Akil3eS

Bonjour Pear, tout d'abord, merci pour ta réponse complète et rapide. J'ai fait ce que tu m'avais demandé et voici les rapports. Deux remarques néanmoins concernant MBAM: - quand j'ai voulu mettre à jour, j'ai eu un message d'alerte avec écrit: "error ode: 732(0,0)". J'ai essayé par la suite manuellement ds l'onglet mise à jour. Mais, là encore, le message est apparu. j'ai donc fait le scan sans la mise à jour. - quand le scan s'est terminé, 3 fichiers n'ont pas pu être supprimé. J'imagine que tu pourras les retrouver ds le rapport, mais au cas où, voici la racine: HKEY_CLASSES_ROOT\CLSID\{bf56a...caa53} HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVision\Explorer\Bases Helper Objects\{bf56a...caa53} HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVision\Explorer\SharedTaskSchedule\{bf56a...caa53} HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVision\Winlogon\taskman En outre, MBAM m'a demandé de redémarrer le PC pour les supprimer, ce que j'ai fait. Je ne sais pas s'ils ont en effet été supprimés, mais l'ordinateur semble aller beaucoup mieux (jpeux à présent aller sur Internet puisque j'utilise et avais utilisé un autre PC pour venir poster le message sur le forum). RAPPORT OTM All processes killed ========== PROCESSES ========== ========== FILES ========== c:\windows\system32\wiwow64.exe moved successfully. File/Folder c:\windows\system32\pbfrv2.dll not found. File/Folder c:\program files\xp antivirus\xpa2008.exe not found. ========== REGISTRY ========== Registry key HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\XP Antivirus deleted successfully. OTM by OldTimer - Version 3.0.0.6 log created on 09112009_123313 Files moved on Reboot... Registry entries deleted on Reboot... RAPPORT MBAM Malwarebytes' Anti-Malware 1.41 Version de la base de données: 2775 Windows 5.1.2600 Service Pack 2 11/09/2009 13:34:25 mbam-log-2009-09-11 (13-34-25).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 155794 Temps écoulé: 40 minute(s), 53 second(s) Processus mémoire infecté(s): 3 Module(s) mémoire infecté(s): 2 Clé(s) du Registre infectée(s): 21 Valeur(s) du Registre infectée(s): 24 Elément(s) de données du Registre infecté(s): 5 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 94 Processus mémoire infecté(s): C:\WINDOWS\system32\sofatnet.exe (Backdoor.Bot) -> Unloaded process successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\b.exe (Trojan.Downloader) -> Unloaded process successfully. C:\WINDOWS\msb.exe (Trojan.Agent) -> Unloaded process successfully. Module(s) mémoire infecté(s): c:\WINDOWS\system32\evdoserver.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tajf83ikdmf.dll (Trojan.Downloader) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\CLSID\{bf56a325-23f2-42ad-f4e4-00aac39caa53} (Trojan.Zlob.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\evdoserver (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\evdoserver (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\evdoserver (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\evdoserver (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bf56a325-23f2-42ad-f4e4-00aac39caa53} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf56a325-23f2-42ad-f4e4-00aac39caa53} (Trojan.Downloader) -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sofatnet (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sofatnet (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sofatnet (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sofatnet (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\pbfrv2.pbfrv2 (Adware.2020search) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020search) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\glaide32 (Rootkit.Rustock) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{bf56a325-23f2-42ad-f4e4-00aac39caa53} (Trojan.Zlob.H) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg214-k641-11sf-n33p (Trojan.Proxy) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg214-k641-12sf-n85p (Trojan.Dropper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020search) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg214-k641-24sf-n84p (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mEv (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Microsoft Driver Setup (Worm.Palevo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Advanced DHTML Enable (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jfxdghs (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Driver Setup (Worm.Palevo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\poprock (Trojan.Downloader) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556 (TrojanProxy.Slenugga) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\WINDOWS\system32\tajf83ikdmf.dll (Trojan.Zlob.H) -> Delete on reboot. c:\WINDOWS\system32\evdoserver.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\sofatnet.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\b.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1077\vslmq.exe (Trojan.Proxy) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msxml71.dll (Worm.Allaple) -> Quarantined and deleted successfully. C:\oolga.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\ppdlmsw.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\ppyp.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\dlwin.exe (Worm.P2P) -> Quarantined and deleted successfully. C:\dwktudnr.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\rjuxs.exe (Trojan.Injector) -> Quarantined and deleted successfully. C:\vwmugas.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\wfxa.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Bureau\setup(2).exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Bureau\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\~TM13.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\~TM17.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\~TM4.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\~TM5.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\~TM6.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\~TM8.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\~TMA.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\~TMA1.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\~TMC.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\018.exe (Trojan.Proxy) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\020.exe (Trojan.Proxy) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\118.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\i.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\c.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\C.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\506.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\530.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\552.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\621.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\649.exe (Trojan.Proxy) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\667.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\714.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\722.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\9.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\906.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\968.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\a.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\f.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\d.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\e.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\128.exe (Trojan.Proxy) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\178.exe (Trojan.Proxy) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\184.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\220.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\249.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\268.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\388.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\484.exe (Trojan.Proxy) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\h.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\g.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temporary Internet Files\Content.IE5\29YDEFU1\loaderadv562[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temporary Internet Files\Content.IE5\29YDEFU1\lqm2[1].exe (Trojan.Proxy) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temporary Internet Files\Content.IE5\29YDEFU1\m2[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temporary Internet Files\Content.IE5\C1IJGPIN\qwxhuhvvjw[2].htm (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temporary Internet Files\Content.IE5\C1IJGPIN\fcmmaabo[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temporary Internet Files\Content.IE5\C1IJGPIN\xdajk[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temporary Internet Files\Content.IE5\D2OVZFYK\pr3xy[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temporary Internet Files\Content.IE5\D2OVZFYK\xdajk[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temporary Internet Files\Content.IE5\D2OVZFYK\hdnoo[1].txt (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temporary Internet Files\Content.IE5\D2OVZFYK\lqm2[1].exe (Trojan.Proxy) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Menu Démarrer\Programmes\Démarrage\ihaupd32.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4L2ZOXMR\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4L2ZOXMR\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4L2ZOXMR\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KDER8563\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KDER8563\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KLYJG5QF\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-7666012706-4624794923-166185852-1500\wnzip32.exe (Trojan.Injector) -> Delete on reboot. C:\_OTM\MovedFiles\09112009_123313\windows\system32\wiwow64.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\Desktop.ini (TrojanProxy.Slenugga) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Application Data\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\_id.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wiawow32.sys (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wiwow64.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\785.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\msb.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\services.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1858\port88.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\WINDOWS\osdrive32.exe (Worm.Palevo) -> Delete on reboot. C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\620.exe (Trojan.Agent) -> Delete on reboot. Je ne sais pas si l'ordinateur est sain ou s'il y a encore des fichiers malveillants, mais, en tt cas, je tien à te remercier une nouvelle fois pour ton aide! Akil3eS

Bonjour à tous, j'ai sur mon pc Avast!, Ad-Aware et SpyBot et aucun d'eux n'est parvenu à éradiquer les fichiers malveillants: Win32 RustNT, WinTiny-II, Win32 Fraudland, et probablement d'autres... Jviens de lire que ces 3 logiciels étaient assez inutiles, et je vais donc installer Antivir a la place d'Avast. Aussi, j'ai installé HiJackThis et voila le rapport: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:37:29, on 11/09/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\system32\lxdxcoms.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drivers\RMC.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\ALCMTR.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe C:\WINDOWS\osdrive32.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\wiwow64.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\sofatnet.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\lsm32.sys C:\Documents and Settings\Anne-Sophie\Bureau\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = SOS Connexion - Le web en toute simplicité R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: C:\WINDOWS\system32\tajf83ikdmf.dll - {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} - C:\WINDOWS\system32\tajf83ikdmf.dll O3 - Toolbar: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll (file missing) O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RMC] C:\WINDOWS\system32\drivers\RMC.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\ANNE-S~1\LOCALS~1\Temp\{0385C041-2879-453C-A351-27A221298B1A}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x040c" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [spc1000] C:\WINDOWS\vspc1000.exe O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe" O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [jfxdghs] C:\DOCUME~1\ANNE-S~1\LOCALS~1\Temp\r56y7u.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\osdrive32.exe O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpa2008.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [12CFG214-K641-11SF-N33P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1077\vslmq.exe O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [PopRock] C:\DOCUME~1\ANNE-S~1\LOCALS~1\Temp\b.exe O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\osdrive32.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: ihaupd32.exe O4 - Startup: ysfsys32.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart17.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: VPro1000.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O17 - HKLM\System\CCS\Services\Tcpip\..\{FDB96917-0AE0-468D-9A52-77B1967451BB}: NameServer = 80.10.246.2,80.10.246.129 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: xpqqgkwi - C:\WINDOWS\SYSTEM32\ywdswtr.dll O22 - SharedTaskScheduler: ghya673gidh87we9inkff - {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} - C:\WINDOWS\system32\tajf83ikdmf.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe O23 - Service: lxdx_device - - C:\WINDOWS\system32\lxdxcoms.exe O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: sofatnet Service (sofatnet) - Sigma Designs In - C:\WINDOWS\system32\sofatnet.exe O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\ -- End of file - 10945 bytes Je précise que je ne sais pas lire le rapport, j'attends donc vos instructions. Merci pour vos conseils et votre aide. Bonne journée!