jéjé08

ah ok , concernant la mise en quarantaine je ne l'ai jamais vidé . je croyais qu'il fallait laisser les virus ,et autres trojan a l'interieur ... cela dit, je vide et encore merci pour tout ......

cela semble ok , cela dit comment se fait t-il que j'ai recuperé ds trojan que j' n'avais pas avant du type''Trojan horse TR/Crypt.XDR.Gen'' est t-il possible que je nettoye completement le pc ? sinon encore merci

ci joint rapport antivir AntiVir PersonalEdition Classic Report file date: lundi 3 mars 2008 18:10 Scanning for 1131710 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: ACER-38737002A7 Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 17:05:18 ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 24/02/2008 17:05:18 ANTIVIR3.VDF : 7.0.2.225 154112 Bytes 03/03/2008 17:05:18 AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 03/03/2008 17:05:18 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 03/03/2008 17:05:18 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: E:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: lundi 3 mars 2008 18:10 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'pcd-as.exe' - '1' Module(s) have been scanned Scan process 'vVX3000.exe' - '1' Module(s) have been scanned Scan process 'zlclient.exe' - '0' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'dllhost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'MSCamSvc.exe' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'ehSched.exe' - '1' Module(s) have been scanned Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned Scan process 'btwdins.exe' - '1' Module(s) have been scanned Scan process 'ADCDLicSvc.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'vsmon.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 32 processes with 32 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Boot sector 'E:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '19' files ). Starting the file scan: Begin scan in 'C:\' <maitre> C:\hiberfil.sys [WARNING] The file could not be opened! C:\Documents and Settings\internet\Bureau\catchme.zip [0] Archive type: ZIP --> services.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '48403231.qua'! C:\Documents and Settings\internet\Bureau\Upload_Me.zip [0] Archive type: ZIP --> DOCUME~1/internet/Bureau/Upload_Me/nclmwq.exe [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen [iNFO] The file was moved to '48383246.qua'! C:\Documents and Settings\internet\Bureau\MSNFix2032008_14141570.zip [0] Archive type: ZIP --> backup/nclmwq.exe [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen [iNFO] The file was moved to '47fc320f.qua'! C:\System Volume Information\_restore{E0C9F38B-9ADB-4B11-AC2E-9C65FE199B6A}\RP68\A0012242.exe [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen [iNFO] The file was moved to '47fc4838.qua'! C:\WINDOWS\lwsys32.exe [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen [iNFO] The file was moved to '483f489a.qua'! C:\WINDOWS\wsysst32.exe [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen [iNFO] The file was moved to '4845489b.qua'! C:\WINDOWS\system32\fouyyn.exe [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen [iNFO] The file was moved to '48414a8e.qua'! C:\WINDOWS\system32\sqzwqn.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '48464ab3.qua'! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <ESCLAVE2> Begin scan in 'E:\' <ESCLAVE1> End of the scan: lundi 3 mars 2008 20:22 Used time: 2:12:32 min The scan has been done completely. 9262 Scanning directories 451561 Files were scanned 8 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 8 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 451553 Files not concerned 9088 Archives were scanned 2 Warnings 12 Notes EWIDO n'a rien trouver ===>pas de rapport......... et pour finir hjt Logfile of HijackThis v1.99.1 Scan saved at 13:10:53, on 04/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Microsoft LifeCam\MSCamSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\vVX3000.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\MSN Messenger\livecall.exe C:\Program Files\Mozilla Firefox 2 Beta 1\firefox.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\internet\LOCALS~1\Temp\Rar$EX00.750\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cegetel.net/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: MsgPlusLoader.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe ps , je n'ai pas la possibilite de sup sd fix ? ds ajout/sup ou uninstall....... j'ai d'ailleur +ieurs logiciel ds ce cas ?? merci angelique

*********************************************************************************************** bonsoir, la premiere phase est realisée, je poste les rapports SDFix: Version 1.151 Run by internet on 03/03/2008 at 17:54 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\DOCUME~1\internet\LOCALS~1\Temp\services.exe - Deleted C:\WINDOWS\system32\real.txt - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-03 17:58:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:4c,36,40,aa,a4,05,6d,91,72,7c,93,7d,d7,93,78,04,ed,b1,14,df,06,.. "p0"="C:\Program Files\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001] "a0"=hex:20,01,00,00,e8,cf,7d,e0,09,bd,c1,bf,60,c1,39,bf,8c,3e,4d,d0,ee,.. "khjeh"=hex:bc,2a,27,29,af,67,db,4b,69,47,37,4c,97,87,79,23,32,bd,a3,f1,66,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40] "khjeh"=hex:f6,b4,85,57,39,03,9e,8a,aa,11,ed,e4,48,7e,91,fa,d3,a9,d8,00,82,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf41] "khjeh"=hex:bc,2b,85,99,1d,45,e5,89,75,be,e3,f7,bb,23,8c,aa,41,c3,64,12,57,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:4c,36,40,aa,a4,05,6d,91,72,7c,93,7d,d7,93,78,04,ed,b1,14,df,06,.. "p0"="C:\Program Files\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001] "a0"=hex:20,01,00,00,e8,cf,7d,e0,09,bd,c1,bf,60,c1,39,bf,8c,3e,4d,d0,ee,.. "khjeh"=hex:bc,2a,27,29,af,67,db,4b,69,47,37,4c,97,87,79,23,32,bd,a3,f1,66,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40] "khjeh"=hex:f6,b4,85,57,39,03,9e,8a,aa,11,ed,e4,48,7e,91,fa,d3,a9,d8,00,82,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf41] "khjeh"=hex:bc,2b,85,99,1d,45,e5,89,75,be,e3,f7,bb,23,8c,aa,41,c3,64,12,57,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 1 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater" "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe:*:Enabled:backWeb-7288971" "D:\\Jerome\\eMule\\emule.exe"="D:\\Jerome\\eMule\\emule.exe:*:Enabled:eMule" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Disabled:LifeCam.exe" "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Disabled:LifeExp.exe" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Disabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger" "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus" "C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner" "C:\\DOCUME~1\\internet\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\internet\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Media" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Tue 10 Aug 2004 93,184 A.SH. --- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" Tue 10 Aug 2004 73,728 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe" Fri 19 Nov 2004 26,112 A..H. --- "C:\WINDOWS\system32\InsD1211.exe" Wed 6 Aug 2003 24,576 A..H. --- "C:\WINDOWS\system32\KCMDNIns.exe" Sat 20 Nov 2004 36,864 A..H. --- "C:\WINDOWS\system32\kill1211.exe" Sat 9 Jul 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll" Sat 9 Jul 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll" Sat 9 Jul 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIFCD3.dll" Sat 9 Jul 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIMP3.dll" Wed 23 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll" Thu 7 Aug 2003 24,576 A..H. --- "C:\WINDOWS\system32\reboot.exe" Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\system32\RemD1211.exe" Mon 30 Aug 2004 44,032 A..H. --- "C:\WINDOWS\system32\rescan.exe" Fri 19 Nov 2004 26,112 A..H. --- "C:\WINDOWS\XDRV\InsD1211.exe" Mon 30 Aug 2004 44,032 A..H. --- "C:\WINDOWS\XDRV\rescan.exe" Sun 6 Nov 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Wed 17 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d03f71700772ecd1d20bacc33c473cd5\BIT8.tmp" Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT5.tmp" Sun 6 Nov 2005 4,348 ...H. --- "C:\Documents and Settings\internet\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak" Sun 6 Nov 2005 20 A..H. --- "C:\Documents and Settings\internet\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak" Sun 6 Nov 2005 312 A.SH. --- "C:\Documents and Settings\internet\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak" Mon 3 Mar 2008 5,662 A.SH. --- "C:\Documents and Settings\All Users\Documents\TV enregistr‚e\TempRec\TempSBE\SBE8.tmp" Finished! suivi par hijack,, Logfile of HijackThis v1.99.1 Scan saved at 20:31:35, on 03/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Microsoft LifeCam\MSCamSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\vVX3000.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\internet\LOCALS~1\Temp\Rar$EX00.265\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cegetel.net/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\internet\LOCALS~1\Temp\services.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: MsgPlusLoader.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe merci

bonjour , suite a une contamination par msn ,je me retourne vers vous pour me donner si possible un coups de pouce pour nettoyé mon pc. En effet , ds la mise en quarantaine d'avast j'ai 12 anomalies. win 32: kapucen b ,win 32 agent pgj,win32 delf ioa ,win 32 small jmh ..... je ne suis pas au top pour me depanner, pouvez vous m'aider svp Je fourni mon rapport hijack Logfile of HijackThis v1.99.1 Scan saved at 14:55:30, on 02/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Microsoft LifeCam\MSCamSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\lwsys32.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\vVX3000.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\PROGRA~1\ALWILS~1\Avast4\ashQuick.exe C:\Program Files\MSN Messenger\livecall.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cegetel.net/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Multi_Media_France toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMult.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\internet\LOCALS~1\Temp\services.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Multi_Media_France toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMult.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Multi_Media_France toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMult.dll O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\internet\LOCALS~1\Temp\services.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: MsgPlusLoader.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe merci d'avance