Bonjour je crois que je suis bien infécté ! help me !

Bonjour,

bon je vous raconte ce qui m'arrive ;)
je pense avoir pas mal de virus, trojan etc.
bon j'ai passé mcaffee, ad-aware, avg anti-spyware.

il y a 5 seconde j'ai arreté l'execution de mDNSResponder.exe qui etait dans C:\Program Files\Bonjour ( dossier & fichier non supprimer actuellement )

sinon voici le log, merci à vous ;
Code:

  Logfile of HijackThis v1.99.1
  Scan saved at 20:19:14, on 19/06/2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16473)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
  C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
  C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
  C:\WINDOWS\system32\CTsvcCDA.exe
  C:\Program Files\Dell Network Assistant\hnm_svc.exe
  C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
  C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
  c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
  C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
  C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
  c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
  c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
  C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
  C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
  C:\Program Files\McAfee\MPF\MPFSrv.exe
  C:\PROGRA~1\McAfee\MPS\mps.exe
  C:\Program Files\McAfee\MSK\MskSrver.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
  C:\Program Files\McAfee\MPS\mpsevh.exe
  c:\PROGRA~1\mcafee.com\agent\mcagent.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
  C:\WINDOWS\stsystra.exe
  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
  C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
  C:\WINDOWS\system32\Rundll32.exe
  C:\Program Files\McAfee\MSK\MskAgent.exe
  C:\WINDOWS\system32\dla\tfswctrl.exe
  C:\DOCUME~1\Wu\LOCALS~1\Temp\clclean.0001
  C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
  C:\Program Files\Dell\MediaDirect\PCMService.exe
  C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
  C:\WINDOWS\system32\kmw_run.exe
  C:\Documents and Settings\All Users\Application Data\udinajkv.exe
  C:\WINDOWS\system32\scchk32.exe
  C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
  C:\WINDOWS\system32\KMW_SHOW.EXE
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Creative\MediaSource5\CTDetctu.exe
  C:\PROGRA~1\Mozilla Firefox\firefox.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
  C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
  C:\WINDOWS\System32\svchost.exe
  C:\Documents and Settings\Wu\Bureau\hijackthis_199\HijackThis.exe
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=0070525
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://files.myopera.com/Rodrigoosilva/files/index.htm
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=0070525
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
  O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
  O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
  O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
  O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
  O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
  O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
  O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
  O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
  O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
  O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
  O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
  O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
  O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
  O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
  O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
  O4 - HKLM\..\Run: [udinajkv.exe] C:\Documents and Settings\All Users\Application Data\udinajkv.exe
  O4 - HKLM\..\Run: [SC2] C:\WINDOWS\system32\scchk32.exe
  O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
  O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
  O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
  O4 - HKCU\..\Run: [Creative Detector U] "C:\Program Files\Creative\MediaSource5\CTDetctu.exe" /R
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - Global Startup: BTTray.lnk = ?
  O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
  O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
  O11 - Options group: [INTERNATIONAL] International*
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O20 - Winlogon Notify: winhdn32 - winhdn32.dll (file missing)
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
  O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
  O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
  O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
  O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
  O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
  O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
  O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
  O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
  O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
  O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
  O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
  O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
  O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
  O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
  O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
  O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
  O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
  O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
  O23 - Service: wampapache - Unknown owner - C:\Program Files\server\wamp\apache2\bin\httpd.exe" -k runservice (file missing)
  O23 - Service: wampmysqld - Unknown owner - C:\Program Files\server\wamp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\server\wamp\mysql\my.ini" wampmysqld (file missing)
  O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Ajout du 19-06-2007 à 20:34:

je me suis fais aussi avoir par l'ultimate fixer, ouui j'ai cliquer et lancer le logiciel, mais j'ai arreté au milieux quand meme . (l'onglet en bas, proposant de l'installer est toujour present ).

j'ai xp si ca peut aidé ;)

merci encore de m'aider :P plz, je vous en conjure aidé moi. merci

salut,


il n'est pas mauvais à part des entrées inconnu, prends ton log et fais un copier coller sur le lien suivant et tu verras Lien @+

salut,
télécharge SmitfraudFix
SmitfraudFix.zip
deconnectes toi du net
dezip le dossier (extraire tout)
Ouvre le dossier SmitfraudFix double clic sur SmitfraudFix.cmd
valide l'option 1
Copie/colle le contenu du rapport ici

a+

merci à vous :

fred :

Code:

  SmitFraudFix v2.195
  
  Rapport fait à 21:16:18,84, 19/06/2007
  Executé à partir de C:\Documents and Settings\Wu\Bureau\SmitfraudFix\SmitfraudFix
  OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
  Le type du système de fichiers est NTFS
  Fix executé en mode normal
  
  »»»»»»»»»»»»»»»»»»»»»»»» Process
  
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
  C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
  C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
  C:\WINDOWS\system32\CTsvcCDA.exe
  C:\Program Files\Dell Network Assistant\hnm_svc.exe
  C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
  C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
  c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
  C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
  C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
  c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
  c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
  C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
  C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
  C:\Program Files\McAfee\MPF\MPFSrv.exe
  C:\PROGRA~1\McAfee\MPS\mps.exe
  C:\Program Files\McAfee\MSK\MskSrver.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
  C:\Program Files\McAfee\MPS\mpsevh.exe
  c:\PROGRA~1\mcafee.com\agent\mcagent.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
  C:\WINDOWS\stsystra.exe
  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
  C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
  C:\WINDOWS\system32\Rundll32.exe
  C:\Program Files\McAfee\MSK\MskAgent.exe
  C:\WINDOWS\system32\dla\tfswctrl.exe
  C:\DOCUME~1\Wu\LOCALS~1\Temp\clclean.0001
  C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
  C:\Program Files\Dell\MediaDirect\PCMService.exe
  C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
  C:\WINDOWS\system32\kmw_run.exe
  C:\Documents and Settings\All Users\Application Data\udinajkv.exe
  C:\WINDOWS\system32\scchk32.exe
  C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
  C:\WINDOWS\system32\KMW_SHOW.EXE
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Creative\MediaSource5\CTDetctu.exe
  C:\PROGRA~1\Mozilla Firefox\firefox.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
  C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\MSN Messenger\msnmsgr.exe
  C:\Program Files\MSN Messenger\usnsvc.exe
  C:\Program Files\mIRC\mirc.exe
  C:\Program Files-ZipzFM.exe
  c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
  C:\WINDOWS\system32\cmd.exe
  
  »»»»»»»»»»»»»»»»»»»»»»»» hosts
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» C:\
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Wu
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Wu\Application Data
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Wu\Favoris
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» Bureau
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
   
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components[code]

SmitFraudFix v2.195



Rapport fait à 21:16:18,84, 19/06/2007

Executé à partir de C:\Documents and Settings\Wu\Bureau\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode normal



»»»»»»»»»»»»»»»»»»»»»»»» Process



C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Dell Network Assistant\hnm_svc.exe

C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe

c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\PROGRA~1\McAfee\MPS\mps.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\McAfee\MPS\mpsevh.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\McAfee\MSK\MskAgent.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\DOCUME~1\Wu\LOCALS~1\Temp\clclean.0001

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

C:\WINDOWS\system32\kmw_run.exe

C:\Documents and Settings\All Users\Application Data\udinajkv.exe

C:\WINDOWS\system32\scchk32.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\KMW_SHOW.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Creative\MediaSource5\CTDetctu.exe

C:\PROGRA~1\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\mIRC\mirc.exe

C:\Program Files\7-Zip\7zFM.exe

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

C:\WINDOWS\system32\cmd.exe



»»»»»»»»»»»»»»»»»»»»»»»» hosts





»»»»»»»»»»»»»»»»»»»»»»»» C:\





»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS





»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system





»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web





»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32





»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles





»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Wu





»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Wu\Application Data





»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer





»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Wu\Favoris





»»»»»»»»»»»»»»»»»»»»»»»» Bureau





»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 





»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues





»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Ma page d'accueil"

 



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!



SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll





»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""





»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""





»»»»»»»»»»»»»»»»»»»»»»»» Rustock







»»»»»»»»»»»»»»»»»»»»»»»» DNS



Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Miniport d'ordonnancement de paquets

DNS Server Search Order: 192.168.1.1



HKLM\SYSTEM\CCS\Services\Tcpip\..\{E3BBE7A0-790C-4B8F-9018-55E7B1A46372}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{E3BBE7A0-790C-4B8F-9018-55E7B1A46372}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS3\Services\Tcpip\..\{E3BBE7A0-790C-4B8F-9018-55E7B1A46372}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1





»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll





»»»»»»»»»»»»»»»»»»»»»»»» Fin





[/code]]
  "Source"="About:Home"
  "SubscribedURL"="About:Home"
  "FriendlyName"="Ma page d'accueil"
   
  
  »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
  !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
  
  SrchSTS.exe by S!Ri
  Search SharedTaskScheduler's .dll
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
  !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
  "AppInit_DLLs"=""
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
  !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
  "System"=""
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» Rustock
  
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» DNS
  
  Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Miniport d'ordonnancement de paquets
  DNS Server Search Order: 192.168.1.1
  
  HKLM\SYSTEM\CCS\Services\Tcpip\..\{E3BBE7A0-790C-4B8F-9018-55E7B1A46372}: DhcpNameServer=192.168.1.1
  HKLM\SYSTEM\CS1\Services\Tcpip\..\{E3BBE7A0-790C-4B8F-9018-55E7B1A46372}: DhcpNameServer=192.168.1.1
  HKLM\SYSTEM\CS3\Services\Tcpip\..\{E3BBE7A0-790C-4B8F-9018-55E7B1A46372}: DhcpNameServer=192.168.1.1
  HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
  HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
  HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
  
  
  »»»»»»»»»»»»»»»»»»»»»»»» Fin

relancer hijack

cocher ces ligns et clic ensuite sur fix checked

O4 - HKLM\..\Run: [udinajkv.exe] C:\Documents and Settings\All Users\Application Data\udinajkv.exe
O4 - HKLM\..\Run: [SC2] C:\WINDOWS\system32\scchk32.exe
O20 - Winlogon Notify: winhdn32 - winhdn32.dll (file missing)
-----------
Télécharger sur le bureau

OTMoveIt.exe
= Copier ce texte en gras
C:\Documents and Settings\All Users\Application Data\udinajkv.exe
C:\WINDOWS\system32\scchk32.exe

= Double-clic sur OTMoveIt.exe
= Dans le cadre de Gauche ==> clic-droit ==> coller
= Clic MoveIt!
= si redémarrage demandé==> Clic : YES
= Un rapport dans ==> C:\_OTMoveIt\MovedFiles\date du jour à copier/coller dans la réponse

voila le rapport :
Code:

  C:\Documents and Settings\All Users\Application Data\udinajkv.exe moved successfully.
  C:\WINDOWS\system32\scchk32.exe moved successfully.
   
  Created on 06/20/2007 12:30:49

sinon le rapport de HijackThis.exe apres les consignes éffectué :
Code:

  Logfile of HijackThis v1.99.1
  Scan saved at 12:33:04, on 20/06/2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16473)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
  C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
  C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
  C:\WINDOWS\system32\CTsvcCDA.exe
  C:\Program Files\Dell Network Assistant\hnm_svc.exe
  C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
  C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
  c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
  C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
  C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
  c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
  c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
  C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
  C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
  C:\Program Files\McAfee\MPF\MPFSrv.exe
  C:\PROGRA~1\McAfee\MPS\mps.exe
  C:\Program Files\McAfee\MSK\MskSrver.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
  C:\Program Files\McAfee\MPS\mpsevh.exe
  c:\PROGRA~1\mcafee.com\agent\mcagent.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
  C:\WINDOWS\stsystra.exe
  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
  C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
  C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
  C:\WINDOWS\system32\Rundll32.exe
  C:\Program Files\McAfee\MSK\MskAgent.exe
  C:\WINDOWS\system32\dla\tfswctrl.exe
  C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
  C:\Program Files\Dell\MediaDirect\PCMService.exe
  C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
  C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
  C:\DOCUME~1\Wu\LOCALS~1\Temp\clclean.0001
  C:\WINDOWS\system32\kmw_run.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\KMW_SHOW.EXE
  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
  C:\Program Files\Creative\MediaSource5\CTDetctu.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\Program Files\MSN Messenger\msnmsgr.exe
  C:\Program Files\Mozilla Thunderbird\thunderbird.exe
  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
  C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
  C:\Program Files\MSN Messenger\usnsvc.exe
  C:\PROGRA~1\Mozilla Firefox\firefox.exe
  C:\Documents and Settings\Wu\Bureau\hijackthis_199\HijackThis.exe
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=0070525
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://files.myopera.com/Rodrigoosilva/files/index.htm
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=0070525
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
  O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
  O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
  O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
  O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
  O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
  O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
  O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
  O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
  O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
  O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
  O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
  O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
  O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
  O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
  O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
  O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
  O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
  O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
  O4 - HKCU\..\Run: [Creative Detector U] "C:\Program Files\Creative\MediaSource5\CTDetctu.exe" /R
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
  O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
  O4 - Global Startup: BTTray.lnk = ?
  O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
  O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
  O11 - Options group: [INTERNATIONAL] International*
  O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
  O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
  O20 - Winlogon Notify: winhdn32 - winhdn32.dll (file missing)
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
  O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
  O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
  O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
  O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
  O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
  O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
  O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
  O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
  O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
  O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
  O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
  O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
  O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
  O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
  O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
  O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
  O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
  O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
  O23 - Service: wampapache - Unknown owner - C:\Program Files\server\wamp\apache2\bin\httpd.exe" -k runservice (file missing)
  O23 - Service: wampmysqld - Unknown owner - C:\Program Files\server\wamp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\server\wamp\mysql\my.ini" wampmysqld (file missing)
  O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Ajout du 20-06-2007 à 12:35:

merci beaucoup sinon ;)

supprime Smitfraudfix ( tu n'avais pas d'infection smitfraud ) et son rapport

-------
pour C:\Program Files\Bonjour si tu as un Itune , c'est ok
bien que tu puisses arrêter ce service.

c'est fait merci,