attempting to delete C:\windows\system32\vtlhbpmb.dll
C:\windows\system32\vtlhbpmb.dll Has been deleted!

Attempting to delete C:\windows\system32\vxonticx.exe
C:\windows\system32\vxonticx.exe Has been deleted!

Attempting to delete C:\windows\system32\whcbustt.dll
C:\windows\system32\whcbustt.dll Has been deleted!

Attempting to delete C:\windows\system32\wralsslt.exe
C:\windows\system32\wralsslt.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\wviuwnvb.dll
C:\WINDOWS\system32\wviuwnvb.dll Has been deleted!

Attempting to delete C:\windows\system32\xdbqxkdm.exe
C:\windows\system32\xdbqxkdm.exe Has been deleted!

Attempting to delete C:\windows\system32\xflkqoaf.exe
C:\windows\system32\xflkqoaf.exe Has been deleted!

Attempting to delete C:\windows\system32\xrmrybjj.ini
C:\windows\system32\xrmrybjj.ini Has been deleted!

Attempting to delete C:\windows\system32\xtrhjhxp.exe
C:\windows\system32\xtrhjhxp.exe Has been deleted!

Attempting to delete C:\windows\system32\xxyvssp.dll
C:\windows\system32\xxyvssp.dll Has been deleted!

Attempting to delete C:\windows\system32\ycsyefwd.exe
C:\windows\system32\ycsyefwd.exe Has been deleted!

Attempting to delete C:\windows\system32\yigfobwx.exe
C:\windows\system32\yigfobwx.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Scan started at 12:11:09 04/07/2007

Listing files found while scanning....

C:\windows\system32\awtsrom.dll

Beginning removal...

Attempting to delete C:\windows\system32\awtsrom.dll
C:\windows\system32\awtsrom.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Scan started at 12:25:39 04/07/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...


Et voici le rapport hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 12:28:34, on 04/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe
c:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\WiPen\wpmanage.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\apps\ABoard\AOSD.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\Ares.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Packard Bell\SrvCDEject.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\ATI Technologies\ATI.ACE\cli.exe
c:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\LONGY\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi- [...] key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {DE900488-4F08-4175-94DA-DAB15CBB154B} - C:\WINDOWS\system32\jkhfd.dll (file missing)
O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DriveIcons] "C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe"
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [WiPen] C:\Program Files\WiPen\wpmanage.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://wanadoofr.oberon-media.com/ [...] uncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SrvCDEject - Unknown owner - C:\Program Files\Packard Bell\SrvCDEject.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

re, voila le rapport combofix:



"LONGY" - 2007-07-04 12:35:21 - ComboFix 07-07-03.9 - Service Pack 2


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\TEMP
C:\Program Files\instant access
C:\Program Files\instant access\Center\sexe69.lnk
C:\Program Files\instant access\DesktopIcons\sexe69.lnk
C:\Program Files\instant access\Multi\20070619210617\Common\module.php
C:\Program Files\instant access\Multi\20070619210617\dialerexe.ini
C:\Program Files\instant access\Multi\20070619210617\instant access.exe
C:\Program Files\instant access\Multi\20070619210617\js\js_api_dialer.php
C:\Program Files\instant access\Multi\20070619210617\medias\button1.jpg
C:\Program Files\instant access\Multi\20070619210617\medias\button2.jpg
C:\Program Files\instant access\Multi\20070619210617\medias\button3.jpg
C:\Program Files\instant access\Multi\20070619210617\medias\button4.jpg
C:\Program Files\instant access\Multi\20070619210617\medias\dialer.ico
C:\WINDOWS\dialerexe.ini
C:\WINDOWS\system32\linkprd.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2007-06-04 to 2007-07-04 )))))))))))))))))))))))))))))))


2007-07-04 12:33 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-04 12:03 <REP> d-------- C:\VundoFix Backups
2007-07-04 11:52 4,672 --a------ C:\WINDOWS\system32\afvykyqi.exe
2007-07-04 11:45 4,672 --a------ C:\WINDOWS\system32\htmymqwm.exe
2007-07-04 11:22 4,672 --a------ C:\WINDOWS\system32\flsstuop.exe
2007-07-04 11:02 4,672 --a------ C:\WINDOWS\system32\fphrggbw.exe
2007-07-03 23:28 4,672 --a------ C:\WINDOWS\system32\tjcjbwfv.exe
2007-07-03 22:17 4,672 --a------ C:\WINDOWS\system32\htqphnhc.exe
2007-07-03 21:05 4,672 --a------ C:\WINDOWS\system32\iuognfwe.exe
2007-07-03 20:33 4,672 --a------ C:\WINDOWS\system32\qtealgkq.exe
2007-07-03 19:54 4,672 --a------ C:\WINDOWS\system32\jagpbjjx.exe
2007-07-03 16:26 4,672 --a------ C:\WINDOWS\system32\yofntooj.exe
2007-07-03 15:02 4,672 --a------ C:\WINDOWS\system32\xbdhnwxd.exe
2007-07-03 14:47 4,672 --a------ C:\WINDOWS\system32\xdxkiwtb.exe
2007-07-03 13:12 4,672 --a------ C:\WINDOWS\system32\riblusjx.exe
2007-07-03 12:35 4,672 --a------ C:\WINDOWS\system32\fnafdeuh.exe
2007-07-03 09:39 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-06-29 12:59 <REP> d-------- C:\WINDOWS\system32\AlertModule
2007-06-29 12:58 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2007-06-29 12:58 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2007-06-27 09:53 4,672 --a------ C:\WINDOWS\system32\wxlgqjxc.exe
2007-06-26 22:39 <REP> d-------- C:\Valve
2007-06-26 20:24 <REP> d-------- C:\Program Files\MSN Messenger
2007-06-26 19:56 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2007-06-25 13:51 <REP> d-------- C:\Program Files\Electronic Arts
2007-06-19 21:58 <REP> d-------- C:\Program Files\Fake Webcam
2007-06-18 13:13 <REP> d-------- C:\GTR2Demo
2007-06-16 12:51 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-06-16 12:51 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-06-16 12:51 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-06-16 12:51 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-06-16 12:51 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-06-16 12:51 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-06-16 12:51 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-06-16 12:51 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-06-16 12:51 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-06-16 12:51 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-06-16 12:51 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-06-16 12:51 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-06-16 12:51 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-06-16 12:51 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-06-15 12:38 <REP> d-------- C:\Program Files\Ares
2007-06-15 12:31 <REP> d-------- C:\DOCUME~1\LONGY\APPLIC~1\Azureus
2007-06-15 12:31 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-06-15 12:29 <REP> d-------- C:\Program Files\Azureus
2007-06-15 10:26 <REP> d-------- C:\DOCUME~1\LONGY\APPLIC~1\WinRAR
2007-06-14 18:16 <REP> d-------- C:\Program Files\Securitoo
2007-06-12 20:11 <REP> d-------- C:\Program Files\Tennis Elbow 2006
2007-06-10 19:28 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-06-10 19:28 <REP> d-------- C:\DOCUME~1\LONGY\APPLIC~1\InstallShield
2007-06-10 19:28 <REP> d-------- C:\DOCUME~1\LONGY\APPLIC~1\DataCast
2007-06-09 10:13 <REP> dr------- C:\DOCUME~1\LOCALS~1\Favoris


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-04 10:39:35 -------- d-----w C:\Program Files\Wanadoo
2007-07-04 10:39:12 -------- d-----w C:\Program Files\WiPen
2007-07-04 10:37:38 12 ----a-w C:\WINDOWS\bthservsdp.dat
2007-07-03 20:00:54 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-06-29 08:36:07 10 ----a-w C:\WINDOWS\popcinfo.dat
2007-06-16 10:49:50 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-14 16:08:23 -------- d-----w C:\Program Files\Controle Parental
2007-06-14 14:08:38 -------- d-----w C:\Program Files\VSO
2007-06-14 14:08:18 -------- d-----w C:\DOCUME~1\LONGY\APPLIC~1\Vso
2007-06-14 14:08:17 87,608 ----a-w C:\DOCUME~1\LONGY\APPLIC~1\inst.exe
2007-06-14 14:08:17 47,360 ----a-w C:\DOCUME~1\LONGY\APPLIC~1\pcouffin.sys
2007-06-09 16:27:58 -------- d-----w C:\Program Files\World of Warcraft
2007-06-03 13:08:34 -------- d-----w C:\Program Files\Inventel
2007-05-26 10:37:10 -------- d-----w C:\Program Files\Tomb Raider - Anniversary Demo
2007-05-18 16:42:44 -------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-08 18:35:14 -------- d-----w C:\Program Files\Lame MP3 Codec
2007-05-08 18:35:05 65,024 ----a-w C:\WINDOWS\IFinst26.exe
2007-05-08 18:33:03 -------- d-----w C:\Program Files\MarkAny
2007-05-08 18:32:47 -------- d-----w C:\Program Files\Samsung
2007-04-28 11:25:13 163 ----a-w C:\WINDOWS\system32\buyurl0501.dat
2007-04-27 18:28:35 41 ----a-w C:\WINDOWS\system32\winitn.dll
2007-04-27 18:28:33 90,112 ----a-w C:\WINDOWS\system32\agsaami.dll
2007-04-27 18:28:33 753,664 ----a-w C:\WINDOWS\system32\agsaamg.dll
2007-04-27 18:28:33 626,688 ----a-w C:\WINDOWS\system32\agsaamh.dll
2007-04-27 18:28:33 551,424 ----a-w C:\WINDOWS\system32\agsaame.dll
2007-04-27 18:28:33 544,256 ----a-w C:\WINDOWS\system32\agsaamd.dll
2007-04-27 18:28:33 538,624 ----a-w C:\WINDOWS\system32\agsaamb.dll
2007-04-27 18:28:33 372,736 ----a-w C:\WINDOWS\system32\agsaamc.dll
2007-04-27 18:28:33 331,776 ----a-w C:\WINDOWS\system32\agsaama.dll
2007-04-27 18:28:33 237,568 ----a-w C:\WINDOWS\system32\lame_enc.dll
2007-04-27 18:28:33 2,846,720 ----a-w C:\WINDOWS\system32\agsaamj.dll
2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2004-12-14 02:56 63136 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE900488-4F08-4175-94DA-DAB15CBB154B}]
C:\WINDOWS\system32\jkhfd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F62A47A7-4CA3-9D00-95A3-6724d43a9E8C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 14:27 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 18:43 C:\WINDOWS\Alcmtr.exe]
"DriveIcons"="C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe" [2005-12-09 20:44]
"ATICCC"="c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 04:52]
"DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 07:15]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" []
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31]
"WiPen"="C:\Program Files\WiPen\wpmanage.exe" [2005-12-07 15:47]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 12:09]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 12:03]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 15:00 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 11:54]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-01-15 19:28]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 07:32]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-31 07:16]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-11-17 10:51]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 12:46]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-15 00:37]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


**************************************************************************

catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-04 12:38:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-04 12:40:52 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-04 12:40

--- E O F ---

Re, j'en suis au moment où je dois glisser le fichier dans Combofix.exe. Mais je n'ai pas d'icône Combofix.exe sur mon bureau. Je ne sais où je peux le trouver!

Re, voila le nouveau rapport ComboFix:

"LONGY" - 2007-07-04 13:04:11 - ComboFix 07-07-03.9 - Service Pack 2
Command switches used :: C:\Documents and Settings\LONGY\Bureau\ComboFix-Do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\afvykyqi.exe
C:\WINDOWS\system32\flsstuop.exe
C:\WINDOWS\system32\fnafdeuh.exe
C:\WINDOWS\system32\fphrggbw.exe
C:\WINDOWS\system32\htmymqwm.exe
C:\WINDOWS\system32\htqphnhc.exe
C:\WINDOWS\system32\iuognfwe.exe
C:\WINDOWS\system32\jagpbjjx.exe
C:\WINDOWS\system32\qtealgkq.exe
C:\WINDOWS\system32\riblusjx.exe
C:\WINDOWS\system32\tjcjbwfv.exe
C:\WINDOWS\system32\wxlgqjxc.exe
C:\WINDOWS\system32\xbdhnwxd.exe
C:\WINDOWS\system32\xdxkiwtb.exe
C:\WINDOWS\system32\yofntooj.exe


((((((((((((((((((((((((( Files Created from 2007-06-04 to 2007-07-04 )))))))))))))))))))))))))))))))


2007-07-04 12:33 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-04 12:03 <REP> d-------- C:\VundoFix Backups
2007-07-03 09:39 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-06-29 12:59 <REP> d-------- C:\WINDOWS\system32\AlertModule
2007-06-29 12:58 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2007-06-29 12:58 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2007-06-26 22:39 <REP> d-------- C:\Valve
2007-06-26 20:24 <REP> d-------- C:\Program Files\MSN Messenger
2007-06-26 19:56 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2007-06-25 13:51 <REP> d-------- C:\Program Files\Electronic Arts
2007-06-19 21:58 <REP> d-------- C:\Program Files\Fake Webcam
2007-06-18 13:13 <REP> d-------- C:\GTR2Demo
2007-06-16 12:51 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-06-16 12:51 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-06-16 12:51 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-06-16 12:51 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-06-16 12:51 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-06-16 12:51 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-06-16 12:51 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-06-16 12:51 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-06-16 12:51 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-06-16 12:51 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-06-16 12:51 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-06-16 12:51 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-06-16 12:51 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-06-16 12:51 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-06-15 12:38 <REP> d-------- C:\Program Files\Ares
2007-06-15 12:31 <REP> d-------- C:\DOCUME~1\LONGY\APPLIC~1\Azureus
2007-06-15 12:31 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-06-15 12:29 <REP> d-------- C:\Program Files\Azureus
2007-06-15 10:26 <REP> d-------- C:\DOCUME~1\LONGY\APPLIC~1\WinRAR
2007-06-14 18:16 <REP> d-------- C:\Program Files\Securitoo
2007-06-12 20:11 <REP> d-------- C:\Program Files\Tennis Elbow 2006
2007-06-10 19:28 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-06-10 19:28 <REP> d-------- C:\DOCUME~1\LONGY\APPLIC~1\InstallShield
2007-06-10 19:28 <REP> d-------- C:\DOCUME~1\LONGY\APPLIC~1\DataCast
2007-06-09 10:13 <REP> dr------- C:\DOCUME~1\LOCALS~1\Favoris


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-04 10:40:22 -------- d-----w C:\Program Files\Wanadoo
2007-07-04 10:39:12 -------- d-----w C:\Program Files\WiPen
2007-07-04 10:37:38 12 ----a-w C:\WINDOWS\bthservsdp.dat
2007-07-03 20:00:54 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-06-29 08:36:07 10 ----a-w C:\WINDOWS\popcinfo.dat
2007-06-16 10:49:50 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-14 16:08:23 -------- d-----w C:\Program Files\Controle Parental
2007-06-14 14:08:38 -------- d-----w C:\Program Files\VSO
2007-06-14 14:08:18 -------- d-----w C:\DOCUME~1\LONGY\APPLIC~1\Vso
2007-06-14 14:08:17 87,608 ----a-w C:\DOCUME~1\LONGY\APPLIC~1\inst.exe
2007-06-14 14:08:17 47,360 ----a-w C:\DOCUME~1\LONGY\APPLIC~1\pcouffin.sys
2007-06-09 16:27:58 -------- d-----w C:\Program Files\World of Warcraft
2007-06-03 13:08:34 -------- d-----w C:\Program Files\Inventel
2007-05-26 10:37:10 -------- d-----w C:\Program Files\Tomb Raider - Anniversary Demo
2007-05-18 16:42:44 -------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-08 18:35:14 -------- d-----w C:\Program Files\Lame MP3 Codec
2007-05-08 18:35:05 65,024 ----a-w C:\WINDOWS\IFinst26.exe
2007-05-08 18:33:03 -------- d-----w C:\Program Files\MarkAny
2007-05-08 18:32:47 -------- d-----w C:\Program Files\Samsung
2007-04-28 11:25:13 163 ----a-w C:\WINDOWS\system32\buyurl0501.dat
2007-04-27 18:28:35 41 ----a-w C:\WINDOWS\system32\winitn.dll
2007-04-27 18:28:33 90,112 ----a-w C:\WINDOWS\system32\agsaami.dll
2007-04-27 18:28:33 753,664 ----a-w C:\WINDOWS\system32\agsaamg.dll
2007-04-27 18:28:33 626,688 ----a-w C:\WINDOWS\system32\agsaamh.dll
2007-04-27 18:28:33 551,424 ----a-w C:\WINDOWS\system32\agsaame.dll
2007-04-27 18:28:33 544,256 ----a-w C:\WINDOWS\system32\agsaamd.dll
2007-04-27 18:28:33 538,624 ----a-w C:\WINDOWS\system32\agsaamb.dll
2007-04-27 18:28:33 372,736 ----a-w C:\WINDOWS\system32\agsaamc.dll
2007-04-27 18:28:33 331,776 ----a-w C:\WINDOWS\system32\agsaama.dll
2007-04-27 18:28:33 237,568 ----a-w C:\WINDOWS\system32\lame_enc.dll
2007-04-27 18:28:33 2,846,720 ----a-w C:\WINDOWS\system32\agsaamj.dll
2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2004-12-14 02:56 63136 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE900488-4F08-4175-94DA-DAB15CBB154B}]
C:\WINDOWS\system32\jkhfd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F62A47A7-4CA3-9D00-95A3-6724d43a9E8C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 14:27 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 18:43 C:\WINDOWS\Alcmtr.exe]
"DriveIcons"="C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe" [2005-12-09 20:44]
"ATICCC"="c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 04:52]
"DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 07:15]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" []
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31]
"WiPen"="C:\Program Files\WiPen\wpmanage.exe" [2005-12-07 15:47]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 12:09]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 12:03]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 15:00 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 11:54]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-01-15 19:28]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 07:32]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-31 07:16]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-11-17 10:51]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 12:46]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-15 00:37]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


**************************************************************************

catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-04 13:05:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-04 13:05:24
C:\ComboFix-quarantined-files.txt ... 2007-07-04 13:05
C:\ComboFix2.txt ... 2007-07-04 12:40

--- E O F ---


Et le voila accompagné d'un rapport hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 13:07:39, on 04/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Packard Bell\SrvCDEject.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe
c:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\WiPen\wpmanage.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\APPS\SMP\SmpSys.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\Ares.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\LVComsX.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\ATI Technologies\ATI.ACE\cli.exe
c:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\LONGY\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {DE900488-4F08-4175-94DA-DAB15CBB154B} - C:\WINDOWS\system32\jkhfd.dll (file missing)
O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DriveIcons] "C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe"
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [WiPen] C:\Program Files\WiPen\wpmanage.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://wanadoofr.oberon-media.com/ [...] uncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SrvCDEject - Unknown owner - C:\Program Files\Packard Bell\SrvCDEject.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Re, désolé j'ai du partir ^^. ça y est c'est fait! Je dois faire encore d'autres choses? Je dois poster un rapport?

Reposte un rapport Hijackthis.

Ton pc se comporte mieux ?

En tout cas merci pour ce que vous avez fait pour moi jusque là!

Tu peux patienter ?

On a terminé je pense.

Vi