Bonjour à tous,
 
Depuis quelques temps, j'ai plusieurs problèmes avec mon ordi qui apparaissent, dont ces trois messages d'erreur :
> "Osa9.exe à rencontré un problème et doit fermer"
> "Erreur ctccw32"
> "L'instruction à 0x0... ne peut pas être "read" ou "written"
 
  Je ne connais pas grand chose en informatique, et je suis nouveau sur ce forum. Je vous remercie donc d'avance pour toutes les reponses et l'aide que vous m'apporterez.
 
  Cordialement, Flok66

Bonjour
 
 
Télécharge HijackThis v2.0.2
http://www.trendsecure.com/portal/ [...] ckThis.exe
Démo en image
http://perso.orange.fr/rginformati [...] hijack.htm
 
Fais un scan et poste l'analyse ici.

Merci beaucoup chercheur_ pour cette réponse.
Voilà mon rapport HiJackthis :
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:48:27, on 24/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\UMonit.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Famille Bordes\Local Settings\Temporary Internet Files\Content.IE5\CFYL4QZS\HiJackThis[1].exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32\UMonit.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?836cb503a6d04610b64657e261eb96f0
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?836cb503a6d04610b64657e261eb96f0
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\AIM.EXE (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/251 [...] o-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.0_03) -  
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F9C4728-254B-4DD7-AB51-2465FD754E94}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
 
--
End of file - 10027 bytes

Bien.
 
 
$$ Télécharge SDFix sur ton bureau  
http://downloads.andymanchesta.com [...] /SDFix.exe
 
 
$$ Redémarre en mode sans échec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.  
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.
 
 
$$ Double clique sur SDFix.exe et choisis Install
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
Tape Y pour lancer le script.  
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire  
Presse une touche pour redémarrer  
 
Le PC va mettre du temps avant de démarrer, presse une touche lorsque "Finished" s'affiche  
 
Ouvre le dossier SDFix et copie/colle ici le contenu du fichier "Report.txt"

Bonjour,
Tout a parfaitement marché. Voilà le rapport :
 
 
SDFix: Version 1.115
 
Run by Famille Bordes on 25/11/2007 at 10:05
 
Microsoft Windows XP [version 5.1.2600]
 
Running From: C:\SDFix
 
Safe Mode:
Checking Services:  
 
 
Restoring Windows Registry Values
Restoring Windows Default Hosts File
 
Rebooting...
 
 
Normal Mode:
Checking Files:  
 
Trojan Files Found:
 
C:\WINDOWS\system\smss.exe  - Deleted
 
 
 
 
Removing Temp Files...
 
ADS Check:
 
C:\WINDOWS
No streams found.  
 
C:\WINDOWS\system32
No streams found.  
 
C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
 
 
 
                                 Final Check:
 
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 10:17:17
Windows 5.1.2600 Service Pack 2 NTFS
 
scanning hidden processes ...
 
scanning hidden services & system hive ...
 
scanning hidden registry entries ...
 
scanning hidden files ...
 
C:\Documents and Settings\Famille Bordes\Local Settings\Application Data\Microsoft\Messenger\bloops66@hotmail.fr\SharingMetadata\cassandrea@hotmail.fr\DFSR\Staging\CS{43DC2B00-CA43-BAA4-2A6E-5BFC0349CCFD}\01\13-{43DC2B00-CA43-BAA4-2A6E-5BFC0349CCFD}-v1-{22D1BDF5-1A5F-4003-BBFD-CD7A5341DA3F}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Famille Bordes\Local Settings\Application Data\Microsoft\Messenger\bloops66@hotmail.fr\SharingMetadata\cassandrea@hotmail.fr\DFSR\Staging\CS{43DC2B00-CA43-BAA4-2A6E-5BFC0349CCFD}\51\151-{4BD6EBC5-A6F6-4BDB-B7C1-498F48E15602}-v151-{4BD6EBC5-A6F6-4BDB-B7C1-498F48E15602}-v151-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1272 bytes hidden from API
C:\Documents and Settings\Famille Bordes\Local Settings\Application Data\Microsoft\Messenger\bloops66@hotmail.fr\SharingMetadata\cassandrea@hotmail.fr\DFSR\Staging\CS{43DC2B00-CA43-BAA4-2A6E-5BFC0349CCFD}\57\57-{4BD6EBC5-A6F6-4BDB-B7C1-498F48E15602}-v57-{4BD6EBC5-A6F6-4BDB-B7C1-498F48E15602}-v57-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 120 bytes hidden from API
C:\Documents and Settings\Famille Bordes\Local Settings\Application Data\Microsoft\Messenger\bloops66@orange.fr\SharingMetadata\bobfranc_89@msn.com\DFSR\Staging\CS{BAEA0BB7-EDBC-C2BC-C4DA-A3F1EBCCE9A0}\01\10-{BAEA0BB7-EDBC-C2BC-C4DA-A3F1EBCCE9A0}-v1-{1FB3E4EC-C239-42D4-B009-7DECFA305DAF}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Famille Bordes\Local Settings\Application Data\Microsoft\Messenger\bloops66@orange.fr\SharingMetadata\teletebis66@hotmail.fr\DFSR\Staging\CS{564652A9-8CD6-949C-9760-42023D3CD2D4}\01\17-{564652A9-8CD6-949C-9760-42023D3CD2D4}-v1-{2BCABD1D-D1DD-4BCF-B41B-5F54240C32D0}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Famille Bordes\Local Settings\Application Data\Microsoft\Messenger\mirabelle.66@hotmail.fr\SharingMetadata\aix-noulette@hotmail.fr\DFSR\Staging\CS{CD940C96-9652-F021-1B69-9299E16DB1CC}\01\11-{CD940C96-9652-F021-1B69-9299E16DB1CC}-v1-{5BAC49BC-4124-4CBC-80B4-F2871366CE95}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Famille Bordes\Local Settings\Application Data\Microsoft\Messenger\mirabelle.66@hotmail.fr\SharingMetadata\bobfranc_89@msn.com\DFSR\Staging\CS{B2E90703-23E2-25B8-8ED8-5F2AD01F1AE4}\01\12-{B2E90703-23E2-25B8-8ED8-5F2AD01F1AE4}-v1-{5BAC49BC-4124-4CBC-80B4-F2871366CE95}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Famille Bordes\Local Settings\Application Data\Microsoft\Messenger\mirabelle.66@hotmail.fr\SharingMetadata\feytraitmartine@hotmail.fr\DFSR\Staging\CS{5651A473-ADBC-3F79-7778-9843BF352954}\01\13-{5651A473-ADBC-3F79-7778-9843BF352954}-v1-{5BAC49BC-4124-4CBC-80B4-F2871366CE95}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Famille Bordes\Local Settings\Application Data\Microsoft\Messenger\mirabelle.66@hotmail.fr\SharingMetadata\feytraitmartine@hotmail.fr\DFSR\Staging\CS{5651A473-ADBC-3F79-7778-9843BF352954}\12\21-{297F9EA6-084A-48AB-BD60-664616DF2934}-v12-{5BAC49BC-4124-4CBC-80B4-F2871366CE95}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 7680 bytes hidden from API
C:\Documents and Settings\Famille Bordes\Local Settings\Application Data\Microsoft\Messenger\mirabelle.66@hotmail.fr\SharingMetadata\feytraitmartine@hotmail.fr\DFSR\Staging\CS{5651A473-ADBC-3F79-7778-9843BF352954}\12\21-{297F9EA6-084A-48AB-BD60-664616DF2934}-v12-{5BAC49BC-4124-4CBC-80B4-F2871366CE95}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 848 bytes hidden from API
C:\Documents and Settings\Famille Bordes\Local Settings\Application Data\Microsoft\Messenger\mirabelle.66@hotmail.fr\SharingMetadata\feytraitmartine@hotmail.fr\DFSR\Staging\CS{5651A473-ADBC-3F79-7778-9843BF352954}\13\22-{297F9EA6-084A-48AB-BD60-664616DF2934}-v13-{5BAC49BC-4124-4CBC-80B4-F2871366CE95}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 6798 bytes hidden from API
C:\Documents and Settings\Famille Bordes\Local Settings\Application Data\Microsoft\Messenger\mirabelle.66@hotmail.fr\SharingMetadata\feytraitmartine@hotmail.fr\DFSR\Staging\CS{5651A473-ADBC-3F79-7778-9843BF352954}\13\22-{297F9EA6-084A-48AB-BD60-664616DF2934}-v13-{5BAC49BC-4124-4CBC-80B4-F2871366CE95}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 728 bytes hidden from API
C:\Documents and Settings\Famille Bordes\Local Settings\Application Data\Microsoft\Messenger\mirabelle.66@hotmail.fr\SharingMetadata\feytraitmartine@hotmail.fr\DFSR\Staging\CS{5651A473-ADBC-3F79-7778-9843BF352954}\14\23-{297F9EA6-084A-48AB-BD60-664616DF2934}-v14-{5BAC49BC-4124-4CBC-80B4-F2871366CE95}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 6834 bytes hidden from API
C:\Documents and Settings\Famille Bordes\Local Settings\Application Data\Microsoft\Messenger\mirabelle.66@hotmail.fr\SharingMetadata\feytraitmartine@hotmail.fr\DFSR\Staging\CS{5651A473-ADBC-3F79-7778-9843BF352954}\14\23-{297F9EA6-084A-48AB-BD60-664616DF2934}-v14-{5BAC49BC-4124-4CBC-80B4-F2871366CE95}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 768 bytes hidden from API
C:\Documents and Settings\Famille Bordes\Local Settings\Application Data\Microsoft\Messenger\mirabelle.66@hotmail.fr\SharingMetadata\feytraitmartine@hotmail.fr\DFSR\Staging\CS{5651A473-ADBC-3F79-7778-9843BF352954}\15\24-{297F9EA6-084A-48AB-BD60-664616DF2934}-v15-{5BAC49BC-4124-4CBC-80B4-F2871366CE95}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9336 bytes hidden from API
C:\Documents and Settings\Famille Bordes\Local Settings\Application Data\Microsoft\Messenger\mirabelle.66@hotmail.fr\SharingMetadata\feytraitmartine@hotmail.fr\DFSR\Staging\CS{5651A473-ADBC-3F79-7778-9843BF352954}\15\24-{297F9EA6-084A-48AB-BD60-664616DF2934}-v15-{5BAC49BC-4124-4CBC-80B4-F2871366CE95}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1016 bytes hidden from API
C:\Documents and Settings\Famille Bordes\Local Settings\Application Data\Microsoft\Messenger\mirabelle.66@hotmail.fr\SharingMetadata\feytraitmartine@hotmail.fr\DFSR\Staging\CS{5651A473-ADBC-3F79-7778-9843BF352954}\16\25-{297F9EA6-084A-48AB-BD60-664616DF2934}-v16-{5BAC49BC-4124-4CBC-80B4-F2871366CE95}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 7266 bytes hidden from API
C:\Documents and Settings\Famille Bordes\Local Settings\Application Data\Microsoft\Messenger\mirabelle.66@hotmail.fr\SharingMetadata\feytraitmartine@hotmail.fr\DFSR\Staging\CS{5651A473-ADBC-3F79-7778-9843BF352954}\16\25-{297F9EA6-084A-48AB-BD60-664616DF2934}-v16-{5BAC49BC-4124-4CBC-80B4-F2871366CE95}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 808 bytes hidden from API
C:\Documents and Settings\Famille Bordes\Local Settings\Application Data\Microsoft\Messenger\mirabelle.66@hotmail.fr\SharingMetadata\feytraitmartine@hotmail.fr\DFSR\Staging\CS{5651A473-ADBC-3F79-7778-9843BF352954}\17\26-{297F9EA6-084A-48AB-BD60-664616DF2934}-v17-{5BAC49BC-4124-4CBC-80B4-F2871366CE95}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 7842 bytes hidden from API
C:\Documents and Settings\Famille Bordes\Local Settings\Application Data\Microsoft\Messenger\mirabelle.66@hotmail.fr\SharingMetadata\feytraitmartine@hotmail.fr\DFSR\Staging\CS{5651A473-ADBC-3F79-7778-9843BF352954}\17\26-{297F9EA6-084A-48AB-BD60-664616DF2934}-v17-{5BAC49BC-4124-4CBC-80B4-F2871366CE95}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 864 bytes hidden from API
C:\Documents and Settings\Famille Bordes\Local Settings\Application Data\Microsoft\Messenger\mirabelle.66@hotmail.fr\SharingMetadata\suzannecots@hotmail.com\DFSR\Staging\CS{3172818E-0FC2-A787-B908-AFB4366883BA}\01\10-{3172818E-0FC2-A787-B908-AFB4366883BA}-v1-{5BAC49BC-4124-4CBC-80B4-F2871366CE95}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
 
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 21
 
 
Remaining Services:
------------------
 
 
 
Authorized Application Key Export:
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
 
Remaining Files:
---------------
 
File Backups: - C:\SDFix\backups\backups.zip
 
Files with Hidden Attributes:
 
Wed 13 Oct 2004     1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Fri 20 Aug 2004        60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Wed 14 Jul 2004         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 20 Sep 2006           401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv11.bak"
Wed 14 Jul 2004           401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv18.bak"
Fri 13 Aug 2004     1,953,792 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\launcher.exe"
Fri 13 Aug 2004        53,760 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\mnyinsta.dll"
Fri 13 Aug 2004        94,208 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\RmvSuite.exe"
Mon 16 Aug 2004        35,328 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\setuplng.dll"
Fri 13 Aug 2004        20,480 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\unregwtr.exe"
Fri 20 Aug 2004        60,416 A.SH. --- "C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe"
Sun  8 Apr 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu 20 Sep 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT1.tmp"
 
Finished!  

Bien.
 
 
Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
 
Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.  
 
Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.

Voilà le rapport ComboFix :
 
ComboFix 07-11-19.4 - Famille Bordes 2007-11-26 18:56:17.1 - NTFSx86
Running from: C:\Documents and Settings\Famille Bordes\Local Settings\Temporary Internet Files\Content.IE5\37CT71PO\ComboFix[1].exe
.
 
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\caqovtjhwm.dat
C:\WINDOWS\system32\caqovtjhwm_nav.dat
C:\WINDOWS\system32\caqovtjhwm_navps.dat
C:\WINDOWS\system32\nvs2.inf
 
.
(((((((((((((((((((((((((((((   Fichiers créés 2007-10-26 to 2007-11-26  ))))))))))))))))))))))))))))))))))))
.
 
2007-11-25 10:04 <REP> d-------- C:\WINDOWS\ERUNT
2007-11-24 15:25 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-16 17:50 <REP> d-------- C:\Program Files\Windows Live Favorites
2007-11-16 17:46 <REP> d-------- C:\Program Files\Windows Live Toolbar
2007-11-11 15:47 25,088 --a------ C:\WINDOWS\system\smvss.exe
2007-11-09 07:50 25,088 --a------ C:\WINDOWS\system\smbss.exe
2007-11-02 11:48 8 --a------ C:\Documents and Settings\Famille Bordes\.bztarotcumul.dat
2007-11-02 11:47 <REP> d-------- C:\Program Files\Objective Tarot
2007-11-02 11:47 <REP> d-------- C:\Program Files\BzTarot
2007-11-02 11:47 <REP> d-------- C:\Documents and Settings\Famille Bordes\.bztarot
2007-10-30 15:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-10-29 16:35 47,351 --a------ C:\WINDOWS\system32\osa9.exe
2007-10-29 11:36 <REP> d-------- C:\Documents and Settings\Famille Bordes\Application Data\BitTorrent
2007-10-27 15:44 <REP> d--h----- C:\Documents and Settings\eMule_Secure\Voisinage réseau
2007-10-27 15:44 <REP> d--h----- C:\Documents and Settings\eMule_Secure\Voisinage d'impression
2007-10-27 15:44 <REP> d-------- C:\Documents and Settings\eMule_Secure\Mes documents
2007-10-27 15:44 <REP> dr------- C:\Documents and Settings\eMule_Secure\Menu Démarrer
2007-10-27 15:44 <REP> d-------- C:\Documents and Settings\eMule_Secure\Favoris
2007-10-27 15:44 <REP> d-------- C:\Documents and Settings\eMule_Secure\Bureau
2007-10-27 15:22 <REP> d-------- C:\Program Files\eMule
 
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-26 17:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-26 17:03 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-11-26 17:02 --------- d-----w C:\Documents and Settings\Famille Bordes\Application Data\OpenOffice.org2
2007-11-26 15:54 8 ----a-w C:\Documents and Settings\Famille Bordes\.bztarotcumul.dat
2007-11-25 11:12 10,038 -c--a-w C:\Documents and Settings\Famille Bordes\Application Data\wklnhst.dat
2007-11-24 16:47 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-11-24 10:32 --------- d-----w C:\Documents and Settings\Famille Bordes\Application Data\Canon
2007-11-22 11:05 --------- d-----w C:\Program Files\Norton Internet Security
2007-11-14 18:09 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-10 17:34 --------- d-----w C:\Program Files\Tarot!Expert
2007-11-10 12:59 --------- d-----w C:\Program Files\GALWIN
2007-11-04 19:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-04 19:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-10-31 11:46 --------- d-----w C:\Program Files\Samsung
2007-10-11 06:07 --------- d-----w C:\Program Files\Google
2007-10-07 09:00 --------- d-----w C:\Documents and Settings\Famille Bordes\Application Data\InstallShield
2007-10-07 06:27 --------- d-----w C:\Program Files\Java
2007-09-28 16:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-08-15 14:33 1,666 -c--a-w C:\Documents and Settings\BORDES Gérard\Application Data\wklnhst.dat
2007-03-23 17:02 49 --sh--w C:\Program Files\desktop.ini
2006-08-17 14:21 94,216 -c--a-w C:\Documents and Settings\Famille Bordes\Application Data\GDIPFONTCACHEV1.DAT
2004-08-19 23:09 60,416 --sha-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe
.
 
(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 15:19]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UMonit"="C:\WINDOWS\System32\UMonit.exe" [2003-03-24 06:05]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 04:42 C:\WINDOWS\soundman.exe]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 17:01]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-10-13 17:04]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2005-04-06 09:36]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09]
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli
 
R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe"
R3 VX3000;VX-3000;C:\WINDOWS\system32\DRIVERS\VX3000.sys
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys
S3 USTOR2K;Genesys USB Mass Storage Windows Driver;C:\WINDOWS\system32\DRIVERS\ustor2k.sys
 
*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-01 07:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Analyse système complète - BORDES Florian.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
"2007-11-26 17:32:10 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************
 
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-26 19:03:12
Windows 5.1.2600 Service Pack 2 NTFS
 
scanning hidden processes ...
 
scanning hidden autostart entries ...
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  UMonit = C:\WINDOWS\System32\UMonit.exe??x???????????????|}~?????????????8???????????????8???????H:?????? ???????8????????????H?wH:????????????@????????w???????????w???????w???p??@?????????????@????????????????????????????????????????H?w?:?w???????w???w????????u?@  
 
scanning hidden files ...
 
scan completed successfully  
hidden files: 0  
 
**************************************************************************
.
Completion time: 2007-11-26 19:05:04
.
 --- E O F ---

... Et le HiJackthis
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:07:09, on 26/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\UMonit.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Famille Bordes\Local Settings\Temporary Internet Files\Content.IE5\6VJRZOE7\HiJackThis[1].exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32\UMonit.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?836cb503a6d04610b64657e261eb96f0
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?836cb503a6d04610b64657e261eb96f0
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\AIM.EXE (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/251 [...] o-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.0_03) -  
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F9C4728-254B-4DD7-AB51-2465FD754E94}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
 
--
End of file - 9859 bytes

Bien.
 
 
Relance un scan HijackThis et coche les lignes ci-dessous :  
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896  
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896  
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll  
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)  
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)  
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)  
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')  
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')  
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')  
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')  
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000  
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll  
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll  
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL  
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\AIM.EXE (file missing)  
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)  
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab  
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/251 [...] o-eula.cab  
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll  
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab  
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab  
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab  
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.0_03) -  
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab  
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab  
 
Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »  
 
 
Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.c [...] MoveIt.exe
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt aste List of Files/Folders to be moved.
 
C:\WINDOWS\system\smvss.exe  
C:\WINDOWS\system\smbss.exe  
C:\WINDOWS\system32\osa9.exe
 
Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.
 
Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.
 
 
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.