drims

Bonjour, Je viens de changer d'ordinateur (ordinateur de récupération) et je n'arrive pas à me connecter à internet avec le wifi. Ethernet fonctionne sans problème. Ma carte réseau fonctionne normalement. J'ai contacté mon fournisseur d'accès et passé une demi heure avec un conseiller, mais sans résultats. Y aurait-il quelqu'un pour me porter assistance ? Merci

Salut Falkra, Juste un petit mot pour terminer. Je pense avoir trouvé l'origine de l'infection de mon ordi. Mon ami qui est indien regarde des films en streaming sur un site qui s'appelle TAMILPEEK. J'ai frôlé de peu la ré-infection l'autre jour... Bon mon ordi est au top de sa forme, ma connexion internet pas trop... Je vais peut-être créer un nouveau post... Merci pour tout !

Mille mercis Falkra ! Pour bien finir la série, ma Live Box m'a lâchée et je ne pouvais plus te répondre, Je n'aurais jamais assez de mots pour te dire ma reconnaissance ! Un gros merci pour avoir pris le temps de m'aider, et aussi pour tous ces conseils et les liens vers les tuto Ciao

Le dernier rapport ... je croise les doigts ! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:41:43, on 23/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Acer\eManager\anbmServ.exe C:\acer\epm\epm-dm.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hercules\WiFi Station\WifiStation.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\internet explorer\iexplore.exe C:\DOCUME~1\SENTIE~1\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis[3].zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB002" /M "Stylus C86" O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB002" /M "Stylus C66" O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64" O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: WiFi Station.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe -- End of file - 6205 bytes

J'ai profité que antivir soit à nouveau actif pour scanner mon ordi. Je t'envoie le rapport : Avira AntiVir Personal Report file date: mardi 22 juillet 2008 12:33 Scanning for 1487515 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: ACER-86ABAAF10A Version information: BUILD.DAT : 8.1.0.326 16933 Bytes 11/07/2008 12:57:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:54 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:42 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:20 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:54 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:16 ANTIVIR2.VDF : 7.0.5.144 1690624 Bytes 21/07/2008 10:22:26 ANTIVIR3.VDF : 7.0.5.150 37376 Bytes 22/07/2008 10:22:26 Engineversion : 8.1.1.11 AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:52 AESCRIPT.DLL : 8.1.0.59 307579 Bytes 22/07/2008 10:22:36 AESCN.DLL : 8.1.0.23 119156 Bytes 22/07/2008 10:22:34 AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:52 AEPACK.DLL : 8.1.2.1 364917 Bytes 22/07/2008 10:22:34 AEOFFICE.DLL : 8.1.0.21 192891 Bytes 22/07/2008 10:22:32 AEHEUR.DLL : 8.1.0.43 1339767 Bytes 22/07/2008 10:22:32 AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:52 AEGEN.DLL : 8.1.0.29 307573 Bytes 09/07/2008 08:46:52 AEEMU.DLL : 8.1.0.6 430451 Bytes 09/07/2008 08:46:52 AECORE.DLL : 8.1.1.6 172405 Bytes 22/07/2008 10:22:28 AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:06 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:02 AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 14:35:22 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:42 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:50 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:42 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:08 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:38 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mardi 22 juillet 2008 12:33 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'msiexec.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'ALG.EXE' - '1' Module(s) have been scanned Scan process 'WiFiStation.exe' - '1' Module(s) have been scanned Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned Scan process 'MSMSGS.EXE' - '1' Module(s) have been scanned Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned Scan process 'E_S4I0R2.EXE' - '1' Module(s) have been scanned Scan process 'HKCMD.EXE' - '1' Module(s) have been scanned Scan process 'IGFXTRAY.EXE' - '1' Module(s) have been scanned Scan process 'QtZgAcer.EXE' - '1' Module(s) have been scanned Scan process 'REALPLAY.EXE' - '1' Module(s) have been scanned Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned Scan process 'EPM-DM.EXE' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'anbmServ.exe' - '1' Module(s) have been scanned Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'LSASS.EXE' - '1' Module(s) have been scanned Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned Scan process 'SMSS.EXE' - '1' Module(s) have been scanned 37 processes with 37 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '67' files ). Starting the file scan: Begin scan in 'C:\' <ACER> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\a [DETECTION] Is the TR/Hoax.Renos.bfn Trojan [NOTE] The file was moved to '48bfb7cb.qua'! C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\48bfb7cb.qua [0] Archive type: HIDDEN --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\48bfb7cb.qua [DETECTION] Is the TR/Hoax.Renos.bfn Trojan [NOTE] The file was moved to '48e7ba32.qua'! C:\Documents and Settings\sentier nature\Application Data\Sun\Java\Deployment\cache\6.0\16\2635d3d0-64f77813 [0] Archive type: ZIP --> OP.class [DETECTION] Contains recognition pattern of the EXP/ByteVerify.I exploit [NOTE] The file was moved to '48b8ba76.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP12\A0000834.exe [DETECTION] Is the TR/Tibs.NJ.3 Trojan [NOTE] The file was moved to '48b5bc66.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP13\A0001022.DLL [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '48b5bc71.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP14\A0002049.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '48b5bc76.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP15\A0002282.DLL [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '48b5bc80.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP16\A0002298.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '48b5bc85.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP16\A0002299.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '48b5bc88.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP19\A0002339.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '48b5bc8d.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP19\A0002340.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '48b5bc8f.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP19\A0002355.DLL [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '48b5bc92.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP19\A0002371.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '48b5bc95.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP19\A0002372.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '48b5bc99.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP20\A0002472.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '48b5bca0.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP20\A0002542.DLL [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '48b5bca7.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP20\A0002559.exe [DETECTION] Is the TR/Tibs.NJ.3 Trojan [NOTE] The file was moved to '48b5bcab.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP20\A0002560.exe [DETECTION] Is the TR/Hoax.Renos.bfn Trojan [NOTE] The file was moved to '48b5bcae.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP20\A0002567.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/IRC.Chazz.41 back-door program [NOTE] The file was moved to '48b5bcb2.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP20\A0002617.DLL [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '48b5bcb6.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP20\A0002631.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/IRC.Chazz.41 back-door program [NOTE] The file was moved to '48b5be45.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP20\A0002661.exe [DETECTION] Is the TR/Vapsup.hbh.2 Trojan [NOTE] The file was moved to '48b5be4d.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP20\A0002662.EXE [DETECTION] Is the TR/Hoax.Renos.bfn Trojan [NOTE] The file was moved to '48b5be4e.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP20\A0002678.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/IRC.Chazz.41 back-door program [NOTE] The file was moved to '48b5be4f.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP20\A0002681.DLL [DETECTION] Is the TR/Vundo.FAT.1 Trojan [NOTE] The file was moved to '4914f2c8.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP20\A0002704.DLL [DETECTION] Is the TR/Monderb.92672 Trojan [NOTE] The file was moved to '48b5be50.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP20\A0002733.dll [DETECTION] Is the TR/Monderb.93248 Trojan [NOTE] The file was moved to '48b5be51.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002779.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48b5be53.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002781.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4914f2cc.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002783.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48b5be54.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002784.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4914f2cd.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002785.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48b5be55.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002786.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4914f3f6.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002787.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48b5be57.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002788.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48b5be56.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002789.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4914f3f7.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002790.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4914f3f8.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002791.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48b5be58.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002792.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4914f2c1.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002793.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48b5be5a.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002794.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48b5be59.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002795.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4914f2c2.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002796.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48b5be5b.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002797.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4914f2c3.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002798.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48b5be5c.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002799.dll [DETECTION] Is the TR/Killav.28714 Trojan [NOTE] The file was moved to '4914f3fd.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP22\A0002962.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48b5be63.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP22\A0002964.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '48b5be64.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP22\A0002965.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4914f3c5.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP22\A0002966.DLL [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '48b5be66.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP22\A0003001.exe [DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.108 dropper C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP22\A0003001.exe [0] Archive type: RAR SFX (self extracting) --> SmitfraudFix\IEDFix.C.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/IRC.Chazz.41 back-door program [NOTE] The file was moved to '48b5be68.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP22\A0003009.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/IRC.Chazz.41 back-door program [NOTE] The file was moved to '48b5be69.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP23\A0003236.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/IRC.Chazz.41 back-door program [NOTE] The file was moved to '48b5be6e.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP27\A0003586.exe [DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.108 dropper C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP27\A0003586.exe [0] Archive type: RAR SFX (self extracting) --> SmitfraudFix\IEDFix.C.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/IRC.Chazz.41 back-door program [NOTE] The file was moved to '48b5be78.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\ogvgxevb.dll.vir [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48fbbebe.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\opnolMCr.dll.vir [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48f3bec7.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\qtccqool.dll.vir [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '48e8becb.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\tuvVOGyw.dll.vir [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48fbbecd.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\wntnjx.dll.vir [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '48f9bec6.qua'! Begin scan in 'D:\' <ACERDATA> End of the scan: mardi 22 juillet 2008 13:03 Used time: 29:46 Minute(s) The scan has been done completely. 2773 Scanning directories 219344 Files were scanned 61 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 59 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 219281 Files not concerned 6432 Archives were scanned 2 Warnings 59 Notes

Youpi, le parapluie de antivir s'est enfin ouvert Et la mise à jour fonctionne aussi Trop le bonheur Est-ce qu'il reste autre chose à faire ?

Bonjour Falkra, Ca y est j'ai réussi à désinstaller Avast de mon ordi en passant par le mode sans échec... Ouf ! Je suis prête pour la suite

Salut Falkra Bon t'en as pas encore fini avec moi... J'avais déjà essayé de désinstaller Avast en passant par ajout/suppression de programmes mais à chaque fois un message d'erreur apparaissait. C'est toujours le cas : Erreur inconnue, le programme ne peut pas charger iNews (C:\Program Files\Alwil Software\Avast4\DATA\iNews.htm). J'ai voulu télécharger aswClear sur mon bureau, mais un message d'erreur s'affiche : The avast self protection module is enabled. For this reason, the operation cannot be completed. To complete the operation, either run this program from Window Safe Mode, or disable the Avast self protection (Via settings / Troubleshooting page). Je fais quoi ?

Falkra mon sauveur Effectivement je sens que mon ordi va beaucoup mieux ! Plus de pages de pub qui s'ouvrent sans arrêt, ça fait du bien ! Mes mises à jour qui étaient désactivées sont réactivées. Antivir, par contre, j'ai toujours pas compris comment le remettre en route Je te poste le rapport HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:20:19, on 20/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\acer\epm\epm-dm.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hercules\WiFi Station\WifiStation.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB002" /M "Stylus C86" O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB002" /M "Stylus C66" O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64" O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: WiFi Station.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- End of file - 6390 bytes

Bonjour Falkra, J'ai ici le rapport de Combo Fix. J'ai eu 5 minutes de doute car il ne voulait pas s'exécuter et m'affichait un message "Date Error, check your settings". Après traduction, j'ai vérifié la date de mon ordi et tout s'est arrangé ComboFix 08-07-19.1 - sentier nature 2008-07-20 11:29:10.1 - FAT32x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.206 [GMT 2:00] Endroit: C:\Documents and Settings\sentier nature\Bureau\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\sentier nature\Menu Démarrer\Programmes\Antivirus 2008 PRO C:\WINDOWS\system32\aajhrdpm.ini C:\WINDOWS\system32\bvtkjnob.ini C:\WINDOWS\system32\hycjsrxs.ini C:\WINDOWS\system32\jfuafobv.ini C:\WINDOWS\system32\kpaigpbs.ini C:\WINDOWS\system32\lfigndqu.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mcrmuhvu.ini C:\WINDOWS\system32\ogvgxevb.dll C:\WINDOWS\system32\opnolMCr.dll C:\WINDOWS\system32\peobvpqx.ini C:\WINDOWS\system32\pwwvlmdh.ini C:\WINDOWS\system32\qtccqool.dll C:\WINDOWS\system32\quhckoug.ini C:\WINDOWS\system32\tnclolko.ini C:\WINDOWS\system32\tuvVOGyw.dll C:\WINDOWS\system32\wntnjx.dll C:\WINDOWS\system32\wrotclxe.ini C:\WINDOWS\system32\wyGOVvut.ini . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-20 to 2008-07-20 )))))))))))))))))))))))))))))))))))) . 2008-07-14 13:31 . 2008-07-14 13:31 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-14 13:31 . 2008-07-14 13:31 <REP> d-------- C:\Documents and Settings\sentier nature\Application Data\Malwarebytes 2008-07-14 13:31 . 2008-07-14 13:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-14 13:31 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-07-14 13:31 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-11 11:18 . 2008-07-11 11:18 <REP> d-------- C:\Lop SD 2008-07-10 23:54 . 2008-07-10 23:54 <REP> d-------- C:\Program Files\Navilog1 2008-07-03 12:59 . 2008-03-29 22:59 33,224 --a------ C:\a 2008-07-03 12:33 . 2008-07-03 12:33 <REP> d-------- C:\Program Files\Enigma Software Group 2008-06-22 21:02 . 2004-09-20 11:09 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2008-06-22 21:02 . 2004-09-20 11:09 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-06-22 21:02 . 2004-09-20 11:09 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles 2008-06-22 21:02 . 2004-09-20 19:10 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents 2008-06-22 21:02 . 2004-09-20 11:09 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2008-06-22 21:02 . 2004-09-20 19:10 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris 2008-06-22 21:02 . 2004-09-20 11:09 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2008-06-22 21:02 . 2008-06-22 21:02 <REP> d-------- C:\Documents and Settings\Administrateur 2008-06-22 20:55 . 2008-06-22 20:55 <REP> d--hs---- C:\FOUND.000 2008-06-22 20:17 . 2008-06-22 20:17 <REP> d-------- C:\Program Files\Avira 2008-06-22 15:49 . 2008-06-22 15:49 <REP> d-------- C:\Program Files\Avira(2) . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-10 15:21 4,566 ----a-w C:\WINDOWS\system32\tmp.reg 2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "epm-dm"="c:\acer\epm\epm-dm.exe" [2004-07-14 14:19 151552] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-20 19:57 98304] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-20 19:57 532480] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-21 11:52 40960] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-03-20 14:11 26112] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392] "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2004-07-30 11:30 319488] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 05:00 208952] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-02-11 01:55 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-02-11 01:51 118784] "EPSON Stylus C86 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE" [2003-11-25 05:00 99840] "EPSON Stylus C66 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE" [2003-11-26 09:00 99840] "EPSON Stylus C64 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 05:08 99840] "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2004-09-01 17:38 2876416] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 05:00 110592 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\System32\\java.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R1 SMBHC;Pilote de contrôleur hôte du bus de gestion du système Microsoft;C:\WINDOWS\system32\DRIVERS\SMBHC.sys [2001-08-17 21:57] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2004-08-14 20:59] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2004-06-01 11:50] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2004-06-01 11:50] R3 IPN2220;acer IPN2220 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys [2004-03-30 08:23] R3 SMBBATT;Pilote de batterie intelligente Microsoft;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys [2004-08-03 23:07] S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 05:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{366efef0-7ed2-11db-9b2d-00c09f843bc1}] \Shell\AutoRun\command - setupSNK.exe . - - - - ORPHANS REMOVED - - - - HKCU-Run-gufyjtgj - C:\WINDOWS\system32\eduxyjet.exe HKLM-Explorer_Run-1A1ktngkj5 - C:\Documents and Settings\All Users\Application Data\uzifcbmv\mdolevob.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-20 11:32:34 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE C:\ACER\EMANAGER\ANBMSERV.EXE C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\PROGRAM FILES\HERCULES\WIFI STATION\WIFISTATION.EXE C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\READER_SL.EXE . ************************************************************************** . Temps d'accomplissement: 2008-07-20 11:33:54 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-20 09:33:52 Pre-Run: 11,182,473,216 octets libres Post-Run: 11,784,093,696 octets libres 142 --- E O F --- 2008-06-17 14:43:50

Salut Falkra ! Bon ben ça me rassure d'entendre que mon ordi va mieux... Voici le rapport HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:04:55, on 16/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\acer\epm\epm-dm.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hercules\WiFi Station\WifiStation.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: {bad3a609-c6db-69db-6584-39104bf2dcf7} - {7fcd2fb4-0193-4856-bd96-bd6c906a3dab} - C:\WINDOWS\system32\wntnjx.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB002" /M "Stylus C86" O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB002" /M "Stylus C66" O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64" O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [gufyjtgj] C:\WINDOWS\system32\eduxyjet.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe O4 - HKLM\..\Policies\Explorer\Run: [1A1ktngkj5] C:\Documents and Settings\All Users\Application Data\uzifcbmv\mdolevob.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: WiFi Station.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- End of file - 6515 bytes

Salut Falkra , Je t'envoie le rapport (éloquent !) de Malwarebytes et j'attends la suite Malwarebytes' Anti-Malware 1.20 Version de la base de données: 960 Windows 5.1.2600 Service Pack 2 13:45:32 14/07/2008 mbam-log-7-14-2008 (13-45-32).txt Type de recherche: Examen rapide Eléments examinés: 48906 Temps écoulé: 4 minute(s), 48 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 3 Clé(s) du Registre infectée(s): 20 Valeur(s) du Registre infectée(s): 3 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 4 Fichier(s) infecté(s): 31 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\tuvVOGyw.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\ogvgxevb.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\opnolMCr.dll (Trojan.Vundo) -> Unloaded module successfully. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3f113f5e-db47-42e5-8d86-a0a00bd8c1c0} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{3f113f5e-db47-42e5-8d86-a0a00bd8c1c0} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{84aa61c2-a977-4fd8-9e2f-c768f0387572} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84aa61c2-a977-4fd8-9e2f-c768f0387572} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnolmcr (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\qvdntlmw.befq (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\qvdntlmw.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0250b459-0f71-48f6-9784-cb7f2c338a0a} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{573d3df2-27cd-450c-b8e1-e055ad084307} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{2aec1dbc-9b63-4d34-ae5c-7c646abbb9a0} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\antivirus 2008 pro (Rogue.Antivirus2008) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c4c6922e-e06f-4ec1-89af-3f8ece0122f4} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\320d18a1 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{84aa61c2-a977-4fd8-9e2f-c768f0387572} (Trojan.Vundo) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvvogyw -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvvogyw -> Delete on reboot. Dossier(s) infecté(s): C:\Program Files\SystemDefender (Rogue.SystemDefender) -> Quarantined and deleted successfully. C:\Program Files\Antivirus 2008 PRO (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Program Files\Antivirus 2008 PRO\Suspicious (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Program Files\Antivirus 2008 PRO\Infected (Rogue.Antivirus2008) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\WINDOWS\system32\tuvVOGyw.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\wyGOVvut.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wyGOVvut.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qpxrrrmq.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qmrrrxpq.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dgvrjiju.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ujijrvgd.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ogvgxevb.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\bvexgvgo.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\opnolMCr.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\edla.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tisffinn.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\idtdgayd.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bgdmgz.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fnukrl.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sbhxjxgm.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bukahr.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ropkkvpd.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xizxwg.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Program Files\Antivirus 2008 PRO\zlib.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Program Files\Antivirus 2008 PRO\vscan.tsi (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\fmsxwqs.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\altvxvm.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\dwnrpofk.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\xvorfwbd.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\wpvmqosg.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\vrmdtneg.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\ksendlbtrkd.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Et le rapport Hijackthis. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:21:41, on 11/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\wscntfy.exe C:\acer\epm\epm-dm.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hercules\WiFi Station\WifiStation.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB002" /M "Stylus C86" O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB002" /M "Stylus C66" O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64" O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\qpxrrrmq.dll",b O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [gufyjtgj] C:\WINDOWS\system32\eduxyjet.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe O4 - HKLM\..\Policies\Explorer\Run: [1A1ktngkj5] C:\Documents and Settings\All Users\Application Data\uzifcbmv\mdolevob.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: WiFi Station.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://xscanner.spyshredderscanner.com/setup/webinst_fr.cab O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- End of file - 6353 bytes

Salut Falkra, je t'envoie le premier rapport tout frais tout chaud : -----------------------[ Lop S&D 4.2.2-1 XP/Vista ]--------------------- [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ] [ USER : sentier nature ] [ "C:\Lop SD" ] [ Selection : 2 ] [ 11/07/2008 | 12:13:06,41 ] [ PC : ACER-86ABAAF10A ] [ MAJ : 09-07-2008 | 21:02 ] \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION ///////////////////////////// Supprime! - C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@adultfriendfinder[2].txt Supprime! - C:\DOCUME~1\SENTIE~1\Cookies\sentier [email protected][1].txt Supprime! - C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@bigpoint[2].txt Supprime! - C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@bigpoint[3].txt Supprime! - C:\DOCUME~1\SENTIE~1\Cookies\sentier [email protected][1].txt Supprime! - C:\DOCUME~1\SENTIE~1\Cookies\sentier [email protected][2].txt Supprime! - C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@cotedazurpalace[1].txt Supprime! - C:\DOCUME~1\SENTIE~1\Cookies\sentier [email protected][3].txt Supprime! - C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@cotedazurpalace[2].txt Supprime! - C:\DOCUME~1\SENTIE~1\Cookies\sentier [email protected][1].txt Supprime! - C:\DOCUME~1\SENTIE~1\Cookies\sentier [email protected][1].txt Supprime! - C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@partypoker[1].txt Supprime! - C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@888[1].txt Supprime! - C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@888[3].txt Supprime! - C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@888[2].txt //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ -------------[ Listing des dossiers dans APPLIC~1 ]------------ [20/09/2004|11:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini [20/09/2004|11:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities [20/09/2004|11:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [29/03/2008|19:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\addr_file.html [21/03/2008|21:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [29/03/2008|19:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira [20/09/2004|11:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink [20/09/2004|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini [26/03/2007|21:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JARDIN8 [20/09/2004|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [25/04/2005|20:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec [24/03/2008|13:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\uzifcbmv [20/09/2004|11:09] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [15/02/2008|16:38] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec [20/09/2004|11:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [20/03/2006|14:08] C:\DOCUME~1\SENTIE~1\APPLIC~1\Adobe [28/11/2006|12:07] C:\DOCUME~1\SENTIE~1\APPLIC~1\AdobeUM [05/03/2008|19:13] C:\DOCUME~1\SENTIE~1\APPLIC~1\Cabos [18/03/2008|22:24] C:\DOCUME~1\SENTIE~1\APPLIC~1\Cabos.plist [22/05/2005|22:37] C:\DOCUME~1\SENTIE~1\APPLIC~1\CyberLink [20/09/2004|11:09] C:\DOCUME~1\SENTIE~1\APPLIC~1\desktop.ini [02/03/2008|13:08] C:\DOCUME~1\SENTIE~1\APPLIC~1\dvdcss [07/05/2005|17:04] C:\DOCUME~1\SENTIE~1\APPLIC~1\Help [20/09/2004|11:23] C:\DOCUME~1\SENTIE~1\APPLIC~1\Identities [27/02/2008|09:38] C:\DOCUME~1\SENTIE~1\APPLIC~1\InstallShield [18/03/2008|21:36] C:\DOCUME~1\SENTIE~1\APPLIC~1\LimeWire [15/02/2008|17:30] C:\DOCUME~1\SENTIE~1\APPLIC~1\Macromedia [20/09/2004|11:09] C:\DOCUME~1\SENTIE~1\APPLIC~1\Microsoft [17/03/2008|18:44] C:\DOCUME~1\SENTIE~1\APPLIC~1\Sun [25/04/2005|20:41] C:\DOCUME~1\SENTIE~1\APPLIC~1\Symantec [24/03/2006|12:08] C:\DOCUME~1\SENTIE~1\APPLIC~1\vlc [20/09/2004|11:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini [20/09/2004|11:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities [20/09/2004|11:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]--------------- [11/07/2008 11:00][--ah-----] C:\WINDOWS\tasks\SA.DAT [05/08/2004 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini ---------------[ Listing des dossiers dans C:\Program Files ]-------------- [20/09/2004|11:28] C:\Program Files\Acer Inc [20/09/2004|11:32] C:\Program Files\Adobe [28/02/2008|19:51] C:\Program Files\Alwil Software [22/06/2008|20:17] C:\Program Files\Antivirus 2008 PRO [26/03/2007|21:06] C:\Program Files\Anuman Interactive [22/06/2008|20:17] C:\Program Files\Avira [22/06/2008|15:49] C:\Program Files\Avira(2) [12/07/2005|10:11] C:\Program Files\Common Files [20/09/2004|11:14] C:\Program Files\ComPlus Applications [20/09/2004|11:25] C:\Program Files\CONEXANT [20/09/2004|11:30] C:\Program Files\CyberLink [03/09/2005|18:41] C:\Program Files\EA Games [03/07/2008|12:33] C:\Program Files\Enigma Software Group [16/05/2005|15:23] C:\Program Files\EPSON [20/09/2004|11:09] C:\Program Files\Fichiers communs [08/06/2005|20:21] C:\Program Files\GameSpy Arcade [16/02/2008|20:27] C:\Program Files\Gpotato.eu [27/02/2008|09:38] C:\Program Files\Hercules [20/09/2004|11:21] C:\Program Files\InstallShield Installation Information [20/09/2004|11:22] C:\Program Files\Intel [20/09/2004|11:15] C:\Program Files\Internet Explorer [11/01/1988|22:30] C:\Program Files\Inventel [26/03/2007|21:11] C:\Program Files\Jardin [05/03/2008|19:12] C:\Program Files\Java [25/04/2005|20:33] C:\Program Files\Launch Manager [18/03/2008|21:35] C:\Program Files\LimeWire [20/09/2004|11:14] C:\Program Files\Messenger [20/09/2004|11:17] C:\Program Files\microsoft frontpage [25/04/2005|20:49] C:\Program Files\Microsoft Office [25/04/2005|21:00] C:\Program Files\Microsoft Plus! [25/04/2005|20:51] C:\Program Files\Microsoft Visual Studio [25/04/2005|20:52] C:\Program Files\Microsoft Works [25/04/2005|20:53] C:\Program Files\Microsoft.NET [20/09/2004|11:15] C:\Program Files\Movie Maker [20/09/2004|11:14] C:\Program Files\MSN [20/09/2004|11:14] C:\Program Files\MSN Gaming Zone [10/07/2008|23:54] C:\Program Files\Navilog1 [20/09/2004|11:15] C:\Program Files\NetMeeting [20/03/2006|14:10] C:\Program Files\Netscape [15/02/2008|16:38] C:\Program Files\Neuf [20/09/2004|11:31] C:\Program Files\NewTech Infosystems [20/09/2004|11:14] C:\Program Files\Online Services [20/09/2004|11:15] C:\Program Files\Outlook Express [20/03/2006|14:11] C:\Program Files\Real [20/09/2004|11:15] C:\Program Files\Services en ligne [20/09/2004|11:27] C:\Program Files\Synaptics [24/06/2008|13:28] C:\Program Files\SystemDefender [03/06/2006|19:22] C:\Program Files\THQ [26/03/2008|19:50] C:\Program Files\Trend Micro [20/09/2004|11:23] C:\Program Files\Uninstall Information [24/03/2006|12:08] C:\Program Files\VideoLAN [29/04/2005|00:33] C:\Program Files\Warcraft III [20/09/2004|11:14] C:\Program Files\Windows Media Player [20/09/2004|11:14] C:\Program Files\Windows NT [20/09/2004|11:15] C:\Program Files\WindowsUpdate [20/09/2004|11:17] C:\Program Files\xerox ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------ [20/03/2006|14:08] C:\Program Files\Fichiers communs\Adobe [25/04/2005|20:52] C:\Program Files\Fichiers communs\DESIGNER [05/09/2005|12:00] C:\Program Files\Fichiers communs\EPSON [20/09/2004|11:21] C:\Program Files\Fichiers communs\InstallShield [05/03/2008|19:12] C:\Program Files\Fichiers communs\Java [20/09/2004|11:09] C:\Program Files\Fichiers communs\Microsoft Shared [20/09/2004|11:15] C:\Program Files\Fichiers communs\MSSoap [20/09/2004|11:09] C:\Program Files\Fichiers communs\ODBC [20/03/2006|14:11] C:\Program Files\Fichiers communs\Real [20/09/2004|11:15] C:\Program Files\Fichiers communs\Services [20/09/2004|11:09] C:\Program Files\Fichiers communs\SpeechEngines [20/09/2004|11:15] C:\Program Files\Fichiers communs\System ---------------------------[ Process ]-------------------------- ... 40 ... OK ! ----------------------[ Recherche avec S_Lop ]--------------------- Aucun fichier / dossier Lop trouvé ! -----------------[ Recherche de Fichiers / Dossiers Lop ]----------------- C:\DOCUME~1\SENTIE~1\Cookies\sentier [email protected][2].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier [email protected][1].txt ----------------------[ Verification du Registre ]---------------------- ..... OK ! --------------------[ Verification du fichier Hosts ]--------------------- Fichier Hosts PROPRE ----------------[ Recherche de fichiers avec Catchme ]----------------- catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-11 12:15:01 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------[ Recherche d'autres infections ]--------------------- C:\WINDOWS\system32\wyGOVvut.ini2 C:\WINDOWS\system32\wyGOVvut.ini ! VUNDO Possible ! [F:2][D:1]-> C:\DOCUME~1\SENTIE~1\LOCALS~1\Temp [F:689][D:0]-> C:\DOCUME~1\SENTIE~1\Cookies [F:7679][D:20]-> C:\DOCUME~1\SENTIE~1\LOCALS~1\TEMPOR~1\content.IE5 [F:27][D:1]-> C:\Recycled --------------------[ Fin du rapport a 12:15:31,08 ]---------------------- Et le rapport Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:21:41, on 11/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\wscntfy.exe C:\acer\epm\epm-dm.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hercules\WiFi Station\WifiStation.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB002" /M "Stylus C86" O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB002" /M "Stylus C66" O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64" O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\qpxrrrmq.dll",b O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [gufyjtgj] C:\WINDOWS\system32\eduxyjet.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe O4 - HKLM\..\Policies\Explorer\Run: [1A1ktngkj5] C:\Documents and Settings\All Users\Application Data\uzifcbmv\mdolevob.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: WiFi Station.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://xscanner.spyshredderscanner.com/setup/webinst_fr.cab O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- End of file - 6353 bytes

Falkra, voici le rapport Lop S&D. En voulant désactiver antivir, j'ai eu la surprise de voir qu'il était déjà désactivé et qu'il m'est impossible de le réactiver... J'y comprends rien. -----------------------[ Lop S&D 4.2.2-1 XP/Vista ]--------------------- [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ] [ USER : sentier nature ] [ "C:\Lop SD" ] [ Selection : 1 ] [ 11/07/2008 | 11:18:40,41 ] [ PC : ACER-86ABAAF10A ] [ MAJ : 09-07-2008 | 21:02 ] -------------[ Listing des dossiers dans Application Data ]------------ [20/09/2004|11:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini [20/09/2004|11:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities [20/09/2004|11:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [29/03/2008|19:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\addr_file.html [21/03/2008|21:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [29/03/2008|19:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira [20/09/2004|11:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink [20/09/2004|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini [26/03/2007|21:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JARDIN8 [20/09/2004|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [25/04/2005|20:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec [24/03/2008|13:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\uzifcbmv [20/09/2004|11:09] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [15/02/2008|16:38] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec [20/09/2004|11:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [20/03/2006|14:08] C:\DOCUME~1\SENTIE~1\APPLIC~1\Adobe [28/11/2006|12:07] C:\DOCUME~1\SENTIE~1\APPLIC~1\AdobeUM [05/03/2008|19:13] C:\DOCUME~1\SENTIE~1\APPLIC~1\Cabos [18/03/2008|22:24] C:\DOCUME~1\SENTIE~1\APPLIC~1\Cabos.plist [22/05/2005|22:37] C:\DOCUME~1\SENTIE~1\APPLIC~1\CyberLink [20/09/2004|11:09] C:\DOCUME~1\SENTIE~1\APPLIC~1\desktop.ini [02/03/2008|13:08] C:\DOCUME~1\SENTIE~1\APPLIC~1\dvdcss [07/05/2005|17:04] C:\DOCUME~1\SENTIE~1\APPLIC~1\Help [20/09/2004|11:23] C:\DOCUME~1\SENTIE~1\APPLIC~1\Identities [27/02/2008|09:38] C:\DOCUME~1\SENTIE~1\APPLIC~1\InstallShield [18/03/2008|21:36] C:\DOCUME~1\SENTIE~1\APPLIC~1\LimeWire [15/02/2008|17:30] C:\DOCUME~1\SENTIE~1\APPLIC~1\Macromedia [20/09/2004|11:09] C:\DOCUME~1\SENTIE~1\APPLIC~1\Microsoft [17/03/2008|18:44] C:\DOCUME~1\SENTIE~1\APPLIC~1\Sun [25/04/2005|20:41] C:\DOCUME~1\SENTIE~1\APPLIC~1\Symantec [24/03/2006|12:08] C:\DOCUME~1\SENTIE~1\APPLIC~1\vlc [20/09/2004|11:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini [20/09/2004|11:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities [20/09/2004|11:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]--------------- [11/07/2008 11:00][--ah-----] C:\WINDOWS\tasks\SA.DAT [05/08/2004 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini ---------------[ Listing des dossiers dans C:\Program Files ]-------------- [20/09/2004|11:28] C:\Program Files\Acer Inc [20/09/2004|11:32] C:\Program Files\Adobe [28/02/2008|19:51] C:\Program Files\Alwil Software [22/06/2008|20:17] C:\Program Files\Antivirus 2008 PRO [26/03/2007|21:06] C:\Program Files\Anuman Interactive [22/06/2008|20:17] C:\Program Files\Avira [22/06/2008|15:49] C:\Program Files\Avira(2) [12/07/2005|10:11] C:\Program Files\Common Files [20/09/2004|11:14] C:\Program Files\ComPlus Applications [20/09/2004|11:25] C:\Program Files\CONEXANT [20/09/2004|11:30] C:\Program Files\CyberLink [03/09/2005|18:41] C:\Program Files\EA Games [03/07/2008|12:33] C:\Program Files\Enigma Software Group [16/05/2005|15:23] C:\Program Files\EPSON [20/09/2004|11:09] C:\Program Files\Fichiers communs [08/06/2005|20:21] C:\Program Files\GameSpy Arcade [16/02/2008|20:27] C:\Program Files\Gpotato.eu [27/02/2008|09:38] C:\Program Files\Hercules [20/09/2004|11:21] C:\Program Files\InstallShield Installation Information [20/09/2004|11:22] C:\Program Files\Intel [20/09/2004|11:15] C:\Program Files\Internet Explorer [11/01/1988|22:30] C:\Program Files\Inventel [26/03/2007|21:11] C:\Program Files\Jardin [05/03/2008|19:12] C:\Program Files\Java [25/04/2005|20:33] C:\Program Files\Launch Manager [18/03/2008|21:35] C:\Program Files\LimeWire [20/09/2004|11:14] C:\Program Files\Messenger [20/09/2004|11:17] C:\Program Files\microsoft frontpage [25/04/2005|20:49] C:\Program Files\Microsoft Office [25/04/2005|21:00] C:\Program Files\Microsoft Plus! [25/04/2005|20:51] C:\Program Files\Microsoft Visual Studio [25/04/2005|20:52] C:\Program Files\Microsoft Works [25/04/2005|20:53] C:\Program Files\Microsoft.NET [20/09/2004|11:15] C:\Program Files\Movie Maker [20/09/2004|11:14] C:\Program Files\MSN [20/09/2004|11:14] C:\Program Files\MSN Gaming Zone [10/07/2008|23:54] C:\Program Files\Navilog1 [20/09/2004|11:15] C:\Program Files\NetMeeting [20/03/2006|14:10] C:\Program Files\Netscape [15/02/2008|16:38] C:\Program Files\Neuf [20/09/2004|11:31] C:\Program Files\NewTech Infosystems [20/09/2004|11:14] C:\Program Files\Online Services [20/09/2004|11:15] C:\Program Files\Outlook Express [20/03/2006|14:11] C:\Program Files\Real [20/09/2004|11:15] C:\Program Files\Services en ligne [20/09/2004|11:27] C:\Program Files\Synaptics [24/06/2008|13:28] C:\Program Files\SystemDefender [03/06/2006|19:22] C:\Program Files\THQ [26/03/2008|19:50] C:\Program Files\Trend Micro [20/09/2004|11:23] C:\Program Files\Uninstall Information [24/03/2006|12:08] C:\Program Files\VideoLAN [29/04/2005|00:33] C:\Program Files\Warcraft III [20/09/2004|11:14] C:\Program Files\Windows Media Player [20/09/2004|11:14] C:\Program Files\Windows NT [20/09/2004|11:15] C:\Program Files\WindowsUpdate [20/09/2004|11:17] C:\Program Files\xerox ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------ [20/03/2006|14:08] C:\Program Files\Fichiers communs\Adobe [25/04/2005|20:52] C:\Program Files\Fichiers communs\DESIGNER [05/09/2005|12:00] C:\Program Files\Fichiers communs\EPSON [20/09/2004|11:21] C:\Program Files\Fichiers communs\InstallShield [05/03/2008|19:12] C:\Program Files\Fichiers communs\Java [20/09/2004|11:09] C:\Program Files\Fichiers communs\Microsoft Shared [20/09/2004|11:15] C:\Program Files\Fichiers communs\MSSoap [20/09/2004|11:09] C:\Program Files\Fichiers communs\ODBC [20/03/2006|14:11] C:\Program Files\Fichiers communs\Real [20/09/2004|11:15] C:\Program Files\Fichiers communs\Services [20/09/2004|11:09] C:\Program Files\Fichiers communs\SpeechEngines [20/09/2004|11:15] C:\Program Files\Fichiers communs\System ---------------------------[ Process ]-------------------------- ... 42 IEXPLORE.EXE ~ [3960] ----------------------[ Recherche avec S_Lop ]--------------------- Aucun fichier / dossier Lop trouvé ! -----------------[ Recherche de Fichiers / Dossiers Lop ]----------------- C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@adultfriendfinder[2].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier [email protected][1].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@bigpoint[2].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@bigpoint[3].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier [email protected][1].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier [email protected][1].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier [email protected][2].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier [email protected][2].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@cotedazurpalace[1].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier [email protected][3].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@cotedazurpalace[2].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier [email protected][1].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier [email protected][1].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@partypoker[1].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@888[1].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@888[3].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@888[2].txt ----------------------[ Verification du Registre ]---------------------- ..... OK ! --------------------[ Verification du fichier Hosts ]--------------------- Fichier Hosts PROPRE ----------------[ Recherche de fichiers avec Catchme ]----------------- catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-11 11:20:34 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------[ Recherche d'autres infections ]--------------------- C:\WINDOWS\system32\wyGOVvut.ini2 C:\WINDOWS\system32\wyGOVvut.ini ! VUNDO Possible ! [F:1][D:1]-> C:\DOCUME~1\SENTIE~1\LOCALS~1\Temp [F:703][D:0]-> C:\DOCUME~1\SENTIE~1\Cookies [F:7630][D:20]-> C:\DOCUME~1\SENTIE~1\LOCALS~1\TEMPOR~1\content.IE5 [F:25][D:1]-> C:\Recycled --------------------[ Fin du rapport a 11:21:07,02 ]----------------------