//http

Bonjour; Très Classe pear ! Voici le rapport OTM: ll processes killed Error: Unable to interpret <Processes> in the current context! Error: Unable to interpret <explorer.exe> in the current context! ========== FILES ========== File/Folder h:\program files\eorezo\eoadv\eorezobho.dll not found. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: HASNA~1ttings User: Hasnaà User: LocalService ->Temp folder emptied: 0 bytes File delete failed. H:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Samira File delete failed. H:\Documents and Settings\Samira\Local Settings\Temp\~DF8D05.tmp scheduled to be deleted on reboot. ->Temp folder emptied: 5223542 bytes ->Temporary Internet Files folder emptied: 33671587 bytes ->FireFox cache emptied: 33949421 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2148155 bytes %systemroot%\System32 .tmp files removed: 2930176 bytes File delete failed. H:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot. File delete failed. H:\WINDOWS\temp\Perflib_Perfdata_6ac.dat scheduled to be deleted on reboot. Windows Temp folder emptied: 16384 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 74,36 mb OTM by OldTimer - Version 3.0.0.5 log created on 07242009_085514 *********************************************************************** Je sens ma becane plus sûre. Merci

Parfait; Voici nouveau rapport Hijackthis: ogfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:59:58, on 23/07/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: H:\WINDOWS\System32\smss.exe H:\WINDOWS\system32\winlogon.exe H:\WINDOWS\system32\services.exe H:\WINDOWS\system32\lsass.exe H:\WINDOWS\system32\Ati2evxx.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\system32\Ati2evxx.exe H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe H:\Program Files\Alwil Software\Avast4\ashServ.exe H:\WINDOWS\system32\spoolsv.exe H:\WINDOWS\system32\tcpsvcs.exe H:\WINDOWS\System32\snmp.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\system32\ufdsvc.exe H:\WINDOWS\system32\mqsvc.exe H:\WINDOWS\system32\mqtgsvc.exe H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe H:\WINDOWS\System32\svchost.exe H:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe H:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe H:\WINDOWS\system32\ctfmon.exe H:\Program Files\Menara\dslmon.exe H:\WINDOWS\explorer.exe H:\Program Files\Alwil Software\Avast4\ashWebSv.exe H:\WINDOWS\system32\inetsrv\inetinfo.exe H:\Program Files\Internet Explorer\iexplore.exe H:\Program Files\Internet Explorer\iexplore.exe H:\Documents and Settings\Samira\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - H:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - H:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - H:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] H:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [setRefresh] H:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [startCCC] "H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: DSLMON.lnk = H:\Program Files\Menara\dslmon.exe O8 - Extra context menu item: &Clean Traces - H:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - H:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - H:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - SolidConverterPDF - (no file) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O17 - HKLM\System\CCS\Services\Tcpip\..\{51858023-17F4-4014-9790-34E641FDB225}: NameServer = 62.251.229.237 62.251.229.223 O17 - HKLM\System\CS2\Services\Tcpip\..\{51858023-17F4-4014-9790-34E641FDB225}: NameServer = 62.251.229.237 62.251.229.223 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - H:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: UFD Command Service (UFDSVC) - Generic - H:\WINDOWS\system32\ufdsvc.exe -- End of file - 6227 bytes ************************************************** salutations

Merci Pear pour ton coup de main. voici le rapport TB de suppression: -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.40GHz ) BIOS : Phoenix - Award BIOS v6.00PG USER : Hasnaà ( Administrator ) BOOT : Fail-safe boot Antivirus : avast! antivirus 4.8.1335 [VPS 090722-0] 4.8.1335 (Not Activated) Firewall : F-Secure Anti-Virus 2006 6.10 6.10 (Not Activated) D:\ (Local Disk) - NTFS - Total:5 Go (Free:5 Go) H:\ (Local Disk) - NTFS - Total:69 Go (Free:53 Go) I:\ (CD or DVD) "H:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [2] ( 23/07/2009|16:40 ) -----------\\ SUPPRESSION Supprime! - H:\Program Files\AskPBar\bar Supprime! - H:\Program Files\AskPBar\SrchAstt Supprime! - H:\Program Files\FunWebProducts\ScreenSaver Supprime! - H:\Program Files\FunWebProducts\Shared Supprime! - H:\Program Files\Fun Web Products\MSNMessenger Supprime! - H:\WINDOWS\System32\f3PSSavr.scr Supprime! - H:\Program Files\Internet Explorer\msimg32.dll Supprime! - H:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll Supprime! - H:\Program Files\MSN Messenger\riched20.dll Supprime! - H:\Program Files\AskPBar Supprime! - H:\Program Files\FunWebProducts Supprime! - H:\Program Files\Fun Web Products -----------\\ Recherche de Fichiers / Dossiers ... H:\DOCUME~1\HASNA~1\Cookies\hasnaa@mywebsearch[1].txt -----------\\ Extensions (All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar (Hasna…) - {0b38152b-1b20-484d-a11f-5e04a9b0661f} => winamptoolbar (Hasna…) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="H:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.menara.ma" "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com/ie" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Local Page"="H:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.msn.com/" "Search Bar"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" **************************************************************************** Et voici le rapport de ComboFix: ComboFix 09-07-22.09 - Samira 23/07/2009 17:01.1.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.446.145 [GMT 0:00] Running from: h:\documents and settings\Samira\Bureau\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090722-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: F-Secure Anti-Virus 2006 6.10 *disabled* {D4747503-0346-49EB-9262-997542F79BF4} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . h:\recycler\S-1-5-21-583907252-963894560-725345543-1003 h:\windows\system32\Cache . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IPRIP -------\Service_Iprip ((((((((((((((((((((((((( Files Created from 2009-06-23 to 2009-07-23 ))))))))))))))))))))))))))))))) . 2009-07-23 16:39 . 2009-07-23 16:39 -------- d-----w- h:\documents and settings\HASNA~1ttings\Hasnaà 2009-07-23 16:39 . 2009-07-23 16:39 -------- d-----w- h:\documents and settings\HASNA~1ttings 2009-07-23 16:11 . 2009-07-23 16:13 -------- d-----w- h:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-07-23 16:11 . 2009-07-23 16:11 -------- d-----w- h:\program files\Spybot - Search & Destroy 2009-07-23 16:05 . 2009-07-23 16:42 -------- d-----w- H:\ToolBar SD 2009-07-23 16:03 . 2009-07-23 16:03 -------- d-sh--w- h:\documents and settings\Samira\PrivacIE 2009-07-23 15:50 . 2009-07-23 15:50 -------- d-sh--w- h:\documents and settings\NetworkService\IETldCache 2009-07-23 15:49 . 2009-07-23 15:49 -------- d-sh--w- h:\documents and settings\Samira\IETldCache 2009-07-23 15:43 . 2009-07-01 07:08 101376 -c----w- h:\windows\system32\dllcache\iecompat.dll 2009-07-23 15:41 . 2009-07-23 15:43 -------- d-----w- h:\windows\ie8updates 2009-07-23 15:41 . 2009-04-30 21:16 12800 -c----w- h:\windows\system32\dllcache\xpshims.dll 2009-07-23 15:41 . 2009-04-30 21:16 1985024 -c----w- h:\windows\system32\dllcache\iertutil.dll 2009-07-23 15:41 . 2009-04-30 21:16 246272 -c----w- h:\windows\system32\dllcache\ieproxy.dll 2009-07-23 15:41 . 2009-04-30 21:16 11064832 -c----w- h:\windows\system32\dllcache\ieframe.dll 2009-07-23 15:38 . 2009-07-23 15:40 -------- dc-h--w- h:\windows\ie8 2009-06-28 10:20 . 2009-06-28 10:24 -------- d-----w- h:\program files\Menara . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-23 16:59 . 2009-02-23 09:13 -------- d-----w- h:\documents and settings\Samira\Application Data\SolidDocuments 2009-07-23 16:58 . 2007-07-13 11:33 -------- d---a-w- h:\documents and settings\All Users\Application Data\TEMP 2009-07-23 16:41 . 2007-08-01 17:03 -------- d-----w- h:\program files\MSN Messenger 2009-07-23 12:20 . 2008-12-16 17:04 -------- d-----w- h:\program files\Maestria 2009-06-28 10:24 . 2007-07-11 17:15 -------- d--h--w- h:\program files\InstallShield Installation Information 2009-06-28 10:15 . 2009-01-15 21:18 -------- d-----w- h:\program files\ma-config.com 2009-06-28 10:15 . 2009-01-15 21:18 -------- d-----w- h:\documents and settings\All Users\Application Data\ma-config.com 2009-06-16 14:40 . 2006-03-02 12:00 81920 ----a-w- h:\windows\system32\fontsub.dll 2009-06-16 14:40 . 2006-03-02 12:00 119808 ----a-w- h:\windows\system32\t2embed.dll 2009-06-03 19:10 . 2006-03-02 12:00 1297408 ----a-w- h:\windows\system32\quartz.dll 2009-05-29 11:18 . 2009-02-23 17:42 -------- d-----w- h:\program files\AGL PAYE 2006 2009-05-27 10:48 . 2008-12-15 17:10 -------- d-----w- h:\documents and settings\All Users\Application Data\McAfee 2009-05-27 10:40 . 2009-05-27 10:40 -------- d-----w- h:\program files\Alwil Software 2009-05-13 05:04 . 2006-03-02 12:00 915456 ----a-w- h:\windows\system32\wininet.dll 2009-05-07 15:33 . 2006-03-02 12:00 348672 ----a-w- h:\windows\system32\localspl.dll 2008-12-02 21:38 . 2009-01-05 08:59 134648 ----a-w- h:\program files\mozilla firefox\components\brwsrcmp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="h:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Share-to-Web Namespace Daemon"="h:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632] "SetRefresh"="h:\program files\COMPAQ\SetRefresh\\SetRefresh.exe" [2003-11-20 525824] "Adobe Reader Speed Launcher"="h:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "StartCCC"="h:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "avast!"="h:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "MsmqIntCert"="mqrt.dll" - h:\windows\system32\mqrt.dll [2008-04-14 177152] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="h:\windows\system32\CTFMON.EXE" [2008-04-14 15360] h:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ DSLMON.lnk - h:\program files\Menara\dslmon.exe [2009-6-28 839680] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "h:\\Program Files\\DAP\\DAP.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "h:\\Program Files\\Menara\\Signup.exe"= "h:\\Program Files\\Menara\\dslmon.exe"= "h:\\WINDOWS\\system32\\mqsvc.exe"= "h:\\Program Files\\TightVNC\\WinVNC.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "3587:TCP"= 3587:TCP:Groupement homologue Windows "3540:UDP"= 3540:UDP:Protocole PNRP (Peer Name Resolution Protocol) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 aswSP;avast! Self Protection;h:\windows\system32\drivers\aswSP.sys [27/05/2009 10:40 114768] R2 aswFsBlk;aswFsBlk;h:\windows\system32\drivers\aswFsBlk.sys [27/05/2009 10:40 20560] R3 dfmirage;dfmirage;h:\windows\system32\drivers\dfmirage.sys [25/11/2005 17:43 31896] R3 e4usbaw;USB ADSL2 WAN Adapter;h:\windows\system32\drivers\e4usbaw.sys [16/01/2009 22:05 114616] S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);h:\windows\system32\drivers\e4ldr.sys [16/01/2009 22:05 63555] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "h:\windows\system32\rundll32.exe" "h:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . - - - - ORPHANS REMOVED - - - - URLSearchHooks-{0A94B116-4504-4e26-AB05-E61E474AA38B} - h:\program files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL HKLM-Run-WinampAgent - h:\program files\Winamp\winampa.exe HKLM-Run-EoEngine - (no file) HKLM-Run-EoWeather - (no file) HKLM-Run-EoClock - (no file) HKLM-Run-EoComputer - (no file) HKLM-Run-EoRss - (no file) HKLM-Run-EoNet - (no file) HKLM-Run-EoSudoku - (no file) HKLM-Run-EoPhoto - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.menara.ma mWindow Title = IE: &Clean Traces - h:\program files\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - h:\program files\DAP\dapextie.htm IE: Download &all with DAP - h:\program files\DAP\dapextie2.htm IE: E&xporter vers Microsoft Excel - h:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {51858023-17F4-4014-9790-34E641FDB225} = 62.251.229.223 62.251.229.237 Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - h:\progra~1\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - h:\progra~1\DAP\dapie.dll FF - ProfilePath - h:\documents and settings\Samira\Application Data\Mozilla\Firefox\Profiles\fr9i8n8f.default\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-23 17:11 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(888) h:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3308) h:\windows\system32\eappprxy.dll h:\windows\system32\webcheck.dll h:\windows\system32\WPDShServiceObj.dll h:\windows\system32\PortableDeviceTypes.dll h:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . h:\windows\system32\ati2evxx.exe h:\windows\system32\ati2evxx.exe h:\program files\Alwil Software\Avast4\aswUpdSv.exe h:\program files\Alwil Software\Avast4\ashServ.exe h:\windows\system32\msdtc.exe h:\windows\system32\inetsrv\inetinfo.exe h:\windows\system32\tcpsvcs.exe h:\windows\system32\snmp.exe h:\windows\system32\ufdsvc.exe h:\windows\system32\mqsvc.exe h:\windows\system32\mqtgsvc.exe h:\program files\Alwil Software\Avast4\ashMaiSv.exe h:\windows\system32\wscntfy.exe h:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe . ************************************************************************** . Completion time: 2009-07-23 17:14 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-23 17:14 Pre-Run: 57 285 849 088 octets libres Post-Run: 57 329 881 088 octets libres 167 --- E O F --- 2009-07-23 15:44 ************************************ Salutations

Bonjour; Mon avast familial me signale des trojan et autres, à l'application de Hijackthis je vous soumet le log. Quelqu'un peut m'aider SVp ogfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:25:23, on 23/07/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: H:\WINDOWS\System32\smss.exe H:\WINDOWS\system32\winlogon.exe H:\WINDOWS\system32\services.exe H:\WINDOWS\system32\lsass.exe H:\WINDOWS\system32\Ati2evxx.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\system32\Ati2evxx.exe H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe H:\Program Files\Alwil Software\Avast4\ashServ.exe H:\WINDOWS\system32\spoolsv.exe H:\WINDOWS\Explorer.EXE H:\WINDOWS\system32\cisvc.exe H:\WINDOWS\system32\inetsrv\inetinfo.exe H:\WINDOWS\system32\tcpsvcs.exe H:\WINDOWS\System32\snmp.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\system32\ufdsvc.exe H:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe H:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe H:\WINDOWS\system32\ctfmon.exe H:\WINDOWS\system32\mqsvc.exe H:\Program Files\Menara\dslmon.exe H:\WINDOWS\system32\mqtgsvc.exe H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe H:\Program Files\Alwil Software\Avast4\ashWebSv.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\system32\wuauclt.exe H:\WINDOWS\system32\cidaemon.exe H:\WINDOWS\system32\cidaemon.exe H:\WINDOWS\System32\rasautou.exe H:\Program Files\Internet Explorer\iexplore.exe H:\DOCUME~1\Samira\LOCALS~1\Temp\Google Toolbar\gtb1BC.tmp.exe H:\Program Files\DAP\DAP.EXE H:\Program Files\Alwil Software\Avast4\setup\avast.setup H:\Documents and Settings\Samira\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.menara.ma R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - H:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - H:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - H:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - H:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file) O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - H:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O4 - HKLM\..\Run: [WinampAgent] "H:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] H:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [setRefresh] H:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [startCCC] "H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [cdoosoft] H:\WINDOWS\system32\olhrwef.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: DSLMON.lnk = H:\Program Files\Menara\dslmon.exe O8 - Extra context menu item: &Clean Traces - H:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - H:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - H:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - SolidConverterPDF - (no file) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.0.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...ion_3_1_0_4.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{51858023-17F4-4014-9790-34E641FDB225}: NameServer = 62.251.229.223 62.251.229.237 O17 - HKLM\System\CS2\Services\Tcpip\..\{51858023-17F4-4014-9790-34E641FDB225}: NameServer = 62.251.229.223 62.251.229.237 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - H:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: UFD Command Service (UFDSVC) - Generic - H:\WINDOWS\system32\ufdsvc.exe -- End of file - 7028 bytes