Ayvs

Grillé en live, ca m'apprendra... Voici le rapport de Kaspersky: Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\User\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\User\Local Settings\Application Data\Ahead\Nero Home\bl.db L'objet est verrouillé ignoré C:\Documents and Settings\User\Local Settings\Application Data\Ahead\Nero Home\is2.db L'objet est verrouillé ignoré C:\Documents and Settings\User\Local Settings\Application Data\Identities\{260332F3-D862-4A7D-917F-38F782825088}\Microsoft\Outlook Express\Folders.dbx L'objet est verrouillé ignoré C:\Documents and Settings\User\Local Settings\Application Data\Identities\{260332F3-D862-4A7D-917F-38F782825088}\Microsoft\Outlook Express\Offline.dbx L'objet est verrouillé ignoré C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\User\Local Settings\History\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\User\Local Settings\History\History.IE5\MSHist012007071420070715\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\User\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\User\My Documents\Conversion\setup.113.exe/stream/data0006 Infecté : Trojan-Downloader.Win32.Zlob.bwf ignoré C:\Documents and Settings\User\My Documents\Conversion\setup.113.exe/stream Infecté : Trojan-Downloader.Win32.Zlob.bwf ignoré C:\Documents and Settings\User\My Documents\Conversion\setup.113.exe NSIS: infecté - 2 ignoré C:\Documents and Settings\User\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\User\ntuser.dat.LOG L'objet est verrouillé ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\System Volume Information\_restore{DB3AED15-2CA1-4CFE-B425-635A274E8916}\RP192\A0109182.dll Infecté : Trojan-Downloader.Win32.Zlob.yt ignoré C:\System Volume Information\_restore{DB3AED15-2CA1-4CFE-B425-635A274E8916}\RP192\A0109183.exe Infecté : Trojan-Downloader.Win32.Zlob.bvj ignoré C:\System Volume Information\_restore{DB3AED15-2CA1-4CFE-B425-635A274E8916}\RP193\A0109383.dll Infecté : Trojan-Downloader.Win32.Zlob.yt ignoré C:\System Volume Information\_restore{DB3AED15-2CA1-4CFE-B425-635A274E8916}\RP193\A0109385.exe Infecté : Trojan-Downloader.Win32.Zlob.bvj ignoré C:\System Volume Information\_restore{DB3AED15-2CA1-4CFE-B425-635A274E8916}\RP193\A0110384.dll Infecté : Trojan-Downloader.Win32.Zlob.yt ignoré C:\System Volume Information\_restore{DB3AED15-2CA1-4CFE-B425-635A274E8916}\RP193\A0110386.exe Infecté : Trojan-Downloader.Win32.Zlob.bvj ignoré C:\System Volume Information\_restore{DB3AED15-2CA1-4CFE-B425-635A274E8916}\RP193\A0110980.dll Infecté : Trojan-Downloader.Win32.Zlob.yt ignoré C:\System Volume Information\_restore{DB3AED15-2CA1-4CFE-B425-635A274E8916}\RP193\A0110981.exe Infecté : Trojan-Downloader.Win32.Zlob.bvj ignoré C:\System Volume Information\_restore{DB3AED15-2CA1-4CFE-B425-635A274E8916}\RP193\A0110990.dll Infecté : Trojan-Downloader.Win32.Zlob.yt ignoré C:\System Volume Information\_restore{DB3AED15-2CA1-4CFE-B425-635A274E8916}\RP193\A0110991.exe Infecté : Trojan-Downloader.Win32.Zlob.bvj ignoré C:\System Volume Information\_restore{DB3AED15-2CA1-4CFE-B425-635A274E8916}\RP193\A0111000.dll Infecté : Trojan-Downloader.Win32.Zlob.yt ignoré C:\System Volume Information\_restore{DB3AED15-2CA1-4CFE-B425-635A274E8916}\RP193\A0111001.exe Infecté : Trojan-Downloader.Win32.Zlob.bvj ignoré C:\System Volume Information\_restore{DB3AED15-2CA1-4CFE-B425-635A274E8916}\RP194\A0111168.dll Infecté : Trojan-Downloader.Win32.Zlob.yt ignoré C:\System Volume Information\_restore{DB3AED15-2CA1-4CFE-B425-635A274E8916}\RP194\A0111170.exe Infecté : Trojan-Downloader.Win32.Zlob.bvj ignoré C:\System Volume Information\_restore{DB3AED15-2CA1-4CFE-B425-635A274E8916}\RP194\A0111280.dll Infecté : Trojan-Downloader.Win32.Zlob.yt ignoré C:\System Volume Information\_restore{DB3AED15-2CA1-4CFE-B425-635A274E8916}\RP194\A0111282.exe Infecté : Trojan-Downloader.Win32.Zlob.bvj ignoré C:\System Volume Information\_restore{DB3AED15-2CA1-4CFE-B425-635A274E8916}\RP195\A0112398.dll Infecté : Trojan-Downloader.Win32.Zlob.yt ignoré C:\System Volume Information\_restore{DB3AED15-2CA1-4CFE-B425-635A274E8916}\RP195\A0112400.exe Infecté : Trojan-Downloader.Win32.Zlob.bvj ignoré C:\System Volume Information\_restore{DB3AED15-2CA1-4CFE-B425-635A274E8916}\RP195\A0112408.dll Infecté : Trojan-Downloader.Win32.Zlob.yt ignoré C:\System Volume Information\_restore{DB3AED15-2CA1-4CFE-B425-635A274E8916}\RP195\A0112410.exe Infecté : Trojan-Downloader.Win32.Zlob.bvj ignoré C:\System Volume Information\_restore{DB3AED15-2CA1-4CFE-B425-635A274E8916}\RP195\A0112984.dll Infecté : Trojan-Downloader.Win32.Zlob.yt ignoré C:\System Volume Information\_restore{DB3AED15-2CA1-4CFE-B425-635A274E8916}\RP195\A0112985.exe Infecté : Trojan-Downloader.Win32.Zlob.bvj ignoré C:\System Volume Information\_restore{DB3AED15-2CA1-4CFE-B425-635A274E8916}\RP196\A0113571.dll Infecté : Trojan-Downloader.Win32.Zlob.yt ignoré C:\System Volume Information\_restore{DB3AED15-2CA1-4CFE-B425-635A274E8916}\RP196\A0113573.exe Infecté : Trojan-Downloader.Win32.Zlob.bvj ignoré C:\System Volume Information\_restore{DB3AED15-2CA1-4CFE-B425-635A274E8916}\RP197\A0113596.exe Infecté : Trojan-Downloader.Win32.Zlob.yt ignoré C:\System Volume Information\_restore{DB3AED15-2CA1-4CFE-B425-635A274E8916}\RP198\A0114247.exe Infecté : Trojan-Downloader.Win32.Zlob.bvj ignoré C:\System Volume Information\_restore{DB3AED15-2CA1-4CFE-B425-635A274E8916}\RP198\A0114248.dll Infecté : Trojan-Downloader.Win32.Zlob.yt ignoré C:\System Volume Information\_restore{DB3AED15-2CA1-4CFE-B425-635A274E8916}\RP198\A0114796.exe L'objet est verrouillé ignoré C:\System Volume Information\_restore{DB3AED15-2CA1-4CFE-B425-635A274E8916}\RP199\change.log L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\EventCache\{38739455-54CC-4AA1-9452-E925DB380381}.bin L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré Analyse terminée. Encore merci pour votre aide , c'est pas tout les jours qu'il y a un forum constructif.

Salut Chercheur, Voici les deux rapports demandés : Smitfraud SmitFraudFix v2.202 Scan done at 1:41:50,04, ven. 13/07/2007 Run from C:\Documents and Settings\User\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{9AB8D651-60A4-4D56-A490-2FD8B0042BB7}: DhcpNameServer=195.162.196.3 195.162.196.5 HKLM\SYSTEM\CS1\Services\Tcpip\..\{9AB8D651-60A4-4D56-A490-2FD8B0042BB7}: DhcpNameServer=195.162.196.3 195.162.196.5 HKLM\SYSTEM\CS2\Services\Tcpip\..\{9AB8D651-60A4-4D56-A490-2FD8B0042BB7}: DhcpNameServer=195.162.196.3 195.162.196.5 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=195.162.196.3 195.162.196.5 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=195.162.196.3 195.162.196.5 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=195.162.196.3 195.162.196.5 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End 2. Hijackthis Logfile of HijackThis v1.99.1 Scan saved at 1:49:17, on 13/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr-be\msntb.dll O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\DOCUME~1\User\LOCALS~1\Temp\juan.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr-be\msntb.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/har...on.cab?version= O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe p.s: au redémarrage la page d'acceuil internet n'était plus celle du soi disant antivirus que je devais télécharger (le piège) mais bien celle que j'avais avant l'infection, donc ca à l'air d'être bon signe. Je ne sais pas comment vous faites mais ça marche (tiens d'ailleurs comment savez vous ce qu'il faut faire ?). En tout cas merci pour tout, c'était un nouvel ordi ca aurait été facheux qu'il soit bousillé à cause de ça.

Voici les rapports de Hijackthis Logfile of HijackThis v1.99.1 Scan saved at 10:17:00, on 12/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.be/0SEFRBE/SAOS01 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {184746EC-9E9D-4C7D-B9E7-9039EBD801A9} - C:\Program Files\Video ActiveX Access\iesplg.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr-be\msntb.dll O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\DOCUME~1\User\LOCALS~1\Temp\juan.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr-be\msntb.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/har...on.cab?version= O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Smitfraudfix SmitFraudFix v2.202 Scan done at 10:20:43,59, jeu. 12/07/2007 Run from C:\Documents and Settings\User\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\User\FAVORI~1 C:\DOCUME~1\User\FAVORI~1\Online Security Test.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\Video ActiveX Access\ FOUND ! C:\Program Files\VirusProtectPro 3.3\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{fde1bd72-ca80-443f-9526-595337b73878}"="hieroglyphist" [HKEY_CLASSES_ROOT\CLSID\{fde1bd72-ca80-443f-9526-595337b73878}\InProcServer32] @="C:\WINDOWS\system32\lapmvzf.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{fde1bd72-ca80-443f-9526-595337b73878}\InProcServer32] @="C:\WINDOWS\system32\lapmvzf.dll" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: NVIDIA nForce Networking Controller - Packet Scheduler Miniport DNS Server Search Order: 195.162.196.3 DNS Server Search Order: 195.162.196.5 HKLM\SYSTEM\CCS\Services\Tcpip\..\{9AB8D651-60A4-4D56-A490-2FD8B0042BB7}: DhcpNameServer=195.162.196.3 195.162.196.5 HKLM\SYSTEM\CS1\Services\Tcpip\..\{9AB8D651-60A4-4D56-A490-2FD8B0042BB7}: DhcpNameServer=195.162.196.3 195.162.196.5 HKLM\SYSTEM\CS2\Services\Tcpip\..\{9AB8D651-60A4-4D56-A490-2FD8B0042BB7}: DhcpNameServer=195.162.196.3 195.162.196.5 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=195.162.196.3 195.162.196.5 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=195.162.196.3 195.162.196.5 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=195.162.196.3 195.162.196.5 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End et celui de Antivir AntiVir PersonalEdition Classic Report file date: mercredi 11 juillet 2007 21:39 Scanning for 875539 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: User Computer name: ALICE Version information: BUILD.DAT : 247 14437 Bytes 5/10/2007 11:55:00 AVSCAN.EXE : 7.0.4.15 282664 Bytes 4/20/2007 11:37:14 AVSCAN.DLL : 7.0.4.4 33832 Bytes 3/27/2007 11:31:54 LUKE.DLL : 7.0.4.11 143400 Bytes 3/27/2007 11:26:04 LUKERES.DLL : 7.0.4.0 10280 Bytes 3/19/2007 11:18:59 ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 5/31/2006 13:08:58 ANTIVIR1.VDF : 6.38.1.170 5569024 Bytes 5/21/2007 23:52:10 ANTIVIR2.VDF : 6.39.0.115 1186304 Bytes 7/8/2007 23:52:10 ANTIVIR3.VDF : 6.39.0.122 78336 Bytes 7/9/2007 23:51:07 AVEWIN32.DLL : 7.4.0.39 2482688 Bytes 7/8/2007 23:52:10 AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 09:36:26 AVPREF.DLL : 7.0.2.1 24616 Bytes 3/27/2007 11:31:50 AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 12:16:24 AVPACK32.DLL : 7.3.0.13 360488 Bytes 7/8/2007 23:52:10 AVREG.DLL : 7.0.1.2 31784 Bytes 3/15/2007 08:05:08 AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 3/27/2007 11:16:05 AVARKT.DLL : 1.0.0.17 278568 Bytes 5/2/2007 10:32:26 NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 10:09:42 RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 3/13/2007 09:46:18 RCTEXT.DLL : 7.0.45.0 86056 Bytes 3/19/2007 11:42:42 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: E:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: mercredi 11 juillet 2007 21:39 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'notepad.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 14 processes with 14 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Boot sector 'A:\' [NOTE] In the drive 'A:\' no data medium is inserted! Starting to scan the registry. The registry was scanned ( '25' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Program Files\PopsMedia Site Adviser\vm5_killer.exe [DETECTION] Is the Trojan horse TR/BHO.BD.6 [iNFO] The file was deleted! C:\Program Files\VirusProtectPro 3.3\VirusProtectPro 3.3.exe [DETECTION] Contains signature of the SPR/Fake.SpyCrush program [iNFO] The file was deleted! Begin scan in 'D:\' <Data> Begin scan in 'A:\' Search path A:\ could not be opened! The device is not ready. Begin scan in 'E:\' Search path E:\ could not be opened! The device is not ready. End of the scan: jeudi 12 juillet 2007 09:10 Used time: 11:31:15 min The scan has been done completely. 18600 Scanning directories 480527 Files were scanned 2 viruses and/or unwanted programs were found 0 classified as suspicious: 2 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 480525 Files not concerned 3535 Archives were scanned 1 Warnings 8 Notes 0 Hidden objects were found C'est sympa de m'avoir répondu , je me sents déjà moins seul chercheur et charles Ingals.

Bonjour je suis nouveau sur le site et j'ai apparement quelques problèmes spyware, sauriez vous faire quelque chose pour moi avec le rapport Hijackthis que voici ? Logfile of HijackThis v1.99.1 Scan saved at 19:51:04, on 8/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Video ActiveX Access\iesmn.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Video ActiveX Access\iesmin.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.be/0SEFRBE/SAOS01 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {184746EC-9E9D-4C7D-B9E7-9039EBD801A9} - C:\Program Files\Video ActiveX Access\iesplg.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr-be\msntb.dll O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\DOCUME~1\User\LOCALS~1\Temp\juan.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\fr-be\msntb.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/har...on.cab?version= O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe