GREGO

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:48:27, on 12/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Documents and Settings\MAISON\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe C:\Documents and Settings\MAISON\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\MAISON\Bureau\Antivirus\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\MAISON\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe O4 - Global Startup: Logiciel de Synchronisation Orange.lnk = ? O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207945939380 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207947569712 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- End of file - 6064 bytes

File/Folder C:\WINDOWS\system32\klghexct.exe not found. C:\WINDOWS\system32\bmxubqrc.exe moved successfully. C:\WINDOWS\system32\jkhgnczo.exe moved successfully. C:\Program Files\vvfrauf\gencmd.dll unregistered successfully. C:\Program Files\vvfrauf\gencmd.dll moved successfully. File/Folder C:\Documents and Settings\All Users\Application Data\mjgjetmb\exsliteb.exe not found. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08122008_223550

Le fichier a supprimer n'existe pas: C:\Documents and Settings\All Users\Application Data\mjgjetmb J'ai réussi a fixer la ligne 4

Comment "fixer" la ligne 4?

Je n'ai rien fait pour l'instant.

Voici le résultat Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:59:07, on 12/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\jkhgnczo.exe C:\Program Files\eMule\emule.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Documents and Settings\MAISON\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe C:\Documents and Settings\MAISON\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\MAISON\Bureau\Antivirus\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [actshcom] C:\WINDOWS\system32\klghexct.exe O4 - HKCU\..\Run: [gensrvweb] C:\WINDOWS\system32\bmxubqrc.exe O4 - HKCU\..\Run: [cfgstr] C:\WINDOWS\system32\jkhgnczo.exe O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart O4 - HKLM\..\Policies\Explorer\Run: [xzWdY96kaI] C:\Documents and Settings\All Users\Application Data\mjgjetmb\exsliteb.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\MAISON\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe O4 - Global Startup: Logiciel de Synchronisation Orange.lnk = ? O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207945939380 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207947569712 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab O21 - SSODL: gencmd - {69F6484F-92F9-A0BD-FE6D-050AB30F103D} - C:\Program Files\vvfrauf\gencmd.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6413 bytes

Bonjour, Je suis de retour. Peux-t-on continuer? Merci

Résultat deMalwarebyte: Malwarebytes' Anti-Malware 1.24 Version de la base de données: 1043 Windows 5.1.2600 Service Pack 2 02:49:23 12/08/2008 mbam-log-8-12-2008 (02-49-23).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 68623 Temps écoulé: 57 minute(s), 10 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Résultat HIJACKTHIS Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:51:48, on 12/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\bmxubqrc.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Documents and Settings\MAISON\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe C:\Documents and Settings\MAISON\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe c:\program files\avira\antivir personaledition classic\avcenter.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\SearchProtocolHost.exe C:\DOCUME~1\MAISON\Bureau\Antivirus\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [actshcom] C:\WINDOWS\system32\klghexct.exe O4 - HKCU\..\Run: [gensrvweb] C:\WINDOWS\system32\bmxubqrc.exe O4 - HKCU\..\Run: [cfgstr] C:\WINDOWS\system32\jkhgnczo.exe O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart O4 - HKLM\..\Policies\Explorer\Run: [xzWdY96kaI] C:\Documents and Settings\All Users\Application Data\mjgjetmb\exsliteb.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\MAISON\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe O4 - Global Startup: Logiciel de Synchronisation Orange.lnk = ? O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207945939380 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207947569712 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab O21 - SSODL: gencmd - {69F6484F-92F9-A0BD-FE6D-050AB30F103D} - C:\Program Files\vvfrauf\gencmd.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6648 bytes jE PROPOSE DE POUSUIVRE DEMAIN CAR IL SE FAIT TARD; A+

Résultat option 2: --------------------\\ Lop S&D 4.2.2-6 XP/Vista [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ] [ USER : MAISON ] [ "C:\Lop SD" ] [ Selection : 2 ] [ 12/08/2008 | 1:20:01,36 ] [ PC : LALOUX-CXJBTID5 ] [ MAJ : 09-08-2008 | 21:15 ] \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION ///////////////////////////// RestaurÚ! - Fichier Hosts //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Listing des dossiers dans APPLIC~1 [20/04/2008|22:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [10/08/2008|19:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira [11/04/2008|20:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini [02/05/2008|13:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM [02/05/2008|12:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail [10/08/2008|18:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier [10/08/2008|15:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes [20/04/2008|15:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [19/07/2008|00:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help [11/08/2008|20:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\mjgjetmb [18/04/2008|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skyline [10/08/2008|15:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy [26/04/2008|23:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software [11/04/2008|22:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [15/04/2008|10:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller [11/04/2008|20:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini [11/04/2008|22:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [20/04/2008|13:05] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [20/04/2008|23:03] C:\DOCUME~1\MAISON\APPLIC~1\Adobe [11/04/2008|20:52] C:\DOCUME~1\MAISON\APPLIC~1\desktop.ini [21/04/2008|21:29] C:\DOCUME~1\MAISON\APPLIC~1\Help [11/04/2008|22:16] C:\DOCUME~1\MAISON\APPLIC~1\Identities [11/04/2008|23:25] C:\DOCUME~1\MAISON\APPLIC~1\Macromedia [10/08/2008|15:39] C:\DOCUME~1\MAISON\APPLIC~1\Malwarebytes [13/04/2008|23:36] C:\DOCUME~1\MAISON\APPLIC~1\Media Player Classic [05/06/2008|18:35] C:\DOCUME~1\MAISON\APPLIC~1\Microsoft [26/04/2008|23:21] C:\DOCUME~1\MAISON\APPLIC~1\TuneUp Software [26/05/2008|00:38] C:\DOCUME~1\MAISON\APPLIC~1\Voxmobili [12/04/2008|11:26] C:\DOCUME~1\MAISON\APPLIC~1\Windows Desktop Search [11/04/2008|23:34] C:\DOCUME~1\MAISON\APPLIC~1\WinRAR [26/04/2008|21:32] C:\DOCUME~1\MAISON\APPLIC~1\wxMozze [15/04/2008|18:03] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [12/08/2008 01:00][--a------] C:\WINDOWS\tasks\Maintenance en 1 clic.job [11/08/2008 23:57][--ah-----] C:\WINDOWS\tasks\SA.DAT [07/09/2002 02:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing des dossiers dans C:\Program Files [20/04/2008|22:50] C:\Program Files\Adobe [11/04/2008|23:13] C:\Program Files\Alwil Software [14/04/2008|19:57] C:\Program Files\ATI Technologies [10/08/2008|19:12] C:\Program Files\Avira [10/08/2008|15:34] C:\Program Files\CCleaner [11/04/2008|22:00] C:\Program Files\ComPlus Applications [14/04/2008|18:25] C:\Program Files\CONEXANT [11/08/2008|23:59] C:\Program Files\eMule [26/04/2008|21:31] C:\Program Files\Evermore [10/08/2008|18:19] C:\Program Files\Fichiers communs [26/05/2008|00:37] C:\Program Files\InstallShield Installation Information [13/06/2008|16:26] C:\Program Files\Internet Explorer [13/04/2008|23:32] C:\Program Files\K-Lite Codec Pack [10/08/2008|15:39] C:\Program Files\Malwarebytes' Anti-Malware [13/04/2008|23:16] C:\Program Files\MediaInfo [13/04/2008|03:22] C:\Program Files\Messenger [11/04/2008|22:05] C:\Program Files\microsoft frontpage [12/04/2008|10:24] C:\Program Files\Microsoft Office [12/04/2008|10:24] C:\Program Files\Microsoft Visual Studio [12/04/2008|10:24] C:\Program Files\Microsoft Works [12/04/2008|02:30] C:\Program Files\Movie Maker [12/04/2008|10:24] C:\Program Files\MSBuild [11/04/2008|22:00] C:\Program Files\MSN [11/04/2008|21:59] C:\Program Files\MSN Gaming Zone [12/04/2008|02:19] C:\Program Files\NetMeeting [28/06/2008|11:46] C:\Program Files\Neuf [26/05/2008|00:37] C:\Program Files\Orange [13/04/2008|03:22] C:\Program Files\Outlook Express [11/04/2008|22:00] C:\Program Files\Services en ligne [18/04/2008|17:39] C:\Program Files\Skyline [10/08/2008|11:04] C:\Program Files\Spybot - Search & Destroy [07/08/2008|18:43] C:\Program Files\TuneUp Utilities 2008 [11/04/2008|22:16] C:\Program Files\Uninstall Information [09/08/2008|23:40] C:\Program Files\vvfrauf [12/04/2008|11:24] C:\Program Files\Windows Desktop Search [22/04/2008|22:03] C:\Program Files\Windows Live [04/07/2008|11:59] C:\Program Files\Windows Live Safety Center [20/04/2008|12:58] C:\Program Files\Windows Media Connect 2 [20/04/2008|12:58] C:\Program Files\Windows Media Player [12/04/2008|02:19] C:\Program Files\Windows NT [11/04/2008|22:00] C:\Program Files\WindowsUpdate [11/04/2008|23:34] C:\Program Files\WinRAR [11/04/2008|22:05] C:\Program Files\xerox [10/08/2008|18:44] C:\Program Files\Zone Labs --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [20/04/2008|22:52] C:\Program Files\Fichiers communs\Adobe [12/04/2008|10:24] C:\Program Files\Fichiers communs\DESIGNER [26/05/2008|00:33] C:\Program Files\Fichiers communs\InstallShield [15/04/2008|10:45] C:\Program Files\Fichiers communs\Microsoft Shared [11/04/2008|22:01] C:\Program Files\Fichiers communs\MSSoap [11/04/2008|20:53] C:\Program Files\Fichiers communs\ODBC [11/04/2008|22:01] C:\Program Files\Fichiers communs\Services [11/04/2008|20:53] C:\Program Files\Fichiers communs\SpeechEngines [13/04/2008|03:22] C:\Program Files\Fichiers communs\System [15/04/2008|10:44] C:\Program Files\Fichiers communs\WindowsLiveInstaller [26/04/2008|23:19] C:\Program Files\Fichiers communs\Wise Installation Wizard --------------------\\ Process ( 33 Processus ) ... OK ! --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Verification du Registre ..... OK ! --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-12 01:25:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 2 --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. => C:\DOCUME~1\MAISON\Mes documents\T‚l‚charger\wINRAR\Winrar 3.71 Final Crack-Serial-Keygen.zip [F:61][D:8]-> C:\DOCUME~1\MAISON\LOCALS~1\Temp [F:68][D:0]-> C:\DOCUME~1\MAISON\Cookies [F:6986][D:9]-> C:\DOCUME~1\MAISON\LOCALS~1\TEMPOR~1\content.IE5 --------------------\\ Fin du rapport a 1:25:58,46 Je lance a nouveau Hijack Résultat HIJACKTHIS Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:29:13, on 12/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\bmxubqrc.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Documents and Settings\MAISON\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe C:\Documents and Settings\MAISON\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe c:\program files\avira\antivir personaledition classic\avcenter.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\MAISON\Bureau\Antivirus\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [actshcom] C:\WINDOWS\system32\klghexct.exe O4 - HKCU\..\Run: [gensrvweb] C:\WINDOWS\system32\bmxubqrc.exe O4 - HKCU\..\Run: [cfgstr] C:\WINDOWS\system32\jkhgnczo.exe O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart O4 - HKLM\..\Policies\Explorer\Run: [xzWdY96kaI] C:\Documents and Settings\All Users\Application Data\mjgjetmb\exsliteb.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\MAISON\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe O4 - Global Startup: Logiciel de Synchronisation Orange.lnk = ? O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207945939380 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207947569712 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab O21 - SSODL: gencmd - {69F6484F-92F9-A0BD-FE6D-050AB30F103D} - C:\Program Files\vvfrauf\gencmd.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6486 bytes

j'ai viré AVAST et travaille maintenant avec ANTIVIR. Résultat Option 1 --------------------\\ Lop S&D 4.2.2-6 XP/Vista [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ] [ USER : MAISON ] [ "C:\Lop SD" ] [ Selection : 1 ] [ 12/08/2008 | 1:12:32,60 ] [ PC : LALOUX-CXJBTID5 ] [ MAJ : 09-08-2008 | 21:15 ] --------------------\\ Listing des dossiers dans APPLIC~1 [20/04/2008|22:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [10/08/2008|19:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira [11/04/2008|20:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini [02/05/2008|13:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM [02/05/2008|12:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail [10/08/2008|18:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier [10/08/2008|15:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes [20/04/2008|15:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [19/07/2008|00:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help [11/08/2008|20:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\mjgjetmb [18/04/2008|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skyline [10/08/2008|15:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy [26/04/2008|23:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software [11/04/2008|22:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [15/04/2008|10:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller [11/04/2008|20:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini [11/04/2008|22:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [20/04/2008|13:05] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [20/04/2008|23:03] C:\DOCUME~1\MAISON\APPLIC~1\Adobe [11/04/2008|20:52] C:\DOCUME~1\MAISON\APPLIC~1\desktop.ini [21/04/2008|21:29] C:\DOCUME~1\MAISON\APPLIC~1\Help [11/04/2008|22:16] C:\DOCUME~1\MAISON\APPLIC~1\Identities [11/04/2008|23:25] C:\DOCUME~1\MAISON\APPLIC~1\Macromedia [10/08/2008|15:39] C:\DOCUME~1\MAISON\APPLIC~1\Malwarebytes [13/04/2008|23:36] C:\DOCUME~1\MAISON\APPLIC~1\Media Player Classic [05/06/2008|18:35] C:\DOCUME~1\MAISON\APPLIC~1\Microsoft [26/04/2008|23:21] C:\DOCUME~1\MAISON\APPLIC~1\TuneUp Software [26/05/2008|00:38] C:\DOCUME~1\MAISON\APPLIC~1\Voxmobili [12/04/2008|11:26] C:\DOCUME~1\MAISON\APPLIC~1\Windows Desktop Search [11/04/2008|23:34] C:\DOCUME~1\MAISON\APPLIC~1\WinRAR [26/04/2008|21:32] C:\DOCUME~1\MAISON\APPLIC~1\wxMozze [15/04/2008|18:03] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [12/08/2008 01:00][--a------] C:\WINDOWS\tasks\Maintenance en 1 clic.job [11/08/2008 23:57][--ah-----] C:\WINDOWS\tasks\SA.DAT [07/09/2002 02:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing des dossiers dans C:\Program Files [20/04/2008|22:50] C:\Program Files\Adobe [11/04/2008|23:13] C:\Program Files\Alwil Software [14/04/2008|19:57] C:\Program Files\ATI Technologies [10/08/2008|19:12] C:\Program Files\Avira [10/08/2008|15:34] C:\Program Files\CCleaner [11/04/2008|22:00] C:\Program Files\ComPlus Applications [14/04/2008|18:25] C:\Program Files\CONEXANT [11/08/2008|23:59] C:\Program Files\eMule [26/04/2008|21:31] C:\Program Files\Evermore [10/08/2008|18:19] C:\Program Files\Fichiers communs [26/05/2008|00:37] C:\Program Files\InstallShield Installation Information [13/06/2008|16:26] C:\Program Files\Internet Explorer [13/04/2008|23:32] C:\Program Files\K-Lite Codec Pack [10/08/2008|15:39] C:\Program Files\Malwarebytes' Anti-Malware [13/04/2008|23:16] C:\Program Files\MediaInfo [13/04/2008|03:22] C:\Program Files\Messenger [11/04/2008|22:05] C:\Program Files\microsoft frontpage [12/04/2008|10:24] C:\Program Files\Microsoft Office [12/04/2008|10:24] C:\Program Files\Microsoft Visual Studio [12/04/2008|10:24] C:\Program Files\Microsoft Works [12/04/2008|02:30] C:\Program Files\Movie Maker [12/04/2008|10:24] C:\Program Files\MSBuild [11/04/2008|22:00] C:\Program Files\MSN [11/04/2008|21:59] C:\Program Files\MSN Gaming Zone [12/04/2008|02:19] C:\Program Files\NetMeeting [28/06/2008|11:46] C:\Program Files\Neuf [26/05/2008|00:37] C:\Program Files\Orange [13/04/2008|03:22] C:\Program Files\Outlook Express [11/04/2008|22:00] C:\Program Files\Services en ligne [18/04/2008|17:39] C:\Program Files\Skyline [10/08/2008|11:04] C:\Program Files\Spybot - Search & Destroy [07/08/2008|18:43] C:\Program Files\TuneUp Utilities 2008 [11/04/2008|22:16] C:\Program Files\Uninstall Information [09/08/2008|23:40] C:\Program Files\vvfrauf [12/04/2008|11:24] C:\Program Files\Windows Desktop Search [22/04/2008|22:03] C:\Program Files\Windows Live [04/07/2008|11:59] C:\Program Files\Windows Live Safety Center [20/04/2008|12:58] C:\Program Files\Windows Media Connect 2 [20/04/2008|12:58] C:\Program Files\Windows Media Player [12/04/2008|02:19] C:\Program Files\Windows NT [11/04/2008|22:00] C:\Program Files\WindowsUpdate [11/04/2008|23:34] C:\Program Files\WinRAR [11/04/2008|22:05] C:\Program Files\xerox [10/08/2008|18:44] C:\Program Files\Zone Labs --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [20/04/2008|22:52] C:\Program Files\Fichiers communs\Adobe [12/04/2008|10:24] C:\Program Files\Fichiers communs\DESIGNER [26/05/2008|00:33] C:\Program Files\Fichiers communs\InstallShield [15/04/2008|10:45] C:\Program Files\Fichiers communs\Microsoft Shared [11/04/2008|22:01] C:\Program Files\Fichiers communs\MSSoap [11/04/2008|20:53] C:\Program Files\Fichiers communs\ODBC [11/04/2008|22:01] C:\Program Files\Fichiers communs\Services [11/04/2008|20:53] C:\Program Files\Fichiers communs\SpeechEngines [13/04/2008|03:22] C:\Program Files\Fichiers communs\System [15/04/2008|10:44] C:\Program Files\Fichiers communs\WindowsLiveInstaller [26/04/2008|23:19] C:\Program Files\Fichiers communs\Wise Installation Wizard --------------------\\ Process ( 36 Processus ) iexplore.exe ~ [2856] --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Verification du Registre ..... OK ! --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-12 01:15:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 2 --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. => C:\DOCUME~1\MAISON\Mes documents\T‚l‚charger\wINRAR\Winrar 3.71 Final Crack-Serial-Keygen.zip [F:61][D:8]-> C:\DOCUME~1\MAISON\LOCALS~1\Temp [F:68][D:0]-> C:\DOCUME~1\MAISON\Cookies [F:6973][D:9]-> C:\DOCUME~1\MAISON\LOCALS~1\TEMPOR~1\content.IE5 --------------------\\ Fin du rapport a 1:16:11,68 Je lance l'option 2 ...

voici le résultat: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:58:16, on 12/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\SearchIndexer.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\bmxubqrc.exe C:\Program Files\eMule\emule.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Documents and Settings\MAISON\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe C:\Documents and Settings\MAISON\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\MAISON\Bureau\Antivirus\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [actshcom] C:\WINDOWS\system32\klghexct.exe O4 - HKCU\..\Run: [gensrvweb] C:\WINDOWS\system32\bmxubqrc.exe O4 - HKCU\..\Run: [cfgstr] C:\WINDOWS\system32\jkhgnczo.exe O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart O4 - HKLM\..\Policies\Explorer\Run: [xzWdY96kaI] C:\Documents and Settings\All Users\Application Data\mjgjetmb\exsliteb.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\MAISON\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe O4 - Global Startup: Logiciel de Synchronisation Orange.lnk = ? O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207945939380 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207947569712 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab O21 - SSODL: gencmd - {69F6484F-92F9-A0BD-FE6D-050AB30F103D} - C:\Program Files\vvfrauf\gencmd.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7166 bytes

Je tente en vain de me défaire d'un virus. Il apparait sous le nom de ANTIVIRUS XP 2008. Le sujet a déjà été traité mais la solution semble individuel donc merci de m'aider.