Virus Msn

Bonjour,

Même souci ?

Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

Voila le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:09, on 2008-03-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\WgaTray.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\conime.exe
D:\WINDOWS\17PHolmes1423.exe
D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
D:\Program Files\QuickTime\QTTask.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\WINDOWS\mrofinu1423.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Veoh Networks\Veoh\VeohClient.exe
D:\Program Files\Boonty\BoontyBox\BoontyBox.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\hf\LOCALS~1\Temp\Rar$EX00.172\HijackThis.exe

R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - D:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll (file missing)
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\DOCUME~1\hf\LOCALS~1\Temp\services.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll (file missing)
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll (file missing)
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - D:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll (file missing)
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - D:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMSCMig] D:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flash Media] D:\DOCUME~1\hf\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [runner1] D:\WINDOWS\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BoontyBox 01net.lnk = D:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O8 - Extra context menu item: !搜一搜(&S) - res://D:\Program Files\yisou\yisou.dll/232
O8 - Extra context menu item: &Recherche AOL Toolbar - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://D:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?ce41d98651414db38d54bd4aacd74ba8
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://D:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?ce41d98651414db38d54bd4aacd74ba8
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 雅虎搜索 - res://D:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll/246
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls....
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Boonty Games - BOONTY - D:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: hpdj - HP - D:\DOCUME~1\hf\LOCALS~1\Temp\hpdj.exe
O23 - Service: iPod 服务 (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerberos Key Distribution Centers (kkdc) - Unknown owner - D:\WINDOWS\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9109 bytes

Répond à ma question la prochaine fois  

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique sur combofix.exe afin de le lancer.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Re, désolé pour le retard =S!
Donc voila le rapport Combofix:

ComboFix 08-03-04.3 - hf 2008-03-04 20:49:17.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.936.1.2052.18.87 [GMT 1:00]: D:\Documents and Settings\hf\Local Settings\Temporary Internet Files\Content.IE5\PA3LLAOE\ComboFix[1].exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((( 2008-02-04 - 2008-03-04 )))))))))))))))))))))))))))))))))
.

2008-03-04 13:38 . 2008-03-04 15:20 <DIR> d-------- D:\Program Files\Trend Micro
2008-03-03 22:43 . 2008-03-03 22:43 <DIR> d-------- D:\Program Files\Avira
2008-03-03 22:43 . 2008-03-03 22:43 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Avira
2008-03-03 21:56 . 2008-03-03 21:56 244 --ah----- D:\sqmnoopt00.sqm
2008-03-03 21:56 . 2008-03-03 21:56 232 --ah----- D:\sqmdata00.sqm
2008-02-16 20:58 . 2008-02-16 20:58 <DIR> d-------- D:\Documents and Settings\hf\Application Data\DivX

.
(((((((((((((((((((((((((((((((((((( Compte-rendu )))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 18:58 --------- d-----w D:\Program Files\Windows Live Safety Center
2008-02-16 17:48 --------- d-----w D:\Program Files\DivX
2008-02-16 17:06 --------- d-----w D:\Program Files\Windows Live Toolbar
2008-02-14 14:56 --------- d-----w D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-27 10:13 --------- d-----w D:\Program Files\Gamenext
2008-01-27 10:12 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-01-20 17:34 --------- d-----w D:\Program Files\MSN Games
2008-01-20 10:11 --------- d-----w D:\Documents and Settings\All Users\Application Data\Oberon Games
2008-01-06 20:06 --------- d-----w D:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-04 21:13 --------- d-----w D:\Program Files\BoontyGames
2008-01-04 11:41 --------- d-----w D:\Documents and Settings\hf\Application Data\Jane s Hotel
2008-01-04 11:40 12,464 ----a-w D:\WINDOWS\system32\drivers\CdaC15BA.SYS
2007-12-07 01:06 644,608 ----a-w D:\WINDOWS\system32\wininet.dll
2007-12-04 18:40 550,912 ----a-w D:\WINDOWS\system32\oleaut32.dll
2007-12-04 01:33 823,296 ----a-w D:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33 823,296 ----a-w D:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33 802,816 ----a-w D:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w D:\WINDOWS\system32\DivX.dll
.

(((((((((((((((((((((((((((((((((((((((((( Point de changement )))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-17 13:00 15360]
"msnmsgr"="D:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 05:55 5674352]
"Veoh"="D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-11-01 06:22 3317760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMSCMig"="D:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [2003-07-14 15:57 13368]
"PCSuiteTrayApplication"="D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 08:10 271360]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2007-06-28 23:24 286720]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 07:42 267064]
"avgnt"="D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-03 22:46 249896]
"runner1"="D:\WINDOWS\mrofinu1423.exe" [2008-03-04 20:54 37376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 13:00 15360]
"Nokia.PCSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 03:17 1241088]
"msnmsgr"="D:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 05:55 5674352]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"D:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Program Files\\Shareaza\\Shareaza.exe"=
"D:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"D:\\DOCUME~1\\hf\\LOCALS~1\\Temp\\services.exe"=

R3 LucentSoftModem;Lucent Technologies Soft Modem;D:\WINDOWS\system32\DRIVERS\LTSM.sys [2002-03-29 15:34]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);D:\WINDOWS\system32\drivers\sis7012.sys [2002-03-28 11:08]
R3 SNPHV71;PC Camera (602a VGA);D:\WINDOWS\system32\DRIVERS\snphv71.sys [2003-04-17 08:28]
S2 kkdc;Kerberos Key Distribution Centers;D:\WINDOWS\lsass.exe []
S3 Boonty Games;Boonty Games;"D:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2006-06-27 03:57]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffb7756d-7a33-11dc-9e06-00e018784912}]
\Shell\1\Command - H:\autorun.pif
\Shell\2\Command - H:\autorun.pif
\Shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif

.

"2008-03-01 19:31:02 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-04 19:24:04 D:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- D:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 20:53:41
Windows 5.1.2600 Service Pack 2 NTFS


**************************************************************************
.
Temps d'accomplissement: 2008-03-04 20:55:46
ComboFix2.txt 2008-03-03 20:29:18
.
2007-03-03 12:55:05 --- E O F ---

Que dois-je faire après =S?

Re,

[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

Re, voilà le rapport Combofix:


ComboFix 08-03-04.3 - hf 2008-03-05 13:44:26.11 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.936.1.2052.18.90 [GMT 1:00]
Endroit: D:\Documents and Settings\hf\bureau\ComboFix.exe
Command switches used :: D:\Documents and Settings\hf\bureau\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
D:\WINDOWS\lsass.exe
D:\WINDOWS\mrofinu1423.exe
.

(((((((((((((((((((((((((((( 2008-02-05 - 2008-03-05 )))))))))))))))))))))))))))))))))
.

2008-03-05 13:20 . 2008-03-05 13:21 9,296 --a------ D:\Documents and Settings\hf\jixdzm.exe
2008-03-04 13:38 . 2008-03-04 21:08 <DIR> d-------- D:\Program Files\Trend Micro
2008-03-03 22:43 . 2008-03-03 22:43 <DIR> d-------- D:\Program Files\Avira
2008-03-03 22:43 . 2008-03-03 22:43 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Avira
2008-03-03 21:56 . 2008-03-03 21:56 244 --ah----- D:\sqmnoopt00.sqm
2008-03-03 21:56 . 2008-03-03 21:56 232 --ah----- D:\sqmdata00.sqm
2008-03-03 18:28 . 2008-03-04 20:55 <DIR> d-------- D:\ComboFix[1]
2008-02-16 20:58 . 2008-02-16 20:58 <DIR> d-------- D:\Documents and Settings\hf\Application Data\DivX

.
(((((((((((((((((((((((((((((((((((( Compte-rendu )))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 18:58 --------- d-----w D:\Program Files\Windows Live Safety Center
2008-02-16 17:48 --------- d-----w D:\Program Files\DivX
2008-02-16 17:06 --------- d-----w D:\Program Files\Windows Live Toolbar
2008-02-14 14:56 --------- d-----w D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-27 10:13 --------- d-----w D:\Program Files\Gamenext
2008-01-27 10:12 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-01-20 17:34 --------- d-----w D:\Program Files\MSN Games
2008-01-20 10:11 --------- d-----w D:\Documents and Settings\All Users\Application Data\Oberon Games
2008-01-06 20:06 --------- d-----w D:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-12-07 01:06 644,608 ----a-w D:\WINDOWS\system32\wininet.dll
.

(((((((((((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
**Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-17 13:00 15360]
"msnmsgr"="D:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 05:55 5674352]
"Veoh"="D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-11-01 06:22 3317760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMSCMig"="D:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [2003-07-14 15:57 13368]
"PCSuiteTrayApplication"="D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 08:10 271360]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2007-06-28 23:24 286720]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 07:42 267064]
"avgnt"="D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-03 22:46 249896]
"runner1"="D:\WINDOWS\mrofinu1423.exe" [2008-03-05 13:48 37376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 13:00 15360]
"Nokia.PCSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 03:17 1241088]
"msnmsgr"="D:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 05:55 5674352]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"D:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Program Files\\Shareaza\\Shareaza.exe"=
"D:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"D:\\DOCUME~1\\hf\\LOCALS~1\\Temp\\services.exe"=

R3 LucentSoftModem;Lucent Technologies Soft Modem;D:\WINDOWS\system32\DRIVERS\LTSM.sys [2002-03-29 15:34]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);D:\WINDOWS\system32\drivers\sis7012.sys [2002-03-28 11:08]
R3 SNPHV71;PC Camera (602a VGA);D:\WINDOWS\system32\DRIVERS\snphv71.sys [2003-04-17 08:28]
S3 Boonty Games;Boonty Games;"D:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2006-06-27 03:57]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffb7756d-7a33-11dc-9e06-00e018784912}]
\Shell\1\Command - H:\autorun.pif
\Shell\2\Command - H:\autorun.pif
\Shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif

.
Contenu du dossier
"2008-03-01 19:31:02 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-05 12:24:09 D:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- D:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 13:47:56
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

? [3220]

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-05 13:49:55
ComboFix-quarantined-files.txt 2008-03-05 12:49:38
ComboFix2.txt 2008-03-04 19:55:47
ComboFix3.txt 2008-03-03 20:29:18
.
2007-03-03 12:55:05 --- E O F ---




Et le rapport Hijackthis:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:59:46, on 2008-3-5
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\WgaTray.exe
D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
D:\Program Files\QuickTime\QTTask.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Veoh Networks\Veoh\VeohClient.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\Boonty\BoontyBox\BoontyBox.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\conime.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\17PHolmes1423.exe
D:\WINDOWS\system32\notepad.exe
D:\Program Files\internet explorer\iexplore.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\nvcoi\nvcoi.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\DOCUME~1\hf\LOCALS~1\Temp\services.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMSCMig] D:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [JavaCore] D:\Program Files\\JavaCore\\JavaCore.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [nvcoi] D:\Program Files\nvcoi\nvcoi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BoontyBox 01net.lnk = D:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O8 - Extra context menu item: !搜一搜(&S) - res://D:\Program Files\yisou\yisou.dll/232
O8 - Extra context menu item: &Recherche AOL Toolbar - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://D:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?ce41d98651414db38d54bd4aacd74ba8
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://D:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?ce41d98651414db38d54bd4aacd74ba8
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 雅虎搜索 - res://D:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll/246
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls....
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Boonty Games - BOONTY - D:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: hpdj - Unknown owner - D:\DOCUME~1\hf\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: iPod 服务 (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8668 bytes

Re,

T'as un pc chinois ?

Non, seulement quelqu'un m'a enregistré des choses en chinois.

Sinon que dois-je faire en suite?

Re,

Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES

Ensuite?

Reposte un rapport Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:05, on 2008-3-5
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
D:\Program Files\QuickTime\QTTask.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Veoh Networks\Veoh\VeohClient.exe
D:\WINDOWS\system32\WgaTray.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\Boonty\BoontyBox\BoontyBox.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\internet explorer\iexplore.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\DOCUME~1\hf\LOCALS~1\Temp\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1349C3CD-5324-77AB-0A14-5200BBC7DC9F} - D:\WINDOWS\system32\qrdcmcq.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMSCMig] D:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Flash Media] D:\DOCUME~1\hf\LOCALS~1\Temp\services.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [JavaCore] D:\Program Files\\JavaCore\\JavaCore.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [NoDNS] D:\Program Files\\NoDNS\\NoDNS.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [WinTouch] D:\Documents and Settings\hf\Application Data\WinTouch\WinTouch.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SfKg6w] D:\Documents and Settings\hf\Application Data\Microsoft\Windows\egwafgi.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Deea] "D:\PROGRA~1\Тasks\mmc.exe" -vt yazb (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Tmvwveu] "D:\Program Files\Common Files\Аdobe\w?nspool.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BoontyBox 01net.lnk = D:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O8 - Extra context menu item: !搜一搜(&S) - res://D:\Program Files\yisou\yisou.dll/232
O8 - Extra context menu item: &Recherche AOL Toolbar - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://D:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?ce41d98651414db38d54bd4aacd74ba8
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://D:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?ce41d98651414db38d54bd4aacd74ba8
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls....
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Boonty Games - BOONTY - D:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: iPod (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8071 bytes

Refais un scan Combofix.

Voilà le rapport:

ComboFix 08-03-04.3 - hf 2008-03-06 14:11:16.12 - NTFSx86
Endroit: D:\Documents and Settings\hf\bureau\ComboFix.exe


D:\Documents and Settings\hf\Application Data\WinTouch
D:\Documents and Settings\hf\Application Data\WinTouch\wintouch.cfg
D:\Documents and Settings\hf\Application Data\WinTouch\WinTouch.exe
D:\Documents and Settings\hf\Application Data\WinTouch\WTUninstaller.exe
D:\Program Files\Common Files\Yazzle1560OinAdmin.exe
D:\Program Files\Common Files\Yazzle1560OinUninstaller.exe
D:\Program Files\inetget2
D:\Program Files\JavaCore
D:\Program Files\JavaCore\JavaCore.exe
D:\Program Files\JavaCore\UnInstall.exe
D:\Program Files\NoDNS
D:\Program Files\NoDNS\NoDNS.exe
D:\Program Files\NoDNS\UnInstall.exe
D:\Program Files\outerinfo
D:\Program Files\outerinfo\FF\chrome.manifest
D:\Program Files\outerinfo\FF\components\FF.dll
D:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
D:\Program Files\outerinfo\FF\install.rdf
D:\Program Files\outerinfo\Terms.rtf
D:\Program Files\Temporary
D:\Program Files\Temporary\InsiDERInst.exe
D:\WINDOWS\b128.exe
D:\WINDOWS\b138.exe
D:\WINDOWS\b152.exe
D:\WINDOWS\b153.exe
D:\WINDOWS\b154.exe
D:\WINDOWS\mrofinu1423.exe
D:\WINDOWS\system32\qrdcmcq.dll

.
(((((((((((((((((((((((((((( 2008-02-06 - 2008-03-06 )))))))))))))))))))))))))))))))))
.

2008-03-05 23:22 . 2008-03-05 23:22 244 --ah----- D:\sqmnoopt02.sqm
2008-03-05 23:22 . 2008-03-05 23:22 232 --ah----- D:\sqmdata02.sqm
2008-03-05 18:37 . 2008-03-05 18:37 244 --ah----- D:\sqmnoopt01.sqm
2008-03-05 18:37 . 2008-03-05 18:37 232 --ah----- D:\sqmdata01.sqm
2008-03-05 14:22 . 2008-03-05 14:22 9,662 --a------ D:\WINDOWS\system32\ZoneAlarmIconFR.ico
2008-03-05 14:12 . 2008-03-05 14:12 <DIR> d-------- D:\Program Files\Тasks
2008-03-05 14:12 . 2008-03-05 14:12 <DIR> d-------- D:\Program Files\Common Files\Аdobe
2008-03-05 13:57 . 2008-03-05 13:57 <DIR> d-------- D:\Program Files\nvcoi
2008-03-05 13:20 . 2008-03-05 13:21 9,296 --a------ D:\Documents and Settings\hf\jixdzm.exe
2008-03-04 13:38 . 2008-03-04 21:08 <DIR> d-------- D:\Program Files\Trend Micro
2008-03-03 22:43 . 2008-03-03 22:43 <DIR> d-------- D:\Program Files\Avira
2008-03-03 22:43 . 2008-03-03 22:43 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Avira
2008-03-03 21:56 . 2008-03-03 21:56 244 --ah----- D:\sqmnoopt00.sqm
2008-03-03 21:56 . 2008-03-03 21:56 232 --ah----- D:\sqmdata00.sqm
2008-03-03 18:28 . 2008-03-04 20:55 <DIR> d-------- D:\ComboFix[1]
2008-02-16 20:58 . 2008-02-16 20:58 <DIR> d-------- D:\Documents and Settings\hf\Application Data\DivX

.
(((((((((((((((((((((((((((((((((((( Compte-rendu )))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 13:12 --------- d-----w D:\Program Files\Тasks
2008-03-05 13:12 --------- d-----w D:\Program Files\Common Files\Аdobe
2008-02-25 18:58 --------- d-----w D:\Program Files\Windows Live Safety Center
2008-02-16 17:48 --------- d-----w D:\Program Files\DivX
2008-02-16 17:06 --------- d-----w D:\Program Files\Windows Live Toolbar
2008-02-14 14:56 --------- d-----w D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-27 10:13 --------- d-----w D:\Program Files\Gamenext
2008-01-27 10:12 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-01-20 17:34 --------- d-----w D:\Program Files\MSN Games
2008-01-20 10:11 --------- d-----w D:\Documents and Settings\All Users\Application Data\Oberon Games
2008-01-06 20:06 --------- d-----w D:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-12-07 01:06 644,608 ----a-w D:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-03-04_20.55.04.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-03 20:56:39 16,384 ----a-w D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-03-05 22:21:49 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-03-03 20:56:39 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-05 22:21:49 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-05 12:57:49 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008030520080306\index.dat
+ 2008-03-05 12:57:25 76,286 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C70TQRQD\filters[1].bin
+ 2008-03-05 12:57:25 54,999 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IDG92PSH\parameters[1].bin
- 2008-03-03 20:56:39 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-05 22:21:49 49,152 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-05 12:59:35 78,924 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\PhishingFilter\45E13EC5-3DB7-4B3D-9F80-073A58AB5E82.dat
.
(((((((((((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-17 13:00 15360]
"msnmsgr"="D:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 05:55 5674352]
"Veoh"="D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-11-01 06:22 3317760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMSCMig"="D:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [2003-07-14 15:57 13368]
"PCSuiteTrayApplication"="D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 08:10 271360]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2007-06-28 23:24 286720]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 07:42 267064]
"avgnt"="D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-03 22:46 249896]
"runner1"="D:\WINDOWS\mrofinu1423.exe" [2008-03-06 14:16 37376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 13:00 15360]
"Nokia.PCSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 03:17 1241088]
"msnmsgr"="D:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 05:55 5674352]
"JavaCore"="D:\Program Files\\JavaCore\\JavaCore.exe" [ ]
"NoDNS"="D:\Program Files\\NoDNS\\NoDNS.exe" [ ]
"WinTouch"="D:\Documents and Settings\hf\Application Data\WinTouch\WinTouch.exe" [ ]
"SfKg6w"="D:\Documents and Settings\hf\Application Data\Microsoft\Windows\egwafgi.exe" [2008-03-05 14:07 35840]
"Deea"="D:\PROGRA~1\Тasks\mmc.exe" [2008-03-05 14:12 68608]
"Tmvwveu"="D:\Program Files\Common Files\Аdobe\w?nspool.exe" [2008-01-28 17:29 230400]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"D:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Program Files\\Shareaza\\Shareaza.exe"=
"D:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"D:\\DOCUME~1\\hf\\LOCALS~1\\Temp\\services.exe"=

R3 LucentSoftModem;Lucent Technologies Soft Modem;D:\WINDOWS\system32\DRIVERS\LTSM.sys [2002-03-29 15:34]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);D:\WINDOWS\system32\drivers\sis7012.sys [2002-03-28 11:08]
R3 SNPHV71;PC Camera (602a VGA);D:\WINDOWS\system32\DRIVERS\snphv71.sys [2003-04-17 08:28]
S3 Boonty Games;Boonty Games;"D:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2006-06-27 03:57]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffb7756d-7a33-11dc-9e06-00e018784912}]
\Shell\1\Command - H:\autorun.pif
\Shell\2\Command - H:\autorun.pif
\Shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif

.
Contenu du dossier
"2008-03-01 19:31:02 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-06 12:24:03 D:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- D:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 14:15:44
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

? [464]

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-06 14:17:43
ComboFix-quarantined-files.txt 2008-03-06 13:17:20
ComboFix2.txt 2008-03-05 12:49:55
ComboFix3.txt 2008-03-04 19:55:47
ComboFix4.txt 2008-03-03 20:29:18
.
2007-03-03 12:55:05 --- E O F ---

Il est complet ?

Oui, j'en ai fait un autre au cas où:


ComboFix 08-03-04.3 - hf 2008-03-06 18:33:58.13 - NTFSx86
Endroit: D:\Documents and Settings\hf\bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\WINDOWS\mrofinu1423.exe

.
(((((((((((((((((((((((((((( 2008-02-06 - 2008-03-06 )))))))))))))))))))))))))))))))))
.

2008-03-05 23:22 . 2008-03-05 23:22 244 --ah----- D:\sqmnoopt02.sqm
2008-03-05 23:22 . 2008-03-05 23:22 232 --ah----- D:\sqmdata02.sqm
2008-03-05 18:37 . 2008-03-05 18:37 244 --ah----- D:\sqmnoopt01.sqm
2008-03-05 18:37 . 2008-03-05 18:37 232 --ah----- D:\sqmdata01.sqm
2008-03-05 14:22 . 2008-03-05 14:22 9,662 --a------ D:\WINDOWS\system32\ZoneAlarmIconFR.ico
2008-03-05 14:12 . 2008-03-05 14:12 <DIR> d-------- D:\Program Files\Тasks
2008-03-05 14:12 . 2008-03-05 14:12 <DIR> d-------- D:\Program Files\Common Files\Аdobe
2008-03-05 13:57 . 2008-03-05 13:57 <DIR> d-------- D:\Program Files\nvcoi
2008-03-05 13:20 . 2008-03-05 13:21 9,296 --a------ D:\Documents and Settings\hf\jixdzm.exe
2008-03-04 13:38 . 2008-03-04 21:08 <DIR> d-------- D:\Program Files\Trend Micro
2008-03-03 22:43 . 2008-03-03 22:43 <DIR> d-------- D:\Program Files\Avira
2008-03-03 22:43 . 2008-03-03 22:43 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Avira
2008-03-03 21:56 . 2008-03-03 21:56 244 --ah----- D:\sqmnoopt00.sqm
2008-03-03 21:56 . 2008-03-03 21:56 232 --ah----- D:\sqmdata00.sqm
2008-03-03 18:28 . 2008-03-04 20:55 <DIR> d-------- D:\ComboFix[1]
2008-02-16 20:58 . 2008-02-16 20:58 <DIR> d-------- D:\Documents and Settings\hf\Application Data\DivX

.
(((((((((((((((((((((((((((((((((((( Compte-rendu )))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 13:12 --------- d-----w D:\Program Files\Тasks
2008-03-05 13:12 --------- d-----w D:\Program Files\Common Files\Аdobe
2008-02-25 18:58 --------- d-----w D:\Program Files\Windows Live Safety Center
2008-02-16 17:48 --------- d-----w D:\Program Files\DivX
2008-02-16 17:06 --------- d-----w D:\Program Files\Windows Live Toolbar
2008-02-14 14:56 --------- d-----w D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-27 10:13 --------- d-----w D:\Program Files\Gamenext
2008-01-27 10:12 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-01-20 17:34 --------- d-----w D:\Program Files\MSN Games
2008-01-20 10:11 --------- d-----w D:\Documents and Settings\All Users\Application Data\Oberon Games
2008-01-06 20:06 --------- d-----w D:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-12-07 01:06 644,608 ----a-w D:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-03-04_20.55.04.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-03 20:56:39 16,384 ----a-w D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-03-05 22:21:49 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-03-03 20:56:39 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-05 22:21:49 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-05 12:57:49 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008030520080306\index.dat
+ 2008-03-05 12:57:25 76,286 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C70TQRQD\filters[1].bin
+ 2008-03-05 12:57:25 54,999 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IDG92PSH\parameters[1].bin
- 2008-03-03 20:56:39 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-05 22:21:49 49,152 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-05 12:59:35 78,924 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\PhishingFilter\45E13EC5-3DB7-4B3D-9F80-073A58AB5E82.dat
.
(((((((((((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-17 13:00 15360]
"msnmsgr"="D:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 05:55 5674352]
"Veoh"="D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-11-01 06:22 3317760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMSCMig"="D:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [2003-07-14 15:57 13368]
"PCSuiteTrayApplication"="D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 08:10 271360]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2007-06-28 23:24 286720]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 07:42 267064]
"avgnt"="D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-03 22:46 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 13:00 15360]
"Nokia.PCSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 03:17 1241088]
"msnmsgr"="D:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 05:55 5674352]
"JavaCore"="D:\Program Files\\JavaCore\\JavaCore.exe" [ ]
"NoDNS"="D:\Program Files\\NoDNS\\NoDNS.exe" [ ]
"WinTouch"="D:\Documents and Settings\hf\Application Data\WinTouch\WinTouch.exe" [ ]
"SfKg6w"="D:\Documents and Settings\hf\Application Data\Microsoft\Windows\egwafgi.exe" [2008-03-05 14:07 35840]
"Deea"="D:\PROGRA~1\Тasks\mmc.exe" [2008-03-05 14:12 68608]
"Tmvwveu"="D:\Program Files\Common Files\Аdobe\w?nspool.exe" [2008-01-28 17:29 230400]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"D:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Program Files\\Shareaza\\Shareaza.exe"=
"D:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"D:\\DOCUME~1\\hf\\LOCALS~1\\Temp\\services.exe"=

R3 LucentSoftModem;Lucent Technologies Soft Modem;D:\WINDOWS\system32\DRIVERS\LTSM.sys [2002-03-29 15:34]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);D:\WINDOWS\system32\drivers\sis7012.sys [2002-03-28 11:08]
R3 SNPHV71;PC Camera (602a VGA);D:\WINDOWS\system32\DRIVERS\snphv71.sys [2003-04-17 08:28]
S3 Boonty Games;Boonty Games;"D:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2006-06-27 03:57]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffb7756d-7a33-11dc-9e06-00e018784912}]
\Shell\1\Command - H:\autorun.pif
\Shell\2\Command - H:\autorun.pif
\Shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif

.
Contenu du dossier
"2008-03-01 19:31:02 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-06 17:24:01 D:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- D:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 18:38:31
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

? [1240]

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-06 18:40:05
ComboFix-quarantined-files.txt 2008-03-06 17:39:43
ComboFix2.txt 2008-03-06 13:17:44
ComboFix3.txt 2008-03-05 12:49:55
ComboFix4.txt 2008-03-04 19:55:47
ComboFix5.txt 2008-03-03 20:29:18
.
2007-03-03 12:55:05 --- E O F ---

salut tout le monde, j'ai un probleme avec un trojan je pense.
j'ai reçu il y a peu un message (en anglais) sur msn accompagné d'une image zip dont le nom était mon adresse msn. je ne sais encore par quel miracle cette chose c'est décompressée mais elle est venu ce coller a mon hd je ne sais exactement ou, tout ce que je sais c'est qu'elle est partie direction MS-dos.
depuis je recois des alertes d'avast me signalent que des messages suspect (de et vers des adrss U.S) ferait un petit tour du coté de chez moi.
que fair vu que avast ne trouve rien
mon cas: win xp sp2, avast 4 famil, wlm plus.
merci

Tyron, crée ton propre sujet.

Re,

Supprime :
D:\Program Files\Common Files\Аdobe\w?nspool.exe (?= suite ou lettre aléatoire)

[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

Bonsoir, je me permet de venir ici pour dire que j'ai crée un topic hier pour le même probleme que certaines personnes ( virus MSN ).
je ne veux pas etre agressif, je veux juste savoir si on ne m'a pas oublier ? et j'aimerai qu'on m'aide s'il vous plait.
J'ai déjà eu des problèmes par le passé, je suis venu sur votre forum et on m'a toujours aider.
Merci

Sincères salutations et bonne soirée à tous

Voilà le rapport Combofix:

ComboFix 08-03-04.3 - hf 2008-03-06 21:43:32.14 - NTFSx86
Endroit: D:\Documents and Settings\hf\bureau\ComboFix.exe
Command switches used :: D:\Documents and Settings\hf\bureau\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
D:\Documents and Settings\hf\Application Data\Microsoft\Windows\egwafgi.exe
D:\Documents and Settings\hf\jixdzm.exe
.

(((((((((((((((((((((((((((((((((((((( Autres supressions ))))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Documents and Settings\hf\Application Data\Microsoft\Windows\egwafgi.exe
D:\PROGRA~1\Тasks
D:\PROGRA~1\Тasks\mmc.exe

.
(((((((((((((((((((((((((((( 2008-02-06 - 2008-03-06 )))))))))))))))))))))))))))))))))
.

2008-03-05 23:22 . 2008-03-05 23:22 244 --ah----- D:\sqmnoopt02.sqm
2008-03-05 23:22 . 2008-03-05 23:22 232 --ah----- D:\sqmdata02.sqm
2008-03-05 18:37 . 2008-03-05 18:37 244 --ah----- D:\sqmnoopt01.sqm
2008-03-05 18:37 . 2008-03-05 18:37 232 --ah----- D:\sqmdata01.sqm
2008-03-05 14:22 . 2008-03-05 14:22 9,662 --a------ D:\WINDOWS\system32\ZoneAlarmIconFR.ico
2008-03-05 14:12 . 2008-03-05 14:12 <DIR> d-------- D:\Program Files\Common Files\Аdobe
2008-03-05 13:57 . 2008-03-05 13:57 <DIR> d-------- D:\Program Files\nvcoi
2008-03-04 13:38 . 2008-03-04 21:08 <DIR> d-------- D:\Program Files\Trend Micro
2008-03-03 22:43 . 2008-03-03 22:43 <DIR> d-------- D:\Program Files\Avira
2008-03-03 22:43 . 2008-03-03 22:43 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Avira
2008-03-03 21:56 . 2008-03-03 21:56 244 --ah----- D:\sqmnoopt00.sqm
2008-03-03 21:56 . 2008-03-03 21:56 232 --ah----- D:\sqmdata00.sqm
2008-03-03 18:28 . 2008-03-04 20:55 <DIR> d-------- D:\ComboFix[1]
2008-02-16 20:58 . 2008-02-16 20:58 <DIR> d-------- D:\Documents and Settings\hf\Application Data\DivX

.
(((((((((((((((((((((((((((((((((((( Compte-rendu )))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 13:12 --------- d-----w D:\Program Files\Common Files\Аdobe
2008-02-25 18:58 --------- d-----w D:\Program Files\Windows Live Safety Center
2008-02-16 17:48 --------- d-----w D:\Program Files\DivX
2008-02-16 17:06 --------- d-----w D:\Program Files\Windows Live Toolbar
2008-02-14 14:56 --------- d-----w D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-27 10:13 --------- d-----w D:\Program Files\Gamenext
2008-01-27 10:12 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-01-20 17:34 --------- d-----w D:\Program Files\MSN Games
2008-01-20 10:11 --------- d-----w D:\Documents and Settings\All Users\Application Data\Oberon Games
2008-01-06 20:06 --------- d-----w D:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-12-07 01:06 644,608 ----a-w D:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-03-04_20.55.04.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-03 20:56:39 16,384 ----a-w D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-03-05 22:21:49 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-03-03 20:56:39 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-05 22:21:49 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-05 12:57:49 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008030520080306\index.dat
+ 2008-03-05 12:57:25 76,286 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C70TQRQD\filters[1].bin
+ 2008-03-05 12:57:25 54,999 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IDG92PSH\parameters[1].bin
- 2008-03-03 20:56:39 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-05 22:21:49 49,152 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-05 12:59:35 78,924 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\PhishingFilter\45E13EC5-3DB7-4B3D-9F80-073A58AB5E82.dat
.
(((((((((((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-17 13:00 15360]
"msnmsgr"="D:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 05:55 5674352]
"Veoh"="D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-11-01 06:22 3317760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMSCMig"="D:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [2003-07-14 15:57 13368]
"PCSuiteTrayApplication"="D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 08:10 271360]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2007-06-28 23:24 286720]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 07:42 267064]
"avgnt"="D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-03 22:46 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 13:00 15360]
"Nokia.PCSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 03:17 1241088]
"msnmsgr"="D:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 05:55 5674352]
"JavaCore"="D:\Program Files\\JavaCore\\JavaCore.exe" [ ]
"NoDNS"="D:\Program Files\\NoDNS\\NoDNS.exe" [ ]
"WinTouch"="D:\Documents and Settings\hf\Application Data\WinTouch\WinTouch.exe" [ ]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"D:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Program Files\\Shareaza\\Shareaza.exe"=
"D:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"D:\\DOCUME~1\\hf\\LOCALS~1\\Temp\\services.exe"=

R3 LucentSoftModem;Lucent Technologies Soft Modem;D:\WINDOWS\system32\DRIVERS\LTSM.sys [2002-03-29 15:34]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);D:\WINDOWS\system32\drivers\sis7012.sys [2002-03-28 11:08]
R3 SNPHV71;PC Camera (602a VGA);D:\WINDOWS\system32\DRIVERS\snphv71.sys [2003-04-17 08:28]
S3 Boonty Games;Boonty Games;"D:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2006-06-27 03:57]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffb7756d-7a33-11dc-9e06-00e018784912}]
\Shell\1\Command - H:\autorun.pif
\Shell\2\Command - H:\autorun.pif
\Shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif

.
Contenu du dossier

"2008-03-01 19:31:02 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-06 20:24:10 D:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- D:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 21:47:52
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...


? [2608]

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-06 21:50:18
ComboFix-quarantined-files.txt 2008-03-06 20:50:02
ComboFix2.txt 2008-03-06 17:40:05
ComboFix3.txt 2008-03-06 13:17:44
ComboFix4.txt 2008-03-05 12:49:55
ComboFix5.txt 2008-03-04 19:55:47
.
2007-03-03 12:55:05 --- E O F ---



Et le rapport Hijackthis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:05:03, on 2008-3-6
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
D:\Program Files\QuickTime\QTTask.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\Veoh Networks\Veoh\VeohClient.exe
D:\Program Files\Boonty\BoontyBox\BoontyBox.exe
D:\WINDOWS\system32\WgaTray.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\internet explorer\iexplore.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\DOCUME~1\hf\LOCALS~1\Temp\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMSCMig] D:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Flash Media] D:\DOCUME~1\hf\LOCALS~1\Temp\services.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [JavaCore] D:\Program Files\\JavaCore\\JavaCore.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [NoDNS] D:\Program Files\\NoDNS\\NoDNS.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [WinTouch] D:\Documents and Settings\hf\Application Data\WinTouch\WinTouch.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BoontyBox 01net.lnk = D:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O8 - Extra context menu item: !搜一搜(&S) - res://D:\Program Files\yisou\yisou.dll/232
O8 - Extra context menu item: &Recherche AOL Toolbar - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://D:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?ce41d98651414db38d54bd4aacd74ba8
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://D:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?ce41d98651414db38d54bd4aacd74ba8
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls....
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Boonty Games - BOONTY - D:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7620 bytes

Re,

Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES

C'est bon, voilà le nouveau rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:31:12, on 2008-3-7
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\WgaTray.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
D:\Program Files\QuickTime\QTTask.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Veoh Networks\Veoh\VeohClient.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\Boonty\BoontyBox\BoontyBox.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\internet explorer\iexplore.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\iTunes\iTunes.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\Program Files\internet explorer\iexplore.exe
D:\Program Files\internet explorer\iexplore.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\DOCUME~1\hf\LOCALS~1\Temp\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMSCMig] D:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [JavaCore] D:\Program Files\\JavaCore\\JavaCore.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [NoDNS] D:\Program Files\\NoDNS\\NoDNS.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [WinTouch] D:\Documents and Settings\hf\Application Data\WinTouch\WinTouch.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BoontyBox 01net.lnk = D:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://D:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?ce41d98651414db38d54bd4aacd74ba8
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://D:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?ce41d98651414db38d54bd4aacd74ba8
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls....
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Boonty Games - BOONTY - D:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7637 bytes

Supprime ta version de MSNFix puis recommence.

C'est quoi ton virus msn décrit-le?
-- ce tool n'a été testé par personne, MSNFix fait très bien son travail -- by Angeldark

Voilà le rapport MSNFix:

MSNFix 1.677

D:\Documents and Settings\hf\My Documents\MSNFix
Fix exécutéle 2008-03-07 Vendredi - 18:49:30.92 By hf
mode normal

************************ Recherche les fichiers présents

... D:\DOCUME~1\hf\LOCALS~1\Temp\services.exe
... D:\WINDOWS\system32\real.txt

************************

Aucun dossier trouvé




************************ Suppression des fichiers

/!\ ... D:\DOCUME~1\hf\LOCALS~1\Temp\services.exe
.. OK ... D:\WINDOWS\system32\real.txt



************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


************************ Suppression des fichiers

/!\ ... D:\DOCUME~1\hf\LOCALS~1\Temp\services.exe
.. OK ... D:\WINDOWS\system32\real.txt



************************ Fichiers suspects

Aucun Fichier trouv?


Les fichiers et clé de registre supprimés ont été sauvegardés dans le fichier 2008-03-07 vendredi_185322.37.zip



------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------





Et ce virus fait envoyer (même quand je suis hors ligne) un message qui dit " ta tof fait quoi sur ce site " et envoie un lien que j'ai moi même appuyé : " http://msn-albums.isuisse/***", *** étant l'adresse msn du contact. Toutes les conversations des contacts en ligne apparaissent puis disparaissent, je ne vois pas les messages que j'envoie: les conversations disparaissent et je vois seulement que je leur ai envoyé ce site et ce message lorsque je regarde mes archives de conversation.

Reposte un rapport Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:14:33, on 2008-3-7
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\conime.exe
D:\WINDOWS\system32\WgaTray.exe
D:\WINDOWS\system32\notepad.exe
D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
D:\Program Files\QuickTime\QTTask.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Veoh Networks\Veoh\VeohClient.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\Boonty\BoontyBox\BoontyBox.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\internet explorer\iexplore.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\DOCUME~1\hf\LOCALS~1\Temp\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMSCMig] D:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [JavaCore] D:\Program Files\\JavaCore\\JavaCore.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [NoDNS] D:\Program Files\\NoDNS\\NoDNS.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [WinTouch] D:\Documents and Settings\hf\Application Data\WinTouch\WinTouch.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BoontyBox 01net.lnk = D:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://D:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?ce41d98651414db38d54bd4aacd74ba8
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://D:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?ce41d98651414db38d54bd4aacd74ba8
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls....
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Boonty Games - BOONTY - D:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7525 bytes

Re,

Fix la ligne dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES

Ca ne marche pas: je fais "fix checked" avec le "F2-..." mais quand je refais le scan c'est toujours présent.

Ok. Refais un scan, Combofix.

Voilà:

ComboFix 08-03-04.3 - hf 2008-03-07 19:40:28.15 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.936.1.2052.18.102 [GMT 1:00]
Endroit: D:\Documents and Settings\hf\bureau\ComboFix.exe
.

(((((((((((((((((((((((((((( 2008-02-07 - 2008-03-07 )))))))))))))))))))))))))))))))))
.

2008-03-07 00:18 . 2008-03-07 00:18 244 --ah----- D:\sqmnoopt03.sqm
2008-03-07 00:18 . 2008-03-07 00:18 232 --ah----- D:\sqmdata03.sqm
2008-03-06 23:22 . 2008-03-06 23:22 <DIR> d-------- D:\Documents and Settings\hf\Application Data\Gamelab
2008-03-05 23:22 . 2008-03-05 23:22 244 --ah----- D:\sqmnoopt02.sqm
2008-03-05 23:22 . 2008-03-05 23:22 232 --ah----- D:\sqmdata02.sqm
2008-03-05 18:37 . 2008-03-05 18:37 244 --ah----- D:\sqmnoopt01.sqm
2008-03-05 18:37 . 2008-03-05 18:37 232 --ah----- D:\sqmdata01.sqm
2008-03-05 14:22 . 2008-03-05 14:22 9,662 --a------ D:\WINDOWS\system32\ZoneAlarmIconFR.ico
2008-03-05 14:12 . 2008-03-05 14:12 <DIR> d-------- D:\Program Files\Common Files\Аdobe
2008-03-05 13:57 . 2008-03-05 13:57 <DIR> d-------- D:\Program Files\nvcoi
2008-03-04 13:38 . 2008-03-04 21:08 <DIR> d-------- D:\Program Files\Trend Micro
2008-03-03 22:43 . 2008-03-03 22:43 <DIR> d-------- D:\Program Files\Avira
2008-03-03 22:43 . 2008-03-03 22:43 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Avira
2008-03-03 21:56 . 2008-03-03 21:56 244 --ah----- D:\sqmnoopt00.sqm
2008-03-03 21:56 . 2008-03-03 21:56 232 --ah----- D:\sqmdata00.sqm
2008-03-03 18:28 . 2008-03-04 20:55 <DIR> d-------- D:\ComboFix[1]
2008-02-16 20:58 . 2008-02-16 20:58 <DIR> d-------- D:\Documents and Settings\hf\Application Data\DivX

.
(((((((((((((((((((((((((((((((((((( Compte-rendu )))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-07 14:05 --------- d-----w D:\Program Files\Gamenext
2008-03-07 14:04 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-03-07 10:11 --------- d-----w D:\Program Files\MSN Games
2008-03-05 13:12 --------- d-----w D:\Program Files\Common Files\Аdobe
2008-02-25 18:58 --------- d-----w D:\Program Files\Windows Live Safety Center
2008-02-16 17:48 --------- d-----w D:\Program Files\DivX
2008-02-16 17:06 --------- d-----w D:\Program Files\Windows Live Toolbar
2008-02-14 14:56 --------- d-----w D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-20 10:11 --------- d-----w D:\Documents and Settings\All Users\Application Data\Oberon Games
2007-12-07 01:06 644,608 ----a-w D:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-03-04_20.55.04.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-03 20:56:39 16,384 ----a-w D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-03-06 23:18:08 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-03-03 20:56:39 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-06 23:18:08 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-05 12:57:49 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008030520080306\index.dat
+ 2008-03-05 12:57:25 76,286 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C70TQRQD\filters[1].bin
+ 2008-03-05 12:57:25 54,999 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IDG92PSH\parameters[1].bin
- 2008-03-03 20:56:39 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-06 23:18:08 49,152 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-05 12:59:35 78,924 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\PhishingFilter\45E13EC5-3DB7-4B3D-9F80-073A58AB5E82.dat
.
(((((((((((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-17 13:00 15360]
"msnmsgr"="D:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 05:55 5674352]
"Veoh"="D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-11-01 06:22 3317760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMSCMig"="D:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [2003-07-14 15:57 13368]
"PCSuiteTrayApplication"="D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 08:10 271360]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2007-06-28 23:24 286720]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 07:42 267064]
"avgnt"="D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-03 22:46 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 13:00 15360]
"Nokia.PCSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 03:17 1241088]
"msnmsgr"="D:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 05:55 5674352]
"JavaCore"="D:\Program Files\\JavaCore\\JavaCore.exe" [ ]
"NoDNS"="D:\Program Files\\NoDNS\\NoDNS.exe" [ ]
"WinTouch"="D:\Documents and Settings\hf\Application Data\WinTouch\WinTouch.exe" [ ]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"D:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Program Files\\Shareaza\\Shareaza.exe"=
"D:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"D:\\DOCUME~1\\hf\\LOCALS~1\\Temp\\services.exe"=

R3 LucentSoftModem;Lucent Technologies Soft Modem;D:\WINDOWS\system32\DRIVERS\LTSM.sys [2002-03-29 15:34]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);D:\WINDOWS\system32\drivers\sis7012.sys [2002-03-28 11:08]
R3 SNPHV71;PC Camera (602a VGA);D:\WINDOWS\system32\DRIVERS\snphv71.sys [2003-04-17 08:28]
S3 Boonty Games;Boonty Games;"D:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2006-06-27 03:57]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffb7756d-7a33-11dc-9e06-00e018784912}]
\Shell\1\Command - H:\autorun.pif
\Shell\2\Command - H:\autorun.pif
\Shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif

.
Contenu du dossier
"2008-03-01 19:31:02 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-07 18:24:02 D:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- D:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-07 19:44:39
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

? [3528]

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

D:\WINDOWS\system32\real.txt 0 bytes

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-07 19:46:17
ComboFix-quarantined-files.txt 2008-03-07 18:45:48
ComboFix2.txt 2008-03-06 20:50:19
ComboFix3.txt 2008-03-06 17:40:05
ComboFix4.txt 2008-03-06 13:17:44
ComboFix5.txt 2008-03-05 12:49:55
.
2007-03-03 12:55:05 --- E O F ---

Re,

Fix la ligne dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES



Supprime ce dossier :
D:\Documents and Settings\hf\Application Data\WinTouch

Ensuite?

Reposte un rapport Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:24:40, on 2008-3-7
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
D:\Program Files\QuickTime\QTTask.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Veoh Networks\Veoh\VeohClient.exe
D:\WINDOWS\system32\WgaTray.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\Boonty\BoontyBox\BoontyBox.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\internet explorer\iexplore.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\DOCUME~1\hf\LOCALS~1\Temp\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMSCMig] D:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Flash Media] D:\DOCUME~1\hf\LOCALS~1\Temp\services.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [JavaCore] D:\Program Files\\JavaCore\\JavaCore.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [NoDNS] D:\Program Files\\NoDNS\\NoDNS.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BoontyBox 01net.lnk = D:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://D:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?ce41d98651414db38d54bd4aacd74ba8
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://D:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?ce41d98651414db38d54bd4aacd74ba8
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls....
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Boonty Games - BOONTY - D:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Tu peux désinstaller NoDNS ?

Oui, c'est fait.

Reposte un rapport Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:11:51, on 2008-3-8
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\WgaTray.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
D:\Program Files\QuickTime\QTTask.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Veoh Networks\Veoh\VeohClient.exe
D:\Program Files\Boonty\BoontyBox\BoontyBox.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\internet explorer\iexplore.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\iTunes\iTunes.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\DOCUME~1\hf\LOCALS~1\Temp\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMSCMig] D:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Flash Media] D:\DOCUME~1\hf\LOCALS~1\Temp\services.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [JavaCore] D:\Program Files\\JavaCore\\JavaCore.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BoontyBox 01net.lnk = D:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://D:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?ce41d98651414db38d54bd4aacd74ba8
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://D:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?ce41d98651414db38d54bd4aacd74ba8
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls....
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Boonty Games - BOONTY - D:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7481 bytes

Re,

Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES



&

Fais un scan en ligne Kaspersky avec Internet Explorer :

Clique sur

Clique maintenant sur J'accepte.

Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.

Patiente pendant l'installation des Mises à jour.

Choisis par la suite l'analyse du Poste de travail

Sauvegarde puis colle le rapport généré en fin d'analyse.

AIDE : Tuto sur le scan en ligne

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.