pc tres tres lent - Sécurité - Virus
  

FORUM Infos-du-Net

»

Sécurité - Virus

»

pc tres tres lent

 
 


Sujet auquel vous répondez
Sujet : pc tres tres lent
nezdanslabulle bonjour, ben voila des p'tit souci sur mon pc :
- quand je lance wanadoo, impossible de se connecter, il me dit qu'il ne trouve pas tous les composants, je ferme et je reouvre et ca marche
- mon pc est devenu tres tres lent
il est a noter que j'ais été infecté recemment par le virus msn, j'avais avast, j'ais lus le forum et apres j'ais viré avast et pris kaspersky eval
voici le rapport hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:58:16, on 17/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [MessengerPlus3] "\" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [0G92U7F46J] C:\WINDOWS\service32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Internet Radio by Endicosoft.com - {1F958B09-3312-7f0e-9723-4C1324C57B20} - C:\Program Files\Internet Radio\Radio.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/ [...] cfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28B0656F-C548-4846-A0CA-DD87F144CC30}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{28B0656F-C548-4846-A0CA-DD87F144CC30}: NameServer = 80.10.246.130 80.10.246.3
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 9159 bytes

Votre réponse
Nom d'utilisateur    Pour poster, vous devez être inscrit sur ce forum .... si ce n'est pas le cas, cliquez ici !
Le ton de votre message                        
                       
Votre réponse


Smilies
 
:pfff:
:ange:
:non:
:bounce:
:)
:(
:D
;)
:ouch:
:o
:??:
:p
:na:
:sarcastic:
:fou:
:pt1cable:
:lol:
:wahoo:
:kaola:
:love:
:heink:
:cry:
:whistle:
:sol:
:sleep:
:sweat:
:hello:
 

Liste des smilies perso
[b][i][u][strike][spoiler][fixed][cpp][url][email][img][flash]Insérer un code de video fourni[*]  
 
   [quote]
 
Options

 
Vous avez perdu votre mot de passe ?


Vue Rapide de la discussion
chercheur_ Bonjour

Supprime
C:\qoobox
Combofix
MSNFix


Télécharge CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le.
Décoche pendant l'installation
--- les deux cases "Ajouter l'option ... "
--- Contrôler les mises à jour
--- Ajouter la Barre d'Outils Yahoo! CCleaner

Clique sur Options, Avancé et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".
Ne touche pas aux autres réglages.

Lance le nettoyage.


As tu encore des dysfonctionnements ?
nezdanslabulle et voili le rapport
Full scan: Searching for all malicious software
Scanning
Searching 2,127,305 viruses, spyware, Trojans and other threats. It also uses heuristic technologies to detect unknown viruses.

100%


Item in progress:
Items scanned:
364370

Items with viruses, spyware, Trojans... detected:
18

Suspicious files detected:
0

Results
PC infected
11 examples of less dangerous malicious software.
We detected that Kaspersky Internet Security is enabled and up-to-date.
El texto que corresponda en cada momento
After completely scanning your PC, we have not detected any ACTIVE or LATENT malicious software.
Become a TotalScan Pro member
Includes disinfection!

< Back to home


Scan details
High danger level (0)

Medium danger level (2)
Trj/Downloader... Virus Latent Show + Info
C:\Documents and Settings...ent\Cdacache\00\00\16.dat
Rootkit/Agent.... Hack Tool Latent Show + Info
C:\qoobox\Quarantine\catc...9_235827.84.zip[xpdx.sys]

Low danger level (9)
Application/Ni... Tracking Application Latent Show + Info
C:\System Volume Informat...0AF75}\RP880\A0133730.exe
C:\Documents and Settings...\ComboFix.exe[nircmd.exe]
C:\System Volume Informat...0AF75}\RP880\A0133658.exe
C:\WINDOWS\NirCmd.exe
C:\System Volume Informat...0AF75}\RP881\A0133806.exe
Cookie/Atlas D... Tracking Cookie Latent Show + Info
C:\Documents and Settings...propriétaire@atdmt[2].txt
Generic Malwar... Virus Latent Show + Info
C:\WINDOWS\wt\wtupdates\w...es\3.3.1.001\npwthost.dll
HackTool/EvID Hack Tool Latent Show + Info
C:\System Volume Informat...07.exe[EvID4226Patch.exe]
Cookie/Weboram... Tracking Cookie Latent Show + Info
C:\Documents and Settings...priétaire@weborama[2].txt
dialer.cn Dialer Latent Show + Info
HKEY_CURRENT_USER\Softwar...c-4309-adfa-c8e078a7f762}
Application/Ki... Tracking Application Latent Show + Info
C:\hp\bin\KillIt.exe
Application/Pr... Tracking Application Latent Show + Info
C:\Documents and Settings...[MSNFix/incl/Process.exe]
C:\Documents and Settings...s\MSNFix\incl\Process.exe
C:\System Volume Informat...0AF75}\RP880\A0133619.exe
Cookie/Xiti Tracking Cookie Latent Show + Info
C:\Documents and Settings...\propriétaire@xiti[1].txt
C:\Documents and Settings...\propriétaire@xiti[2].txt

<<
1
2
3
4
5
>>

Suspicious files (3)

<<
1
2
3
4
5
>>
chercheur_ Bien.

Fais une analyse antivirus en ligne sur Panda
http://www.pandasoftware.com/activ [...] ncipal.htm

Colle son rapport ici.
nezdanslabulle et voili
ComboFix 07-09-18.4 - "Propri‚taire" 2007-09-21 18:48:42.2 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.63 [GMT 2:00]
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2007-08-21 to 2007-09-21 ))))))))))))))))))))))))))))))))))))
.

2007-09-19 23:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-17 19:01 <REP> d-------- C:\Program Files\Trend Micro
2007-09-10 17:44 <REP> d-------- C:\Program Files\Windows Live
2007-09-10 17:44 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-09-04 18:54 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-09-04 18:54 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-09-04 18:52 4,815,136 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-04 18:52 158,752 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-09-04 18:52 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-09-04 18:52 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-09-04 18:50 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
2007-09-02 20:22 <REP> d-------- C:\WINDOWS\McAfee.com
2007-09-02 18:23 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-09-02 13:00 <REP> d-------- C:\DOCUME~1\LOCALS~1\Bureau
2007-09-02 12:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-08-30 20:36 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-30 18:14 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-29 17:27 <REP> d-------- C:\DOCUME~1\PROPRI~1\.housecall6.6
2007-08-25 11:32 <REP> d-------- C:\Program Files\CCleaner

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-21 18:32 --------- d-------- C:\Program Files\Wanadoo
2007-09-20 22:24 64364 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-20 22:24 15572 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-09-20 18:38 --------- d-------- C:\Program Files\Easy Internet signup
2007-09-15 17:52 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-09-10 17:44 --------- d-------- C:\Program Files\MSN Messenger
2007-08-19 17:02 11518 --a------ C:\DOCUME~1\PROPRI~1\wmlmar.exe
2007-08-18 19:50 --------- d-------- C:\Program Files\EIDOS Interactive
2007-08-18 18:41 --------- d-------- C:\Program Files\Harmotion
2006-01-28 20:01 172 --a--c--- C:\DOCUME~1\PROPRI~1\SCRBuilder_uninst.bat
2006-01-21 21:31 774144 --a------ C:\Program Files\RngInterstitial.dll
2004-12-06 17:19:02 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 04:23]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 04:16]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 09:01]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2003-11-03 17:50]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-12 20:13]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-12-05 20:50]
"nwiz"="nwiz.exe" [2003-12-05 20:50 C:\WINDOWS\system32\nwiz.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 21:35 C:\WINDOWS\ALCXMNTR.EXE]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2004-05-13 09:28]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-05-13 09:28]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 18:36]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2004-05-13 09:28]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-03-22 18:32]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 11:54]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 11:00]
"Acme.PCHButton"="C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe" [2004-01-01 12:42]
"MessengerPlus3"="\ /WinStart" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]

C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 13:19:24]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoFavoritesMenu"=0 (0x0)
"NoSMMyDocs"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoStartMenuMyMusic"=0 (0x0)
"NoRecentDocsHistory"=1 (0x1)
"NoRecentDocsNetHood"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoInstrumentation"=0 (0x0)
"NoSimpleStartMenu"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoFavoritesMenu"=0 (0x0)
"NoSMMyDocs"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoStartMenuMyMusic"=0 (0x0)
"NoRecentDocsHistory"=1 (0x1)
"NoRecentDocsNetHood"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoUserNameInStartMenu"=1 (0x1)
"NoInstrumentation"=0 (0x0)
"NoStartMenuPinnedList"=0 (0x0)
"ForceStartMenuLogoff"=0 (0x0)
"NoSharedDocuments"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= :\WINDOWS\syste

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe -k NetworkService
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 Devx;Devx;C:\WINDOWS\system32\drivers\Devx.sys
S3 driverhardwarev2;driverhardwarev2;\??\C:\Program Files\HardwareDetection\driverhardwarev2.sys
S3 DSDrv4;DSDrv4;\??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys
S3 SANDRA;SANDRA;\??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Sandra.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 VtPr;VtPr;C:\WINDOWS\system32\drivers\VtPr.sys

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-03-21 19:18:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-17 20:29:02 C:\WINDOWS\Tasks\avast! Antivirus.job"
- C:\PROGRA~1\ALWILS~1\Avast4\ashAvast.exe
"2007-09-20 16:38:15 C:\WINDOWS\Tasks\Connexion Facile à Internet.job"
"2007-09-14 15:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-21 19:20:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-21 19:22:55
C:\ComboFix-quarantined-files.txt ... 2007-09-21 19:22
C:\ComboFix2.txt ... 2007-09-20 00:05
.
--- E O F ---
chercheur_ Re


Copie (Ctrl+C) le texte ci-dessous :

File::
C:\Documents and Settings\Propriétaire\wmlmar.exe
C:\WINDOWS\service32.exe

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt

http://img.photobucket.com/albums/ [...] Script.gif

Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
nezdanslabulle voici le rapport de combofix
ComboFix 07-09-18.4 - "Propri‚taire" 2007-09-19 23:06:57.1 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.32 [GMT 2:00]
Le temps d'ex‚cution du script a ‚t‚ d‚pass‚ pour le script "C:\ComboFix\restore_pt.vbs".
L'ex‚cution du script a pris fin.
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\bdir
C:\WINDOWS\bdir\ffmiu\D-Chess INetBlit v2.1.zip
C:\WINDOWS\bdir\ffmiu\D-DISK v1.0.zip
C:\WINDOWS\bdir\ffmiu\Db-audioware DirectX Plugin Pack v1.04.zip
C:\WINDOWS\bdir\ffmiu\dB-audioware DirectX Plugin Pack v1.1.1.0.zip
C:\WINDOWS\bdir\ffmiu\DB-HTML Converter Pro v1.4 NEW.zip
C:\WINDOWS\bdir\ffmiu\DB-HTML Converter PRO v1.4.zip
C:\WINDOWS\bdir\ffmiu\DB-Tool v2.0.1.112.zip
C:\WINDOWS\bdir\ffmiu\dbAssist 2000 v6 build 1.zip
C:\WINDOWS\bdir\ffmiu\dbAssist 6.1a.zip
C:\WINDOWS\bdir\ffmiu\DBAssist XP v2.04.zip
C:\WINDOWS\bdir\ffmiu\DBAssistant 1.3.05.zip
C:\WINDOWS\bdir\ffmiu\DBCleaner for Palm OS.zip
C:\WINDOWS\bdir\ffmiu\DBCompare 1.0.16.zip
C:\WINDOWS\bdir\ffmiu\dbCOPY v1.5.5.zip
C:\WINDOWS\bdir\ffmiu\DBeMailer Pro v2.0.10.zip
C:\WINDOWS\bdir\ffmiu\dbETEX v1.00.zip
C:\WINDOWS\bdir\ffmiu\DBExplorer v2.2.1.zip
C:\WINDOWS\bdir\ffmiu\DBF Manager v1.16 build 129.zip
C:\WINDOWS\bdir\ffmiu\DBF Manager v1.16.129.zip
C:\WINDOWS\bdir\ffmiu\DBF Viewer PRO v4.0.1.83.zip
C:\WINDOWS\bdir\ffmiu\dbFUtils 1.0.9.zip
C:\WINDOWS\bdir\ffmiu\DBFView 1.04.zip
C:\WINDOWS\bdir\ffmiu\DBFView v2.03.zip
C:\WINDOWS\bdir\ffmiu\DBFViewer 2000 v1.0.zip
C:\WINDOWS\bdir\ffmiu\DBFViewer 2000 v1.22.zip
C:\WINDOWS\bdir\ffmiu\DBFViewer 2000 v1.27.zip
C:\WINDOWS\bdir\ffmiu\DBFViewer 2000 v1.35.zip
C:\WINDOWS\bdir\ffmiu\DBFViewer 2000 v1.81.zip
C:\WINDOWS\bdir\ffmiu\DBFViewer 2000 v1.89.zip
C:\WINDOWS\bdir\ffmiu\DBFViewer PRO Edition v3.23.zip
C:\WINDOWS\bdir\ffmiu\DBI Tech Calendar Tools v2.0.zip
C:\WINDOWS\bdir\ffmiu\DBI Tech Solutions Schedule v3.5.zip
C:\WINDOWS\bdir\ffmiu\DBiff 1.2.zip
C:\WINDOWS\bdir\ffmiu\DBISAM CLX v4.08 for Kylix v2.3.zip
C:\WINDOWS\bdir\ffmiu\DBISAM Manager Professional v1.6.0.1.zip
C:\WINDOWS\bdir\ffmiu\DBISAM ODBC v4.08.zip
C:\WINDOWS\bdir\ffmiu\DBisam v3.02.zip
C:\WINDOWS\bdir\ffmiu\DBisam v3.03 for Delphi 5, 6 and C++ Builder 5.zip
C:\WINDOWS\bdir\ffmiu\DBisam v3.26 for Delphi 5.zip
C:\WINDOWS\bdir\ffmiu\DBISAM VCL v4.08 for Delphi v5 - 6 - 7 BCB v5 - 6.zip
C:\WINDOWS\bdir\ffmiu\DBKONTO 2.0.4.28.zip
C:\WINDOWS\bdir\ffmiu\DBKONTO 2.0.4.zip
C:\WINDOWS\bdir\ffmiu\DBL Fahrtenbuch v1.0 German.zip
C:\WINDOWS\bdir\ffmiu\DbLockdown v1.0 Enterprise Edition.zip
C:\WINDOWS\bdir\ffmiu\dbMail 1.37.zip
C:\WINDOWS\bdir\ffmiu\dBOrganiser 4.1.172.zip
C:\WINDOWS\bdir\ffmiu\dBpowerAMP Music Converter v9a Crack.zip
C:\WINDOWS\bdir\ffmiu\dBpowerAMP Music Converter v9a Reset.zip
C:\WINDOWS\bdir\ffmiu\dBPowerAMP PowerPack.zip
C:\WINDOWS\bdir\ffmiu\dBPowerAmp rel. 10.1 with PowerPack rel. 3.zip
C:\WINDOWS\bdir\ffmiu\DBPROFI 1.0.zip
C:\WINDOWS\bdir\ffmiu\DBPROFI 1.2.0.64 German.zip
C:\WINDOWS\bdir\ffmiu\DBPROFI 1.2.0.75.zip
C:\WINDOWS\bdir\ffmiu\DBPut Pro v2.x Generic.zip
C:\WINDOWS\bdir\ffmiu\dbQwikEdit Pro v2.1 by LasH.zip
C:\WINDOWS\bdir\ffmiu\dbQwikEdit Pro v2.1.2.731 by LasH.zip
C:\WINDOWS\bdir\ffmiu\dbQwikEdit Pro v2.5.9.91.zip
C:\WINDOWS\bdir\ffmiu\DBQwikEdit Pro v2.5.9.92.zip
C:\WINDOWS\bdir\ffmiu\dBQwikSite Pro Plus v2.5.3.2.zip
C:\WINDOWS\bdir\ffmiu\DBQwikSite Pro Plus v2.5.3.3.zip
C:\WINDOWS\bdir\ffmiu\dbQwikSite Pro Plus v2.5.3.5.zip
C:\WINDOWS\bdir\ffmiu\DBReader v1.8 by Again.zip
C:\WINDOWS\bdir\ffmiu\DBReader v1.8 by FFF.zip
C:\WINDOWS\bdir\ffmiu\DbTools 1.00a.zip
C:\WINDOWS\bdir\ffmiu\DbTools for Oracle v4.0.zip
C:\WINDOWS\bdir\ffmiu\DBtoVB Wizard 1.1.06.zip
C:\WINDOWS\bdir\ffmiu\DBtoWEB 1.4a for Office 2000.zip
C:\WINDOWS\bdir\ffmiu\DBtoWEB 1.4a for Office 9x.zip
C:\WINDOWS\bdir\ffmiu\DBtoWEB 1.4b.zip
C:\WINDOWS\bdir\ffmiu\DBViewerPlus v2.5.zip
C:\WINDOWS\bdir\ffmiu\DBX Commander v1.40.zip
C:\WINDOWS\bdir\ffmiu\DC-Art Millenium v4.82.zip
C:\WINDOWS\bdir\ffmiu\DC-Art Millennium v4.82 by Desperate.zip
C:\WINDOWS\bdir\ffmiu\DC-Art Millennium v4.82.zip
C:\WINDOWS\bdir\ffmiu\DC-Art32 v4.01.zip
C:\WINDOWS\bdir\ffmiu\DC Circuits Challenge 2001 Edition.zip
C:\WINDOWS\bdir\ffmiu\dccAssist v1.72.zip
C:\WINDOWS\bdir\ffmiu\DCD VB5 CrackMe v1.0.zip
C:\WINDOWS\bdir\ffmiu\DCmagic v2.07.zip
C:\WINDOWS\bdir\ffmiu\Dcontrol v1.00.zip
C:\WINDOWS\bdir\ffmiu\DCS-DVD Copy Suite v1.12.001.zip
C:\WINDOWS\bdir\ffmiu\DCS-DVD Copy Suite v1.12.zip
C:\WINDOWS\bdir\ffmiu\DCS DVD Copy Suite v1.10.004 by Core.zip
C:\WINDOWS\bdir\ffmiu\DCS DVD Copy Suite v1.10.004 by Heretic.zip
C:\WINDOWS\bdir\ffmiu\DCS DVD Copy Suite v1.11.001.zip
C:\WINDOWS\bdir\ffmiu\DCS DVD Copy Suite v1.12.001.zip
C:\WINDOWS\bdir\ffmiu\DCS IPTracker v1.0.zip
C:\WINDOWS\bdir\ffmiu\DCSoft CDRCue 2004.zip
C:\WINDOWS\bdir\ffmiu\DCSoft CDRCue v2004.0.0.1001.zip
C:\WINDOWS\bdir\ffmiu\DCT4 Code Calculator by Cybergsm v2.0.zip
C:\WINDOWS\bdir\ffmiu\DDBPlayer v3.9.4.zip
C:\WINDOWS\bdir\ffmiu\DDClient 3.zip
C:\WINDOWS\bdir\ffmiu\DDClip Pro 3.01.zip
C:\WINDOWS\bdir\ffmiu\DDD Pool v1.01 RA.zip
C:\WINDOWS\bdir\ffmiu\DDEChartUpdater v1.0.zip
C:\WINDOWS\bdir\ffmiu\DDEChartUpdater v1.2 by AGAiN.zip
C:\WINDOWS\bdir\ffmiu\DDEChartUpdater v1.2 by FFF.zip
C:\WINDOWS\bdir\ffmiu\DDEChartUpdater v1.2.zip
C:\WINDOWS\bdir\ffmiu\DDEChartUpdater v1.3 by AGAiN.zip
C:\WINDOWS\bdir\ffmiu\DDEChartUpdater v1.3 by Infected.zip
C:\WINDOWS\bdir\ffmiu\DDF Editor v2.00.2.1 by TSRH.zip
C:\WINDOWS\bdir\ffmiu\DDF Editor v2.00.2.1.zip
C:\WINDOWS\bdir\ffmiu\DDFileCatcher v1.03.zip
C:\WINDOWS\bdir\ffmiu\DDFileCatcher v1.04.zip
C:\WINDOWS\bdir\ffmiu\DDG BlackJack v1.0.zip
C:\WINDOWS\bdir\ffmiu\Dead AIM v4.5.zip
C:\WINDOWS\bdir\ffmiu\Dead Man's Hand v1.0 French.zip
C:\WINDOWS\bdir\ffmiu\DeadAIM 4 Keygen.zip
C:\WINDOWS\bdir\ffmiu\DeadAIM All Versions.zip
C:\WINDOWS\bdir\ffmiu\DeadAIM v4.0 Keygen.zip
C:\WINDOWS\bdir\ffmiu\DeadAim v4.1.zip
C:\WINDOWS\bdir\ffmiu\DeadAIM v4.5 by SirOcelot.zip
C:\WINDOWS\bdir\ffmiu\DeadAIM v4.5 by SND.zip
C:\WINDOWS\bdir\ffmiu\DeadAIM v4.5.zip
C:\WINDOWS\bdir\ffmiu\Deadly Dozen 2 Pacific Theater No-CD.zip
C:\WINDOWS\bdir\ffmiu\Deadly Dozen 2 Pacific Theater v2.20.zip
C:\WINDOWS\bdir\ffmiu\Deathkarz No-CD Crack.zip
C:\WINDOWS\bdir\ffmiu\Debarrelizer v1.1 for Adobe Photoshop.zip
C:\WINDOWS\bdir\ffmiu\DebitPro v1.2.zip
C:\WINDOWS\bdir\ffmiu\DeBoard 1.6.1.981 Keygen.zip
C:\WINDOWS\bdir\ffmiu\DeBoard 1.6.1.981 Serial.zip
C:\WINDOWS\bdir\ffmiu\DeBoard 1.9.0.1090.zip
C:\WINDOWS\bdir\ffmiu\Debt Blaster 3.0.zip
C:\WINDOWS\bdir\ffmiu\Debt Minder v1.8.0.zip
C:\WINDOWS\bdir\ffmiu\Debt Minder v1.8.7.zip
C:\WINDOWS\bdir\ffmiu\Debt Minder v1.9.0.zip
C:\WINDOWS\bdir\ffmiu\Debt Minder v1.9.3.zip
C:\WINDOWS\bdir\ffmiu\DebugDelphi v1.0 by DBC.zip
C:\WINDOWS\bdir\ffmiu\DebugDelphi v1.0 by Embrace.zip
C:\WINDOWS\bdir\ffmiu\DebugDelphi v1.1 by Desperate.zip
C:\WINDOWS\bdir\ffmiu\DebugDelphi v1.1 by Embrace.zip
C:\WINDOWS\bdir\ffmiu\DebugDelphi v1.1 by TC.zip
C:\WINDOWS\bdir\ffmiu\Decafe Pro v3.6.zip
C:\WINDOWS\bdir\ffmiu\Decart - Gensoft MoneyWorks v1.0.zip
C:\WINDOWS\bdir\ffmiu\DecCP3 v1.0.zip
C:\WINDOWS\bdir\ffmiu\DecCP3 v3.0.zip
C:\WINDOWS\bdir\ffmiu\DecCP3 v3.2 by ShmeitCorp.zip
C:\WINDOWS\bdir\ffmiu\DecCP3 v3.2 French by MaTHieU.zip
C:\WINDOWS\bdir\ffmiu\Decimator 1.0.zip
C:\WINDOWS\bdir\ffmiu\DecisionPro Developer v4.0.23.zip
C:\WINDOWS\bdir\ffmiu\DecisionPro v4.0.22.zip
C:\WINDOWS\bdir\ffmiu\DecJPG v1.0 Crack.zip
C:\WINDOWS\bdir\ffmiu\DecJPG v1.0 Patch.zip
C:\WINDOWS\bdir\ffmiu\Declan's Chinese Dictionary v1.0.2114.zip
C:\WINDOWS\bdir\ffmiu\Declan's Japanese Dictionary v1.0.2115.zip
C:\WINDOWS\bdir\ffmiu\Declan's Korean Dictionary.zip
C:\WINDOWS\bdir\ffmiu\Declan's Korean Flashcard.zip
C:\WINDOWS\bdir\ffmiu\Declan's ReadWrite Chinese-Simplified v1.0.194.zip
C:\WINDOWS\bdir\ffmiu\Declan's ReadWrite Hiragana v1.0.1045.zip
C:\WINDOWS\bdir\ffmiu\Declan's ReadWrite Kanji v1.1.198.zip
C:\WINDOWS\bdir\ffmiu\Declan's ReadWrite Korean v2.1.1039.zip
C:\WINDOWS\bdir\ffmiu\Declans Korean Dictionary v1.0 XScale WM2003.zip
C:\WINDOWS\bdir\ffmiu\DECLSX v2.1.zip
C:\WINDOWS\bdir\ffmiu\Decoder 2.1.1.zip
C:\WINDOWS\bdir\ffmiu\Decomposer v5.0.0.zip
C:\WINDOWS\bdir\ffmiu\Decorative and Ceramics Collector Software v2.46.zip
C:\WINDOWS\bdir\ffmiu\Decoz Master Numerology Program v6.0.zip
C:\WINDOWS\bdir\ffmiu\Decoz Master Numerology Program v6.1.zip
C:\WINDOWS\bdir\ffmiu\Decoz Master Numerology Program v6.2.zip
C:\WINDOWS\bdir\ffmiu\Decoz Master Numerology Program v7.0.zip
C:\WINDOWS\bdir\ffmiu\Decrypter for yoda's Crypter 1.2 by AmoK.zip
C:\WINDOWS\bdir\ffmiu\Deductus v1.0 by DBC.zip
C:\WINDOWS\bdir\ffmiu\Deductus v1.0 by FHCF.zip
C:\WINDOWS\bdir\ffmiu\Deductus v1.06 build 36.zip
C:\WINDOWS\bdir\ffmiu\Deductus v1.3.zip
C:\WINDOWS\bdir\ffmiu\Deductus v1.42 build 166.zip
C:\WINDOWS\bdir\ffmiu\Deductus v1.43 build 171.zip
C:\WINDOWS\bdir\ffmiu\Deductus v1.47 build 190.zip
C:\WINDOWS\bdir\ffmiu\Deductus v1.6 build 261.zip
C:\WINDOWS\bdir\ffmiu\Dedupe 3.6 Fixed.zip
C:\WINDOWS\bdir\ffmiu\DeDupe v1.6.3.zip
C:\WINDOWS\bdir\ffmiu\DeDupe v1.6.4.zip
C:\WINDOWS\bdir\ffmiu\DeDupe v1.6.zip
C:\WINDOWS\bdir\ffmiu\Dee2 Plugin for Sonique v1.xx v2.20.10600.zip
C:\WINDOWS\bdir\ffmiu\Dee2 v2.2 build 10600.zip
C:\WINDOWS\bdir\ffmiu\DeeJay 3.0.zip
C:\WINDOWS\bdir\ffmiu\DeEnesse 2.11.zip
C:\WINDOWS\bdir\ffmiu\DeEnesse v2.13 by TSRH.zip
C:\WINDOWS\bdir\ffmiu\Deep Analysis Multilingual v1.9.0.zip
C:\WINDOWS\bdir\ffmiu\Deep Analysis v1.10.6.zip
C:\WINDOWS\bdir\ffmiu\Deep Analysis v1.8.21.zip
C:\WINDOWS\bdir\ffmiu\Deep Destroyer v1.22.zip
C:\WINDOWS\bdir\ffmiu\Deep Exploration v2.1.10.1214.zip
C:\WINDOWS\bdir\ffmiu\Deep Finesse 1.6.zip
C:\WINDOWS\bdir\ffmiu\Deep Freeze Standard v5.20 Trial.zip
C:\WINDOWS\bdir\ffmiu\Deep Freeze v3.20.zip
C:\WINDOWS\bdir\ffmiu\Deep Freeze v3.30 v3.xx.zip
C:\WINDOWS\bdir\ffmiu\Deep Green Reversi v4.3.1.zip
C:\WINDOWS\bdir\ffmiu\Deep Green Reversi v4.3.2.zip
C:\WINDOWS\bdir\ffmiu\Deep Green Reversi v4.3.5.zip
C:\WINDOWS\bdir\ffmiu\Deep Green Reversi v4.3.7.zip
C:\WINDOWS\bdir\ffmiu\Deep Green Reversi v4.4.1.zip
C:\WINDOWS\bdir\ffmiu\Deep Green Reversi v4.4.2.zip
C:\WINDOWS\bdir\ffmiu\Deep Green Reversi v4.4.3.zip
C:\WINDOWS\bdir\ffmiu\Deep Green Reversi v4.5.1.zip
C:\WINDOWS\bdir\ffmiu\Deep Green Reversi v4.5.4.zip
C:\WINDOWS\bdir\ffmiu\Deep Green Reversi v4.6.2 by RP2K.zip
C:\WINDOWS\bdir\ffmiu\Deep Green Reversi v4.6.2.zip
C:\WINDOWS\bdir\ffmiu\Deep Green Reversi v4.7.1 by Laxity.zip
C:\WINDOWS\bdir\ffmiu\Deep Green Reversi v4.7.1 by TNO.zip
C:\WINDOWS\bdir\ffmiu\Deep Green Reversi v4.7.zip
C:\WINDOWS\bdir\ffmiu\Deep Paint 3D 2.zip
C:\WINDOWS\bdir\ffmiu\Deep Sea Adventure v1.0 by CPHV.zip
C:\WINDOWS\bdir\ffmiu\Deep Sea Adventure v1.0 by Pizza.zip
C:\WINDOWS\bdir\ffmiu\Deep Sea Fishing 2 v1.0.zip
C:\WINDOWS\bdir\ffmiu\Deep Six v1.0.zip
C:\WINDOWS\bdir\ffmiu\Deep Snow v1.0 Java.zip
C:\WINDOWS\bdir\ffmiu\Deep Space 9 The Fallen.zip
C:\WINDOWS\bdir\ffmiu\Deep Space ScreenSaver v1.0.zip
C:\WINDOWS\bdir\ffmiu\Deep Space ScreenSaver v2.1.zip
C:\WINDOWS\bdir\ffmiu\Deep UV v1.1.1.4.zip
C:\WINDOWS\bdir\ffmiu\Deep UV v1.2.0.7.zip
C:\WINDOWS\bdir\ffmiu\DeepAnalysis v1.0.3 by RP2K.zip
C:\WINDOWS\bdir\ffmiu\DeepAnalysis v1.0.3 Crack by TSRH.zip
C:\WINDOWS\bdir\ffmiu\DeepAnalysis v1.0.3 Regfile by TSRH.zip
C:\WINDOWS\bdir\ffmiu\DeepAnalysis v1.1.10.7.zip
C:\WINDOWS\bdir\ffmiu\DeepAnalysis v1.1.zip
C:\WINDOWS\bdir\ffmiu\DeepAnalysis v1.10.1.zip
C:\WINDOWS\bdir\ffmiu\DeepAnalysis v1.10.10.zip
C:\WINDOWS\bdir\ffmiu\DeepAnalysis v1.10.11 by Chic.zip
C:\WINDOWS\bdir\ffmiu\DeepAnalysis v1.10.11 by UCF.zip
C:\WINDOWS\bdir\ffmiu\DeepAnalysis v1.10.2.zip
C:\WINDOWS\bdir\ffmiu\DeepAnalysis v1.10.3 by UCF.zip
C:\WINDOWS\bdir\ffmiu\DeepAnalysis v1.10.3.zip
C:\WINDOWS\bdir\ffmiu\DeepAnalysis v1.10.6.zip
C:\WINDOWS\bdir\ffmiu\DeepAnalysis v1.10.9.zip
C:\WINDOWS\bdir\ffmiu\DeepAnalysis v1.10.zip
C:\WINDOWS\bdir\ffmiu\DeepAnalysis v1.2.zip
C:\WINDOWS\bdir\ffmiu\DeepAnalysis v1.3.zip
C:\WINDOWS\bdir\ffmiu\DeepAnalysis v1.5.2.zip
C:\WINDOWS\bdir\ffmiu\DeepAnalysis v1.8.13.zip
C:\WINDOWS\bdir\ffmiu\DeepAnalysis v1.8.22.zip
C:\WINDOWS\bdir\ffmiu\DeepBurner Pro v1.2.5.157.zip
C:\WINDOWS\bdir\ffmiu\DeepFreeze 2000XP Pro v4.2x.xxx.zip
C:\WINDOWS\bdir\ffmiu\DeepFreeze v3.32.000.0541 SE.zip
C:\WINDOWS\bdir\ffmiu\DeepInsight 5.22 Working.zip
C:\WINDOWS\bdir\ffmiu\DeepInsight Professional 2000i.zip
C:\WINDOWS\bdir\ffmiu\DeepInZip 1.6 build 1.6.0.3.zip
C:\WINDOWS\bdir\ffmiu\DeepInZip 1.6 Crack by Eminence.zip
C:\WINDOWS\bdir\ffmiu\DeepInZip 1.6 Crack by EVC.zip
C:\WINDOWS\bdir\ffmiu\DeepInZip 1.6 Keygen.zip
C:\WINDOWS\bdir\ffmiu\DeepInZip 1.6 Serial by Lash.zip
C:\WINDOWS\bdir\ffmiu\DeepInZip 1.6 Serial by TNT.zip
C:\WINDOWS\bdir\ffmiu\DeepSky 2000 v2.1.0.zip
C:\WINDOWS\bdir\ffmiu\DeepSky 2000 v2.1.5.zip
C:\WINDOWS\bdir\ffmiu\DeepSky 2000 v2.5.0.zip
C:\WINDOWS\bdir\ffmiu\DeepSky 2000 v2.5.zip
C:\WINDOWS\bdir\ffmiu\Deer Avenger 4.zip
C:\WINDOWS\bdir\ffmiu\Deer Hunter 2004 v1.1.zip
C:\WINDOWS\bdir\ffmiu\Deer Hunter 3 by FHCF.zip
C:\WINDOWS\bdir\ffmiu\Deer Hunter 4 by FHCF.zip
C:\WINDOWS\bdir\ffmiu\Deer Hunter The 2005 Season v1.2.zip
C:\WINDOWS\bdir\ffmiu\Deer ScreenSaver v2002.01.zip
C:\WINDOWS\bdir\ffmiu\Deer ScreenSaver Volume 1 v5.0.14.zip
C:\WINDOWS\bdir\ffmiu\Deer ScreenSaver Volume 1.zip
C:\WINDOWS\bdir\ffmiu\Deerfield Ambra Firewall v1.0.zip
C:\WINDOWS\bdir\ffmiu\Deerfield AntiVirus for MDaemon v1.1.zip
C:\WINDOWS\bdir\ffmiu\Deerfield MailScan for MDaemon v2.40b.zip
C:\WINDOWS\bdir\ffmiu\Deerfield Personal Firewall v1.0.1 by Period.zip
C:\WINDOWS\bdir\ffmiu\Deerfield Personal Firewall v1.0.10 by Core.zip
C:\WINDOWS\bdir\ffmiu\Deerfield Personal Firewall v1.0.10 by RP2K.zip
C:\WINDOWS\bdir\ffmiu\Deerfield Personal Firewall v1.01 by DBC.zip
C:\WINDOWS\bdir\ffmiu\Deerfield Personal Firewall v3.0.0.0 by Freifall7.zip
C:\WINDOWS\bdir\ffmiu\Deerfield VisNetic Firewall v1.01.zip
C:\WINDOWS\bdir\ffmiu\DeerField Visnetic Firewall v1.1.zip
C:\WINDOWS\bdir\ffmiu\Default Classifier v2.2.zip
C:\WINDOWS\bdir\ffmiu\DefaultPrinter v1.0.zip
C:\WINDOWS\bdir\ffmiu\DefaultPrinter v2.0.zip
C:\WINDOWS\bdir\ffmiu\DefineF 0.87.zip
C:\WINDOWS\bdir\ffmiu\DEFORM-2D v8.1.zip
C:\WINDOWS\bdir\ffmiu\Deformer v2.0 by PC.zip
C:\WINDOWS\bdir\ffmiu\Deformer v2.0 by RP2K.zip
C:\WINDOWS\bdir\ffmiu\Deformer v2.0.zip
C:\WINDOWS\bdir\ffmiu\Defrag Commander Personal Edition.zip
C:\WINDOWS\bdir\ffmiu\Defrag for Windows v2.0.zip
C:\WINDOWS\bdir\ffmiu\Defrag Manager v1.0.zip
C:\WINDOWS\bdir\ffmiu\Defragmenter Pro Plus v1.0.zip
C:\WINDOWS\bdir\ffmiu\Defragmenter Pro Plus v1.2.1 by FFF.zip
C:\WINDOWS\bdir\ffmiu\Defragmenter Pro Plus v1.2.1 by Heritage.zip
C:\WINDOWS\bdir\ffmiu\Defragmenter Pro Plus v1.2.zip
C:\WINDOWS\bdir\ffmiu\Defragmenter Pro Plus v1.3.zip
C:\WINDOWS\bdir\ffmiu\Defragmenter Pro Plus v2.0.zip
C:\WINDOWS\bdir\ffmiu\Defragmenter Pro Plus v2.1.1 by SND.zip
C:\WINDOWS\bdir\ffmiu\Defragmenter Pro Plus v2.1.1.zip
C:\WINDOWS\bdir\ffmiu\Defragmenter Pro Plus v2.1.zip
C:\WINDOWS\bdir\ffmiu\Defragmenter Pro Plus v3.0.0.0.zip
C:\WINDOWS\bdir\ffmiu\Defragmenter Pro Plus v3.0.zip
C:\WINDOWS\bdir\ffmiu\DefragPro v1.0.zip
C:\WINDOWS\bdir\ffmiu\DefragPro v1.1.zip
C:\WINDOWS\bdir\ffmiu\DefragPro v1.21.zip
C:\WINDOWS\bdir\ffmiu\DeHa-Uhr v1.70 German Keygen by DBC.zip
C:\WINDOWS\bdir\ffmiu\DeHa-Uhr v1.70 German Keygen by EViDENCE.zip
C:\WINDOWS\bdir\ffmiu\DeHa-Uhr v1.70 German Keygen by TMG.zip
C:\WINDOWS\bdir\ffmiu\DeHa-Uhr v1.70 German Serial by EViDENCE.zip
C:\WINDOWS\bdir\ffmiu\DeHa-Uhr v1.70 German Serial by UCC.zip
C:\WINDOWS\bdir\ffmiu\DeHa-Uhr v2.0.zip
C:\WINDOWS\bdir\ffmiu\DeHa-Uhr v2.00.zip
C:\WINDOWS\bdir\ffmiu\DeHa-Uhr v2.20.zip
C:\WINDOWS\bdir\ffmiu\Dehumanizer v1.0 by AmoK.zip
C:\WINDOWS\bdir\ffmiu\Dehumanizer v1.0 by DBC.zip
C:\WINDOWS\bdir\ffmiu\Dehumanizer v1.0 by Eminence.zip
C:\WINDOWS\bdir\ffmiu\Dehumanizer v1.0 by EViDENCE.zip
C:\WINDOWS\bdir\ffmiu\Dehumanizer v1.0 by PC.zip
C:\WINDOWS\bdir\ffmiu\Deja Views 1.0.zip
C:\WINDOWS\bdir\ffmiu\Deja Views 1.00.05.27.zip
C:\WINDOWS\bdir\ffmiu\DejaVu Interactive v3.0.18 by AmoK.zip
C:\WINDOWS\bdir\ffmiu\DejaVu v3.0.21.zip
C:\WINDOWS\bdir\ffmiu\Dekart Private Disk v2.01.zip
C:\WINDOWS\bdir\ffmiu\Dekart Private Disk v2.03.zip
C:\WINDOWS\bdir\ffmiu\Dekart SIM Manager v1.07.zip
C:\WINDOWS\bdir\ffmiu\DeKlarit v2.1.zip
C:\WINDOWS\bdir\ffmiu\DEKSI Network Inventory v3.3.2.zip
C:\WINDOWS\bdir\ffmiu\DEKSI Network Inventory v3.3.4.zip
C:\WINDOWS\bdir\ffmiu\DEKSI Network Inventory v3.3.5.zip
C:\WINDOWS\bdir\ffmiu\DEKSI Network Inventory v3.3.zip
C:\WINDOWS\bdir\ffmiu\DEKSI Network Inventory v3.5.1.zip
C:\WINDOWS\bdir\ffmiu\DEKSI Network Inventory v3.6.1.zip
C:\WINDOWS\bdir\ffmiu\DEKSI Network Inventory v3.6.zip
C:\WINDOWS\bdir\ffmiu\DEKSI Network Inventory v3.7.1.zip
C:\WINDOWS\bdir\ffmiu\DEKSI Network Inventory v3.7.zip
C:\WINDOWS\bdir\ffmiu\yst v2.x Generic.zip
C:\WINDOWS\system32\xpdx.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\xpdx


((((((((((((((((((((((((( Files Created from 2007-08-19 to 2007-09-19 )))))))))))))))))))))))))))))))
.

2007-09-19 23:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-17 19:01 <REP> d-------- C:\Program Files\Trend Micro
2007-09-10 17:44 <REP> d-------- C:\Program Files\Windows Live
2007-09-10 17:44 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-09-04 18:54 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-09-04 18:54 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-09-04 18:52 4,533,792 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-04 18:52 148,768 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-09-04 18:52 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-09-04 18:52 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-09-04 18:50 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
2007-09-02 20:22 <REP> d-------- C:\WINDOWS\McAfee.com
2007-09-02 18:23 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-09-02 13:00 <REP> d-------- C:\DOCUME~1\LOCALS~1\Bureau
2007-09-02 12:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-08-30 20:36 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-30 18:14 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-29 17:27 <REP> d-------- C:\DOCUME~1\PROPRI~1\.housecall6.6
2007-08-25 11:32 <REP> d-------- C:\Program Files\CCleaner
2007-08-20 17:30 <REP> d-------- C:\Program Files\MSN Messenger

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-19 23:56 61508 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-19 23:56 14924 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-09-19 20:47 --------- d-------- C:\Program Files\Wanadoo
2007-09-15 17:52 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-08-21 17:08 --------- d-------- C:\Program Files\Easy Internet signup
2007-08-19 17:02 11518 --a------ C:\DOCUME~1\PROPRI~1\wmlmar.exe
2007-08-18 19:50 --------- d-------- C:\Program Files\EIDOS Interactive
2007-08-18 18:41 --------- d-------- C:\Program Files\Harmotion
2006-01-28 20:01 172 --a--c--- C:\DOCUME~1\PROPRI~1\SCRBuilder_uninst.bat
2006-01-21 21:31 774144 --a------ C:\Program Files\RngInterstitial.dll
2004-12-06 17:19:02 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 04:23]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 04:16]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 09:01]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2003-11-03 17:50]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-12 20:13]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-12-05 20:50]
"nwiz"="nwiz.exe" [2003-12-05 20:50 C:\WINDOWS\system32\nwiz.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 21:35 C:\WINDOWS\ALCXMNTR.EXE]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2004-05-13 09:28]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-05-13 09:28]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 18:36]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2004-05-13 09:28]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-03-22 18:32]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 11:54]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 11:00]
"Acme.PCHButton"="C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe" [2004-01-01 12:42]
"MessengerPlus3"="\ /WinStart" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]

C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 13:19:24]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoFavoritesMenu"=0 (0x0)
"NoSMMyDocs"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoStartMenuMyMusic"=0 (0x0)
"NoRecentDocsHistory"=1 (0x1)
"NoRecentDocsNetHood"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoInstrumentation"=0 (0x0)
"NoSimpleStartMenu"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoFavoritesMenu"=0 (0x0)
"NoSMMyDocs"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoStartMenuMyMusic"=0 (0x0)
"NoRecentDocsHistory"=1 (0x1)
"NoRecentDocsNetHood"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoUserNameInStartMenu"=1 (0x1)
"NoInstrumentation"=0 (0x0)
"NoStartMenuPinnedList"=0 (0x0)
"ForceStartMenuLogoff"=0 (0x0)
"NoSharedDocuments"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= :\WINDOWS\syste

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe -k NetworkService
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 Devx;Devx;C:\WINDOWS\system32\drivers\Devx.sys
S3 driverhardwarev2;driverhardwarev2;\??\C:\Program Files\HardwareDetection\driverhardwarev2.sys
S3 DSDrv4;DSDrv4;\??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys
S3 SANDRA;SANDRA;\??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Sandra.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 VtPr;VtPr;C:\WINDOWS\system32\drivers\VtPr.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-03-21 19:18:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-17 20:29:02 C:\WINDOWS\Tasks\avast! Antivirus.job"
- C:\PROGRA~1\ALWILS~1\Avast4\ashAvast.exe
"2007-08-21 15:08:17 C:\WINDOWS\Tasks\Connexion Facile à Internet.job"
"2007-09-14 15:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-19 23:58:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-09-20 0:05:17 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-20 00:04
.
--- E O F ---
et voici le haijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:37:40, on 20/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [MessengerPlus3] "\" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [0G92U7F46J] C:\WINDOWS\service32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Internet Radio by Endicosoft.com - {1F958B09-3312-7f0e-9723-4C1324C57B20} - C:\Program Files\Internet Radio\Radio.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/ [...] cfscan.cab
O17 - HKLM\System\CS2\Services\Tcpip\..\{28B0656F-C548-4846-A0CA-DD87F144CC30}: NameServer = 80.10.246.130 80.10.246.3
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8452 bytes
merci
chercheur_ Re

Il y a des fichiers douteux.
Suis ce qui est indiqué dans le rapport

Citation :

SVP merci d'envoyer le fichier C:\DOCUME~1\PROPRI~1\Bureau\Upload_Me.zip sur http://upload.changelog.fr




Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.
nezdanslabulle Bonjour pas d'infections mais voici le rapport
MSNFix 1.509

C:\Documents and Settings\Propri‚taire\Mes documents\franck\charges\MSNFix
Fix exécuté le 19/09/2007 - 20:30:57.06 By Propri‚taire
mode normal

************************ Recherche les fichiers présents

Aucun Fichier trouvé

************************ Recherche les dossiers présents

Aucun dossier trouvé


************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\WINDOWS\Saison2005.scr] 4E13023C0BE28379AFAB505597DD71BA
[C:\WINDOWS\UG2005.scr] E819711F5B3645BE2C87A64CB97746FB
[C:\Documents and Settings\Propriétaire\wmlmar.exe] C9A0610CBE9D92AFAE5E8E7C144C2596
[C:\Documents and Settings\Propriétaire\DivFix.ini] A68EA4404E351F597EC3CDE31E9B9D26

[color=#FF0000]==>[/color] SVP merci d'envoyer le fichier C:\DOCUME~1\PROPRI~1\Bureau\Upload_Me.zip sur http://upload.changelog.fr




------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

voila merci
chercheur_ Bonjour

Télécharge MSNFix.zip (de !aur3n7) sur le Bureau
http://sosvirus.changelog.fr/MSNFix.zip

Décompresse-le (clic droit >> Extraire ici) et double clique sur le fichier MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, exécute l'option N.

Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt
Poste le.

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.
nezdanslabulle personne peut m'aider .??
nezdanslabulle