jollyroger

Bonsoir, Si quelqu'un pouvait avoir la bonté d'analyser ces différents rapports, ça rendrait un grand service à mon ami Momo à qui je désinfecte la machine. Merci beaucoup, Rapport 1 Sdfix: SDFix: Version 1.219 Run by Momo on 27/08/2008 at 18:05 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\smdat32a.sys - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-27 18:15:43 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\SYSTEM32\\P2P Networking\\P2P Networking.exe"="C:\\WINDOWS\\SYSTEM32\\P2P Networking\\P2P Networking.exe:*:Enabled:P2P Networking" "C:\\Program Files\\eChanblard\\emule.exe"="C:\\Program Files\\eChanblard\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Wanadoo\\WOOBrowser\\WOOBrowser.exe"="C:\\Program Files\\Wanadoo\\WOOBrowser\\WOOBrowser.exe:*:Disabled:Navigateur Internet" "C:\\WINDOWS\\SYSTEM32\\rundll32.exe"="C:\\WINDOWS\\SYSTEM32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application" "C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"="C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\\Program Files\\Livecom\\Application\\eConfv4\\ftplayer.exe"="C:\\Program Files\\Livecom\\Application\\eConfv4\\ftplayer.exe:*:Enabled:eConf player" "C:\\Program Files\\4e Dimension\\4D.exe"="C:\\Program Files\\4e Dimension\\4D.exe:*:Enabled:4e Dimension" "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 10 Apr 2006 14 ..SH. --- "C:\WINDOWS\mswtpdxp.dll" Mon 24 Apr 2006 21 ..SH. --- "C:\WINDOWS\prwttrxp.dll" Fri 20 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe" Fri 20 Aug 2004 4,639 A.SH. --- "C:\Program Files\Windows Media Player\mplayer2.exe" Wed 11 Aug 2004 73,728 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe" Mon 10 Apr 2006 21 ..SH. --- "C:\WINDOWS\SYSTEM32\dpwttaxp.dll" Mon 10 Apr 2006 14 ..SH. --- "C:\WINDOWS\SYSTEM32\mswtpaxp.dll" Mon 24 Apr 2006 2 ..SH. --- "C:\WINDOWS\SYSTEM32\verwttxp.dll" Sat 24 Sep 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Tue 30 Nov 2004 163,840 A.SH. --- "C:\Documents and Settings\All Users\Documents\Mes images\100IMAGE\SIV43A.tmp" Tue 30 Nov 2004 163,840 A.SH. --- "C:\Documents and Settings\All Users\Documents\Mes images\2005\SIV43A.tmp" Tue 30 Nov 2004 163,840 A.SH. --- "C:\Documents and Settings\All Users\Documents\Mes images\cirque\SIV43A.tmp" Tue 30 Nov 2004 163,840 A.SH. --- "C:\Documents and Settings\All Users\Documents\Mes images\neige\SIV43A.tmp" Tue 30 Nov 2004 163,840 A.SH. --- "C:\Documents and Settings\All Users\Documents\Mes images\vacances ‚t‚ 2005\SIV43A.tmp" Tue 30 Nov 2004 163,840 A.SH. --- "C:\Documents and Settings\All Users\Documents\Mes images\Djerba 2007\avril 2007 tuitui\SIV43A.tmp" Tue 30 Nov 2004 163,840 A.SH. --- "C:\Documents and Settings\All Users\Documents\Mes images\Noel2005\100IMAGE\SIV43A.tmp" Tue 30 Nov 2004 163,840 A.SH. --- "C:\Documents and Settings\All Users\Documents\Mes images\Nouveau dossier\100IMAGE\SIV43A.tmp" Finished! RAPPORT 2 Antivir: Avira AntiVir Personal Report file date: mercredi 27 août 2008 20:19 Scanning for 1579218 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: PCMOMO Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15 ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 24/08/2008 17:18:25 ANTIVIR3.VDF : 7.0.6.81 146944 Bytes 27/08/2008 17:18:26 Engineversion : 8.1.1.23 AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:50 AESCRIPT.DLL : 8.1.0.68 315770 Bytes 27/08/2008 17:18:31 AESCN.DLL : 8.1.0.23 119156 Bytes 27/08/2008 17:18:31 AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:50 AEPACK.DLL : 8.1.2.1 364917 Bytes 27/08/2008 17:18:30 AEOFFICE.DLL : 8.1.0.22 192890 Bytes 27/08/2008 17:18:30 AEHEUR.DLL : 8.1.0.50 1388918 Bytes 27/08/2008 17:18:29 AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:50 AEGEN.DLL : 8.1.0.36 315764 Bytes 27/08/2008 17:18:28 AEEMU.DLL : 8.1.0.7 430452 Bytes 27/08/2008 17:18:27 AECORE.DLL : 8.1.1.8 172406 Bytes 27/08/2008 17:18:27 AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 27/08/2008 17:18:26 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: repair Secondary action.................: delete Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mercredi 27 août 2008 20:19 Starting search for hidden objects. '97141' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'dslmon.exe' - '1' Module(s) have been scanned Scan process 'DLG.exe' - '1' Module(s) have been scanned Scan process 'RegistryRepairPro.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned Scan process 'ashDisp.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'realplay.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'PCMService.exe' - '1' Module(s) have been scanned Scan process 'sgtray.exe' - '1' Module(s) have been scanned Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned Scan process 'hkcmd.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'ashWebSv.exe' - '1' Module(s) have been scanned Scan process 'ashMaiSv.exe' - '1' Module(s) have been scanned Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'ashServ.exe' - '1' Module(s) have been scanned Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 40 processes with 40 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '68' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! End of the scan: mercredi 27 août 2008 20:42 Used time: 23:13 Minute(s) The scan has been canceled! 1910 Scanning directories 39902 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 39900 Files not concerned 380 Archives were scanned 2 Warnings 0 Notes 97141 Objects were scanned with rootkit scan 0 Hidden objects were found RAPPORT 3 - Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:30:46, on 27/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {00330010-0000-0000-0000-000020160010} - http://207.234.185.217/ABoxInst_int25.exe O16 - DPF: {00330010-0000-0000-0000-000020160026} - http://207.234.185.217/installer/ABoxInst_int26.exe O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.drivecleaner.com/installdrivecleanerstart_fr.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart_fr.cab O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.alloticket.com/MicroPaiement/kit/WebInstall.dll O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://1095518365000.kit.sexequalite.com/2.../EntreNanas.exe O16 - DPF: {92ABACFE-EF6E-42C7-A824-D50A914B5B70} (MastaCash Loader Class) - http://dx.mastacash.com/loader.cab O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/...eInstall_fr.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O16 - DPF: {DC4C23C4-A7A3-4014-9A83-3C1BE131F39E} (VacPro.int_ver34v) - http://advnt01.com/dialer/int_ver34v.CAB O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://photoservice.photos.orange.fr/telec...geUploader4.cab O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_FR_XP.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 9515 bytes

Cher Pear, Mille merci pour l'efficacité de votre assistance

Merci beaucoup, je vais conserver Antivir. Il me semble très performant. Bravo et encore merci pour votre disponibilité et la qualité de vos conseils. Voici pour le log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:01:31, on 19/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\melle--caro\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ads.bannerstyle.biz/bc/123kah.php R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe, O2 - BHO: (no name) - {4116CFB6-5F77-2FD9-0413-5A00BFB388CA} - (no file) O2 - BHO: (no name) - {52043E63-F814-41BB-A8B8-A35474C6C1BD} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {E857C6E9-76CB-4DFD-95D7-1981E90B65FD} - (no file) O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: jkkHbcYq - jkkHbcYq.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 4639 bytes

Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15 ANTIVIR2.VDF : 7.0.6.10 2587136 Bytes 14/08/2008 14:12:52 ANTIVIR3.VDF : 7.0.6.37 168448 Bytes 19/08/2008 14:12:53 Engineversion : 8.1.1.23 AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:50 AESCRIPT.DLL : 8.1.0.68 315770 Bytes 19/08/2008 14:12:59 AESCN.DLL : 8.1.0.23 119156 Bytes 19/08/2008 14:12:58 AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:50 AEPACK.DLL : 8.1.2.1 364917 Bytes 19/08/2008 14:12:58 AEOFFICE.DLL : 8.1.0.22 192890 Bytes 19/08/2008 14:12:57 AEHEUR.DLL : 8.1.0.50 1388918 Bytes 19/08/2008 14:12:56 AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:50 AEGEN.DLL : 8.1.0.36 315764 Bytes 19/08/2008 14:12:55 AEEMU.DLL : 8.1.0.7 430452 Bytes 19/08/2008 14:12:54 AECORE.DLL : 8.1.1.8 172406 Bytes 19/08/2008 14:12:54 AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 19/08/2008 14:12:53 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: repair Secondary action.................: delete Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mardi 19 août 2008 16:52 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'wscntfy.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'SMax4.exe' - '1' Module(s) have been scanned Scan process 'SMax4PNP.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'TosBtSrv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SMAgent.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'aawservice.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'savedump.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 36 processes with 36 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '45' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Program Files\Internet Explorer\profsycy.html [DETECTION] Contains HEUR/HTML.Malware suspicious code [NOTE] The detection was classified as suspicious. [NOTE] A backup was created as '4919e00f.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b22e8f8.qua' ( QUARANTINE ) C:\WINDOWS\Driver Cache\i386\driver.cab [0] Archive type: CAB (Microsoft) --> epnhte4n.dll [WARNING] No further files can be extracted from this archive. The archive will be closed C:\WINDOWS\system32\gaiirmav.dll [DETECTION] Is the TR/Vundo.FGR Trojan [NOTE] A backup was created as '4913e2e0.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b28ea09.qua' ( QUARANTINE ) C:\WINDOWS\system32\pgxmtnmo.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] A backup was created as '4922e3b9.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b19eb52.qua' ( QUARANTINE ) C:\WINDOWS\system32\pshnsu.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] A backup was created as '4912e3c7.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b29eb20.qua' ( QUARANTINE ) End of the scan: mardi 19 août 2008 17:19 Used time: 27:09 Minute(s) The scan has been done completely. 3245 Scanning directories 148453 Files were scanned 3 viruses and/or unwanted programs were found 1 Files were classified as suspicious: 0 files were deleted 0 files were repaired 8 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 148448 Files not concerned 841 Archives were scanned 2 Warnings 4 Notes

SDFix: Version 1.216 Run by Administrateur on 19/08/2008 at 13:18 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080807231432156.log - Deleted C:\Program Files\BChanger\data.dat - Deleted C:\Program Files\BChanger\Uninstall.exe - Deleted C:\Program Files\NoDNS\UnInstall.exe - Deleted C:\Program Files\Sakora\Sakora.exe.lzma - Deleted C:\Program Files\Spcron\Spc.dll.lzma - Deleted C:\Program Files\VnrBlock\VnrBlock20.exe - Deleted C:\Program Files\VnrBlock\xtarga.gz - Deleted C:\Program Files\.autoreg - Deleted C:\WINDOWS\system32\real.txt - Deleted Folder C:\Documents and Settings\melle--caro\Application Data\SpeedRunner - Removed Folder C:\Documents and Settings\All Users\Application Data\SoftLand Ltd - Removed Folder C:\Program Files\BChanger - Removed Folder C:\Program Files\CPV - Removed Folder C:\Program Files\NoDNS - Removed Folder C:\Program Files\Sakora - Removed Folder C:\Program Files\Skra - Removed Folder C:\Program Files\Spcron - Removed Folder C:\Program Files\VnrBlock - Removed Folder C:\Program Files\XP Antivirus - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-19 13:41:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bdc000b6b] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001bdc000b6b] scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:00000074 "TracesSuccessful"=dword:00000004 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Thu 2 Mar 2006 93,184 A.SH. --- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" Mon 18 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT1.tmp" Mon 18 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\326d1a08fc685e3efad9e9a5b059ebfb\BIT2C.tmp" Mon 18 Feb 2008 1,505,808 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\32a68038cbc8e2f304034165d1cab2e1\BIT34.tmp" Mon 18 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5b6da8fb69b176ee583a3734e2af76e6\BIT2D.tmp" Mon 18 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\60f98441524da959e4cfd96533bfcea5\BIT33.tmp" Mon 18 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7333946973f87a4fdf879a85eeae256b\BIT2E.tmp" Mon 18 Feb 2008 10,092,048 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8b3179d71e82d8085d960408b16ae5bf\BIT30.tmp" Mon 18 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9526baba4c0a42975f8fabcda9ca8dc3\BIT31.tmp" Mon 18 Feb 2008 1,229,688 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc7043d60e692448b548f03d568309ab\BIT2F.tmp" Mon 18 Feb 2008 4,856,848 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f3fd033e4d9140ea4bb2ff5810443583\BIT32.tmp" Finished!

Et hop! Malwarebytes' Anti-Malware 1.25 Version de la base de données: 1070 Windows 5.1.2600 Service Pack 2 14:22:02 19/08/2008 mbam-log-08-19-2008 (14-22-02).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 71331 Temps écoulé: 19 minute(s), 48 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 1 Clé(s) du Registre infectée(s): 16 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 3 Fichier(s) infecté(s): 61 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\zwlvuz.dll (Trojan.Vundo.H) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3857d77-fb43-4405-b424-36d90aec5c51} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e3857d77-fb43-4405-b424-36d90aec5c51} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\SpeedRunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm9b8ffa74 (Trojan.Agent) -> Delete on reboot. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Program Files\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully. C:\Program Files\Outerinfo\FF (Adware.Outerinfo) -> Quarantined and deleted successfully. C:\Program Files\Outerinfo\FF\components (Adware.Outerinfo) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\WINDOWS\system32\zwlvuz.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\fxyrcypb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bpycryxf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rrwxqary.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yraqxwrr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wjrdwjgg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ggjwdrjw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ybcfkwxi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ixwkfcby.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\melle--caro\DoctorWeb\Quarantine\A0150589.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\melle--caro\DoctorWeb\Quarantine\QdrPack16.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\components\srff.dll (Adware.SurfAccuracy) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7CE40D9D-4CD5-44F8-8BE4-5801E401722D}\RP56\A0082120.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7CE40D9D-4CD5-44F8-8BE4-5801E401722D}\RP56\A0082132.exe (Adware.ISM) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7CE40D9D-4CD5-44F8-8BE4-5801E401722D}\RP59\A0083229.exe (Adware.ISM) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7CE40D9D-4CD5-44F8-8BE4-5801E401722D}\RP66\A0109507.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7CE40D9D-4CD5-44F8-8BE4-5801E401722D}\RP66\A0110553.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7CE40D9D-4CD5-44F8-8BE4-5801E401722D}\RP66\A0117647.dll (Adware.SurfAccuracy) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7CE40D9D-4CD5-44F8-8BE4-5801E401722D}\RP67\A0150220.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7CE40D9D-4CD5-44F8-8BE4-5801E401722D}\RP67\A0150225.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7CE40D9D-4CD5-44F8-8BE4-5801E401722D}\RP67\A0150196.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7CE40D9D-4CD5-44F8-8BE4-5801E401722D}\RP67\A0150198.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7CE40D9D-4CD5-44F8-8BE4-5801E401722D}\RP67\A0150206.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7CE40D9D-4CD5-44F8-8BE4-5801E401722D}\RP68\A0150555.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7CE40D9D-4CD5-44F8-8BE4-5801E401722D}\RP68\A0150556.exe (Adware.ISM) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7CE40D9D-4CD5-44F8-8BE4-5801E401722D}\RP68\A0150557.exe (Malware.Trace) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7CE40D9D-4CD5-44F8-8BE4-5801E401722D}\RP68\A0150560.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7CE40D9D-4CD5-44F8-8BE4-5801E401722D}\RP68\A0150591.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7CE40D9D-4CD5-44F8-8BE4-5801E401722D}\RP68\A0150592.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7CE40D9D-4CD5-44F8-8BE4-5801E401722D}\RP68\A0150593.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7CE40D9D-4CD5-44F8-8BE4-5801E401722D}\RP68\A0150595.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7CE40D9D-4CD5-44F8-8BE4-5801E401722D}\RP68\A0150596.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7CE40D9D-4CD5-44F8-8BE4-5801E401722D}\RP68\A0150598.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7CE40D9D-4CD5-44F8-8BE4-5801E401722D}\RP68\A0150599.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7CE40D9D-4CD5-44F8-8BE4-5801E401722D}\RP68\A0150600.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7CE40D9D-4CD5-44F8-8BE4-5801E401722D}\RP68\A0150601.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7CE40D9D-4CD5-44F8-8BE4-5801E401722D}\RP69\A0150690.exe (Adware.ISM) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7CE40D9D-4CD5-44F8-8BE4-5801E401722D}\RP70\A0150925.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7CE40D9D-4CD5-44F8-8BE4-5801E401722D}\RP70\A0150926.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7CE40D9D-4CD5-44F8-8BE4-5801E401722D}\RP70\A0150927.exe (Trojan.BHO) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7CE40D9D-4CD5-44F8-8BE4-5801E401722D}\RP70\A0150928.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7CE40D9D-4CD5-44F8-8BE4-5801E401722D}\RP73\A0151530.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7CE40D9D-4CD5-44F8-8BE4-5801E401722D}\RP73\A0151539.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cdwqyb.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nlkvqjql.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pvvitcdo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\uesykfox.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jibwwp.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kcnfhnwi.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qtfxkxlu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Program Files\Outerinfo\Terms.rtf (Adware.Outerinfo) -> Quarantined and deleted successfully. C:\Program Files\Outerinfo\FF\chrome.manifest (Adware.Outerinfo) -> Quarantined and deleted successfully. C:\Program Files\Outerinfo\FF\install.rdf (Adware.Outerinfo) -> Quarantined and deleted successfully. C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.Outerinfo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\anxqxaeb.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM9b8ffa74.xml (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM9b8ffa74.txt (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Bonjour, Quelqu'un pourrait-il avoir l'amabilité de m'analyser ce rapport svp? Il traine encore des malwares sur ce PC dont je n'arrive pas à me débarrasser... Merci beaucoup Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:23:06, on 19/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\melle--caro\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ads.bannerstyle.biz/bc/123kah.php R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe O2 - BHO: (no name) - {4116CFB6-5F77-2FD9-0413-5A00BFB388CA} - (no file) O2 - BHO: (no name) - {52043E63-F814-41BB-A8B8-A35474C6C1BD} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: {15c5cea0-9d63-424b-5044-34bf77d7583e} - {e3857d77-fb43-4405-b424-36d90aec5c51} - C:\WINDOWS\system32\zwlvuz.dll O2 - BHO: (no name) - {E857C6E9-76CB-4DFD-95D7-1981E90B65FD} - (no file) O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [bM9b8ffa74] Rundll32.exe "C:\WINDOWS\system32\anxqxaeb.dll",s O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [VnrBlock20] "C:\Program Files\VnrBlock\VnrBlock20.exe" O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: jkkHbcYq - jkkHbcYq.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 5091 bytes