maximilio

Bonsoir, Je ne parviens toujours pas à me connecter à Internet sur mon système principal. Ci-dessous les rapports de mbam et de AD-R. Merci de votre aide. Bonne soirée. Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3510 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 29/03/2010 11:23:08 mbam-log-2010-03-29 (11-23-08).txt Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|G:\|H:\|) Eléments examinés: 201338 Temps écoulé: 1 hour(s), 9 minute(s), 53 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) . ======= RAPPORT D'AD-REMOVER 2.0.0.0,B | UNIQUEMENT XP/VISTA/7 ======= . Mis à jour par C_XX le 28/03/10 à 21:30 Contact: [email protected] Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Lancé à: 12:47:16 le 29/03/2010 | Mode normal | Option: SCAN Exécuté de: F:\Ad-Remover\ADR.exe SE: Microsoft® Windows XP™ Service Pack 3 - X86 Nom du PC: PRINCIPAL | Utilisateur actuel: Lydie et François (Administrateur) . ============== ÉLÉMENT(S) TROUVÉ(S) ============== . . F:\Documents and Settings\All Users\Application Data\GamesBar F:\Documents and Settings\Lydie et François\Application Data\EoRezo F:\Program Files\EoRezo . HKCU\Software\EoRezo HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} HKLM\Software\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9} HKLM\Software\Classes\AppID\EoRezoBHO.DLL HKLM\Software\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350} HKLM\Software\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} HKLM\Software\Classes\EoRezoBHO.EoBho HKLM\Software\Classes\EoRezoBHO.EoBho.1 HKLM\Software\Classes\Interface\{819DB72D-1C28-4387-9778-E2FF3DC86F74} HKLM\Software\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10} HKLM\Software\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E} HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{25A6C7AF-A8F9-4b44-A6A6-B25ABBD71DD5} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1 . . ============== SCAN ADDITIONNEL ============== . . * Internet Explorer Version 8.0.6001.18702 * . [HKCU\Software\Microsoft\Internet Explorer\Main] . AutoHide: yes Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: F:\WINDOWS\system32\blank.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Show_ToolBar: yes Start Page: about:blank . [HKLM\Software\Microsoft\Internet Explorer\Main] . Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157 Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Delete_Temp_Files_On_Exit: yes Local Page: F:\WINDOWS\system32\blank.htm Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157 . [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] . Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm . ======================================== . F:\DOCUME~1\LYDIEE~1\LOCALS~1\Temp: 143 Fichier(s), 11 Dossier(s) F:\WINDOWS\temp: 108 Fichier(s), 2 Dossier(s) Temporary Internet Files: 10 Fichier(s), 10 Dossier(s) . F:\Ad-Remover\Quarantine: 0 Fichier(s) F:\Ad-Remover\Backup: 0 Fichier(s) . F:\Ad-Report-SCAN[1].txt - 2935 Octet(s) . Fin à: 12:50:24, 29/03/2010 . ============== E.O.F - SCAN[1] ============== . ======= RAPPORT D'AD-REMOVER 2.0.0.0,B | UNIQUEMENT XP/VISTA/7 ======= . Mis à jour par C_XX le 28/03/10 à 21:30 Contact: [email protected] Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Lancé à: 14:28:35 le 29/03/2010 | Mode normal | Option: CLEAN Exécuté de: F:\Ad-Remover\ADR.exe SE: Microsoft® Windows XP™ Service Pack 3 - X86 Nom du PC: PRINCIPAL | Utilisateur actuel: Lydie et François (Administrateur) . ============== ÉLÉMENT(S) NEUTRALISÉ(S) ============== . . (!) -- Fichiers temporaires supprimés. . . . ============== SCAN ADDITIONNEL ============== . . * Internet Explorer Version 8.0.6001.18702 * . [HKCU\Software\Microsoft\Internet Explorer\Main] . AutoHide: yes Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: F:\WINDOWS\system32\blank.htm Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ . [HKLM\Software\Microsoft\Internet Explorer\Main] . Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Local Page: F:\WINDOWS\system32\blank.htm Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/ . [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] . Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm . ======================================== . F:\DOCUME~1\LYDIEE~1\LOCALS~1\Temp: 0 Fichier(s), 11 Dossier(s) F:\WINDOWS\temp: 3 Fichier(s), 2 Dossier(s) Temporary Internet Files: 0 Fichier(s), 12 Dossier(s) . F:\Ad-Remover\Quarantine: 0 Fichier(s) F:\Ad-Remover\Backup: 12 Fichier(s) . F:\Ad-Report-CLEAN[1].txt - 3375 Octet(s) F:\Ad-Report-CLEAN[2].txt - 2207 Octet(s) F:\Ad-Report-CLEAN[3].txt - 2082 Octet(s) F:\Ad-Report-SCAN[1].txt - 3059 Octet(s) . Fin à: 14:30:52, 29/03/2010 . ============== E.O.F - CLEAN[3] ==============

Bonsoir, Je ne parviens plus à me connecter à Internet. J'ai tenté de réparer en vain ma connexion. Ci-dessous un rapport d'HijackThis de mon système principal. D'avance merci de vos conseils. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:33:24, on 27/03/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe F:\Program Files\Alwil Software\Avast4\ashServ.exe F:\WINDOWS\Explorer.EXE F:\Program Files\VIAudioi\SBADeck\ADeck.exe F:\WINDOWS\system32\VTTimer.exe F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe F:\WINDOWS\system32\ctfmon.exe F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\system32\rundll32.exe F:\WINDOWS\system32\svchost.exe F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe F:\Program Files\Alwil Software\Avast4\ashWebSv.exe F:\Program Files\internet explorer\iexplore.exe F:\Program Files\internet explorer\iexplore.exe D:\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file) O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file) O4 - HKLM\..\Run: [AudioDeck] F:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [Eraser RiskMonitor] "F:\Program Files\East-Tec Eraser 2008\Launch.exe" "F:\Program Files\East-Tec Eraser 2008\etRiskMon.exe" O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://D:\ANESUR~1\Office\1036\phdintl.dll/phdContext.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - F:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - F:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 4884 bytes

Bonjour, Ci-dessous le rapport de ComboFix. D'avance merci de votre soutien. ComboFix 10-03-26.02 - Lydie et François 27/03/2010 10:02:51.1.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.447.274 [GMT 1:00] Lancé depuis: c:\documents and settings\Lydie et François\Bureau\ComboFix.exe AV: avast! antivirus 4.7.1043 [VPS 100326-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Fast Browser Search c:\program files\Fast Browser Search\tbhelper.dll c:\program files\Fast Browser Search\tbs_include_script_003175.js c:\program files\Fast Browser Search\tbs_include_script_005064.js c:\recycler\S-1-5-21-1214440339-1500820517-725345543-1003 c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-27 au 2010-03-27 )))))))))))))))))))))))))))))))))))) . 2010-03-04 12:59 . 2010-03-04 12:58 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-03-04 12:58 . 2010-03-04 12:58 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys 2010-03-04 12:58 . 2010-03-04 12:58 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll 2010-03-04 12:58 . 2010-03-04 12:58 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll 2010-03-04 12:58 . 2010-03-26 11:45 221920 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll 2010-03-04 12:58 . 2010-03-04 12:58 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll 2010-03-04 12:58 . 2010-03-04 12:58 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll 2010-03-04 12:58 . 2010-03-04 12:58 17480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll 2010-03-04 12:52 . 2010-03-04 12:52 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-03-04 12:52 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe 2010-03-04 12:41 . 2008-02-05 07:03 39936 ----a-w- c:\documents and settings\All Users\Application Data\EPSON\EPSON Stylus SX200 Series\Language\040c.E_DIX0RE.DLL . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-27 07:06 . 2007-11-06 00:46 -------- d-----w- c:\program files\SpeedFan 2010-03-04 12:58 . 2010-01-24 22:18 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-03-04 12:58 . 2010-01-24 19:59 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe 2010-03-04 12:58 . 2010-01-24 19:58 6330848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll 2010-03-04 12:52 . 2010-01-24 19:56 -------- d-----w- c:\program files\Lavasoft 2010-03-04 12:43 . 2010-01-24 19:58 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe 2010-02-23 13:53 . 2010-02-23 13:49 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-23 13:51 . 2010-02-23 13:48 -------- d-----w- c:\program files\Fichiers communs\InstallShield 2010-02-23 13:50 . 2010-02-23 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\UDL 2010-02-23 13:49 . 2010-02-23 13:02 -------- d-----w- c:\program files\epson 2010-02-23 13:48 . 2010-02-23 13:48 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint 2010-02-23 13:45 . 2010-02-23 13:02 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON 2010-02-04 15:53 . 2010-01-24 19:59 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-01-29 09:51 . 2010-01-24 19:59 8 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll 2010-01-24 06:46 . 2002-09-07 00:00 48616 ----a-w- c:\windows\system32\perfc00C.dat 2010-01-24 06:46 . 2002-09-07 00:00 367658 ----a-w- c:\windows\system32\perfh00C.dat 2010-01-22 23:58 . 2010-01-22 23:58 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-07 15:07 . 2010-01-22 23:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 15:07 . 2010-01-22 23:58 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-31 16:14 . 2004-08-03 21:14 352640 ----a-w- c:\windows\system32\drivers\srv.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 c:\documents and settings\Lydie et Fran‡ois\Menu D‚marrer\Programmes\D‚marrage\ SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2006-10-12 2619392] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MaxRecentDocs"= 21 (0x15) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [24/01/2010 20:59 64288] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04/02/2010 16:52 1263728] S1 aswSP;avast! Self Protection; [x] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Tâches planifiées' 2010-03-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 11:45] 2010-03-26 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-06 02:50] . . ------- Examen supplémentaire ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://www.avast.com/go.php?verb=register-home&lang=fre . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-27 10:06 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2010-03-27 10:09:17 ComboFix-quarantined-files.txt 2010-03-27 09:09 Avant-CF: 4 735 270 912 octets libres Après-CF: 4 889 100 288 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="XP NORMAL" /noexecute=optin /fastdetect multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="SYSTEME DE SECOURS" /noexecute=optin /fastdetect - - End Of File - - EA3CA834F812BCD18CACDFD465841385

Bonsoir, J'ai un fichier nuisible sur mon ordinateur qui se manifeste au démarrage de la manière suivante : Une première fenêtre s'ouvre avec le message suivant : Security Warning - Application cannot be executed. The file msfeedssync.exe is infected. Do you want to activate your antivirus software now ? oui/non. S'ensuit l'ouverture de deux autres fenêtres avec les messages suivants : Antivirus software alert - Attention ! Spyware alert. Et : Antivirus software alert - Infiltration alert. J'ai tenté en vain d'ouvrir Malwarebytes'Anti-Malware. Ci-dessous, vous trouverez un rapport hijackthis.log. D'avance merci de vos conseils. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:47:56, on 26/03/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Lydie et François\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avast.com/go.php?verb=register-home&lang=fre R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\WINDOWS\TEMP\E_S45.tmp" /EF "HKCU" O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- End of file - 2740 bytes

Voici le second rapport effectué par Rkill de Grinler. D'avance merci pour vos conseils. @+ This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as Lydie et Fran‡ois on 20/02/2010 at 12:14:38. Processes terminated by Rkill or while it was running: C:\Documents and Settings\Lydie et François\Local Settings\Temporary Internet Files\Content.IE5\W5WLM34T\rkill[1].com Rkill completed on 20/02/2010 at 12:14:41.

Bonjour, Voici le premier rapport recueilli dans C:\ : 12:07:34:000 3776 TDSS rootkit removing tool 2.2.4 Feb 15 2010 19:38:31 12:07:34:000 3776 ================================================================================ 12:07:34:000 3776 SystemInfo: 12:07:34:000 3776 OS Version: 5.1.2600 ServicePack: 2.0 12:07:34:000 3776 Product type: Workstation 12:07:34:000 3776 ComputerName: PRINCIPAL 12:07:34:000 3776 UserName: Lydie et François 12:07:34:000 3776 Windows directory: C:\WINDOWS 12:07:34:000 3776 Processor architecture: Intel x86 12:07:34:000 3776 Number of processors: 1 12:07:34:000 3776 Page size: 0x1000 12:07:34:000 3776 Boot type: Normal boot 12:07:34:000 3776 ================================================================================ 12:07:34:000 3776 UnloadDriverW: NtUnloadDriver error 2 12:07:34:000 3776 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2 12:07:34:000 3776 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000 12:07:34:015 3776 UtilityInit: KLMD drop and load success 12:07:34:015 3776 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010) 12:07:34:015 3776 UtilityInit: KLMD open success 12:07:34:015 3776 UtilityInit: Initialize success 12:07:34:015 3776 12:07:34:015 3776 Scanning Services ... 12:07:34:015 3776 CreateRegParser: Registry parser init started 12:07:34:015 3776 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127 12:07:34:015 3776 CreateRegParser: DisableWow64Redirection error 12:07:34:015 3776 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system 12:07:34:015 3776 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043 12:07:34:015 3776 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 12:07:34:015 3776 wfopen_ex: Trying to KLMD file open 12:07:34:015 3776 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system 12:07:34:015 3776 wfopen_ex: File opened ok (Flags 2) 12:07:34:015 3776 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 9C4A48 12:07:34:015 3776 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software 12:07:34:015 3776 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043 12:07:34:015 3776 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 12:07:34:015 3776 wfopen_ex: Trying to KLMD file open 12:07:34:015 3776 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software 12:07:34:015 3776 wfopen_ex: File opened ok (Flags 2) 12:07:34:015 3776 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 9C4AB0 12:07:34:015 3776 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127 12:07:34:015 3776 CreateRegParser: EnableWow64Redirection error 12:07:34:015 3776 CreateRegParser: RegParser init completed 12:07:34:328 3776 GetAdvancedServicesInfo: Raw services enum returned 264 services 12:07:34:328 3776 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system 12:07:34:328 3776 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software 12:07:34:328 3776 12:07:34:328 3776 Scanning Kernel memory ... 12:07:34:328 3776 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk 12:07:34:328 3776 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 83FCDD00 12:07:34:328 3776 DetectCureTDL3: KLMD_GetDeviceObjectList returned 5 DevObjects 12:07:34:328 3776 12:07:34:328 3776 DetectCureTDL3: DEVICE_OBJECT: 83FD1C68 12:07:34:328 3776 KLMD_GetLowerDeviceObject: Trying to get lower device object for 83FD1C68 12:07:34:328 3776 KLMD_ReadMem: Trying to ReadMemory 0x83FD1C68[0x38] 12:07:34:328 3776 DetectCureTDL3: DRIVER_OBJECT: 83FCDD00 12:07:34:328 3776 KLMD_ReadMem: Trying to ReadMemory 0x83FCDD00[0xA8] 12:07:34:328 3776 KLMD_ReadMem: Trying to ReadMemory 0xE12FEC40[0x18] 12:07:34:328 3776 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 12:07:34:328 3776 DetectCureTDL3: IRP_MJ_CREATE : F7540C30 12:07:34:328 3776 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804FB8DE 12:07:34:328 3776 DetectCureTDL3: IRP_MJ_CLOSE : F7540C30 12:07:34:328 3776 DetectCureTDL3: IRP_MJ_READ : F753AD9B 12:07:34:328 3776 DetectCureTDL3: IRP_MJ_WRITE : F753AD9B 12:07:34:328 3776 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804FB8DE 12:07:34:328 3776 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804FB8DE 12:07:34:328 3776 DetectCureTDL3: IRP_MJ_QUERY_EA : 804FB8DE 12:07:34:328 3776 DetectCureTDL3: IRP_MJ_SET_EA : 804FB8DE 12:07:34:328 3776 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : F753B366 12:07:34:328 3776 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804FB8DE 12:07:34:328 3776 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804FB8DE 12:07:34:328 3776 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804FB8DE 12:07:34:328 3776 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804FB8DE 12:07:34:328 3776 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F753B44D 12:07:34:328 3776 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F753EFC3 12:07:34:328 3776 DetectCureTDL3: IRP_MJ_SHUTDOWN : F753B366 12:07:34:328 3776 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804FB8DE 12:07:34:328 3776 DetectCureTDL3: IRP_MJ_CLEANUP : 804FB8DE 12:07:34:328 3776 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804FB8DE 12:07:34:328 3776 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804FB8DE 12:07:34:328 3776 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804FB8DE 12:07:34:328 3776 DetectCureTDL3: IRP_MJ_POWER : F753CEF3 12:07:34:328 3776 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F7541A24 12:07:34:328 3776 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804FB8DE 12:07:34:328 3776 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804FB8DE 12:07:34:328 3776 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804FB8DE 12:07:34:328 3776 TDL3_FileDetect: Processing driver: Disk 12:07:34:328 3776 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 12:07:34:328 3776 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 12:07:34:343 3776 TDL3_FileDetect: Processing driver: Disk 12:07:34:343 3776 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 12:07:34:343 3776 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 12:07:34:343 3776 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 12:07:34:343 3776 12:07:34:343 3776 DetectCureTDL3: DEVICE_OBJECT: 83FD1030 12:07:34:343 3776 KLMD_GetLowerDeviceObject: Trying to get lower device object for 83FD1030 12:07:34:343 3776 KLMD_ReadMem: Trying to ReadMemory 0x83FD1030[0x38] 12:07:34:343 3776 DetectCureTDL3: DRIVER_OBJECT: 83FCDD00 12:07:34:343 3776 KLMD_ReadMem: Trying to ReadMemory 0x83FCDD00[0xA8] 12:07:34:343 3776 KLMD_ReadMem: Trying to ReadMemory 0xE12FEC40[0x18] 12:07:34:343 3776 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 12:07:34:343 3776 DetectCureTDL3: IRP_MJ_CREATE : F7540C30 12:07:34:343 3776 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804FB8DE 12:07:34:343 3776 DetectCureTDL3: IRP_MJ_CLOSE : F7540C30 12:07:34:343 3776 DetectCureTDL3: IRP_MJ_READ : F753AD9B 12:07:34:343 3776 DetectCureTDL3: IRP_MJ_WRITE : F753AD9B 12:07:34:343 3776 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804FB8DE 12:07:34:343 3776 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804FB8DE 12:07:34:343 3776 DetectCureTDL3: IRP_MJ_QUERY_EA : 804FB8DE 12:07:34:343 3776 DetectCureTDL3: IRP_MJ_SET_EA : 804FB8DE 12:07:34:343 3776 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : F753B366 12:07:34:343 3776 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804FB8DE 12:07:34:343 3776 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804FB8DE 12:07:34:343 3776 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804FB8DE 12:07:34:343 3776 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804FB8DE 12:07:34:343 3776 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F753B44D 12:07:34:343 3776 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F753EFC3 12:07:34:343 3776 DetectCureTDL3: IRP_MJ_SHUTDOWN : F753B366 12:07:34:343 3776 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804FB8DE 12:07:34:343 3776 DetectCureTDL3: IRP_MJ_CLEANUP : 804FB8DE 12:07:34:343 3776 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804FB8DE 12:07:34:343 3776 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804FB8DE 12:07:34:343 3776 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804FB8DE 12:07:34:343 3776 DetectCureTDL3: IRP_MJ_POWER : F753CEF3 12:07:34:343 3776 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F7541A24 12:07:34:343 3776 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804FB8DE 12:07:34:343 3776 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804FB8DE 12:07:34:343 3776 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804FB8DE 12:07:34:343 3776 TDL3_FileDetect: Processing driver: Disk 12:07:34:343 3776 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 12:07:34:343 3776 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 12:07:34:343 3776 TDL3_FileDetect: Processing driver: Disk 12:07:34:343 3776 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 12:07:34:343 3776 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 12:07:34:359 3776 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 12:07:34:359 3776 12:07:34:359 3776 DetectCureTDL3: DEVICE_OBJECT: 83FD28A0 12:07:34:359 3776 KLMD_GetLowerDeviceObject: Trying to get lower device object for 83FD28A0 12:07:34:359 3776 KLMD_ReadMem: Trying to ReadMemory 0x83FD28A0[0x38] 12:07:34:359 3776 DetectCureTDL3: DRIVER_OBJECT: 83FCDD00 12:07:34:359 3776 KLMD_ReadMem: Trying to ReadMemory 0x83FCDD00[0xA8] 12:07:34:359 3776 KLMD_ReadMem: Trying to ReadMemory 0xE12FEC40[0x18] 12:07:34:359 3776 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_CREATE : F7540C30 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_CLOSE : F7540C30 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_READ : F753AD9B 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_WRITE : F753AD9B 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_QUERY_EA : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SET_EA : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : F753B366 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F753B44D 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F753EFC3 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SHUTDOWN : F753B366 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_CLEANUP : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_POWER : F753CEF3 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F7541A24 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804FB8DE 12:07:34:359 3776 TDL3_FileDetect: Processing driver: Disk 12:07:34:359 3776 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 12:07:34:359 3776 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 12:07:34:359 3776 TDL3_FileDetect: Processing driver: Disk 12:07:34:359 3776 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 12:07:34:359 3776 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 12:07:34:359 3776 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 12:07:34:359 3776 12:07:34:359 3776 DetectCureTDL3: DEVICE_OBJECT: 83FD2C68 12:07:34:359 3776 KLMD_GetLowerDeviceObject: Trying to get lower device object for 83FD2C68 12:07:34:359 3776 KLMD_ReadMem: Trying to ReadMemory 0x83FD2C68[0x38] 12:07:34:359 3776 DetectCureTDL3: DRIVER_OBJECT: 83FCDD00 12:07:34:359 3776 KLMD_ReadMem: Trying to ReadMemory 0x83FCDD00[0xA8] 12:07:34:359 3776 KLMD_ReadMem: Trying to ReadMemory 0xE12FEC40[0x18] 12:07:34:359 3776 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_CREATE : F7540C30 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_CLOSE : F7540C30 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_READ : F753AD9B 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_WRITE : F753AD9B 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_QUERY_EA : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SET_EA : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : F753B366 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F753B44D 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F753EFC3 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SHUTDOWN : F753B366 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_CLEANUP : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_POWER : F753CEF3 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F7541A24 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804FB8DE 12:07:34:359 3776 TDL3_FileDetect: Processing driver: Disk 12:07:34:359 3776 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 12:07:34:359 3776 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 12:07:34:359 3776 TDL3_FileDetect: Processing driver: Disk 12:07:34:359 3776 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 12:07:34:359 3776 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 12:07:34:359 3776 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 12:07:34:359 3776 12:07:34:359 3776 DetectCureTDL3: DEVICE_OBJECT: 83FCC030 12:07:34:359 3776 KLMD_GetLowerDeviceObject: Trying to get lower device object for 83FCC030 12:07:34:359 3776 DetectCureTDL3: DEVICE_OBJECT: 83F88F18 12:07:34:359 3776 KLMD_GetLowerDeviceObject: Trying to get lower device object for 83F88F18 12:07:34:359 3776 DetectCureTDL3: DEVICE_OBJECT: 83F8B4E0 12:07:34:359 3776 KLMD_GetLowerDeviceObject: Trying to get lower device object for 83F8B4E0 12:07:34:359 3776 KLMD_ReadMem: Trying to ReadMemory 0x83F8B4E0[0x38] 12:07:34:359 3776 DetectCureTDL3: DRIVER_OBJECT: 83F8BC28 12:07:34:359 3776 KLMD_ReadMem: Trying to ReadMemory 0x83F8BC28[0xA8] 12:07:34:359 3776 KLMD_ReadMem: Trying to ReadMemory 0xE12FED10[0x1A] 12:07:34:359 3776 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_CREATE : F7446572 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_CLOSE : F7446572 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_READ : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_WRITE : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_QUERY_EA : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SET_EA : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F7446592 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F74427B4 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_CLEANUP : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_POWER : F74465BC 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F744D164 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804FB8DE 12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804FB8DE 12:07:34:359 3776 TDL3_FileDetect: Processing driver: atapi 12:07:34:359 3776 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys 12:07:34:359 3776 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys 12:07:34:375 3776 KLMD_ReadMem: Trying to ReadMemory 0xF74437C6[0x400] 12:07:34:375 3776 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 12:07:34:375 3776 TDL3_FileDetect: Processing driver: atapi 12:07:34:375 3776 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys 12:07:34:375 3776 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys 12:07:34:375 3776 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean 12:07:34:375 3776 12:07:34:375 3776 Completed 12:07:34:375 3776 12:07:34:375 3776 Results: 12:07:34:375 3776 Memory objects infected / cured / cured on reboot: 0 / 0 / 0 12:07:34:375 3776 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 12:07:34:375 3776 File objects infected / cured / cured on reboot: 0 / 0 / 0 12:07:34:375 3776 12:07:34:375 3776 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000 12:07:34:375 3776 UtilityDeinit: KLMD(ARK) unloaded successfully

Bonjour, J'ai téléchargé les deux programmes. Je recontre toutefois un problème : Lorsque j'appuie sur une touche après que s'affiche le message "appuyer sur une touche pour continuer", le bloc-notes s'ouvre vide (!), autrement dit sans rapport. Je n'explique pas ce problème. @+

Bonjour, Sur mon petit portable, je rencontre des difficultés pour mettre à jour mes utilitaires. En fait, lorsque je souhaite les mettre à jour, la connexion Internet se coupe. Je souhaiterais télécharger malwarebytes et/ou findykill à partir de votre site, si bien évidemment vous penser que ces utilitaires peuvent répondre efficacement à mon problème. Ci-joint un rapport d'HijackThis. D'avance merci pour votre aide. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:19:33, on 19/02/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\EeePC\ACPI\AsTray.exe C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe C:\Program Files\EeePC\ACPI\AsEPCMon.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\P2Pcontrol\p2control.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\DOCUME~1\Carnet\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: 78.159.125.73 www.google.no O1 - Hosts: 78.159.125.73 www.google.nl O1 - Hosts: 78.159.125.73 www.google.com O1 - Hosts: 78.159.125.73 www.google.se O1 - Hosts: 78.159.125.73 uk.search.yahoo.com O1 - Hosts: 78.159.125.73 www.google.pt O1 - Hosts: 78.159.125.73 www.google.es O1 - Hosts: 78.159.125.73 www.google.ca O1 - Hosts: 78.159.125.73 www.google.be O1 - Hosts: 78.159.125.73 www.google.fi O1 - Hosts: 78.159.125.73 www.google.com.br O1 - Hosts: 78.159.125.73 www.google.co.uk O1 - Hosts: 78.159.125.73 www.google.dk O1 - Hosts: 78.159.125.73 www.google.co.jp O1 - Hosts: 78.159.125.73 www.google.fr O1 - Hosts: 78.159.125.73 www.google.co.za O1 - Hosts: 78.159.125.73 www.google.de O1 - Hosts: 78.159.125.73 www.google.ch O1 - Hosts: 78.159.125.73 www.google.at O1 - Hosts: 78.159.125.73 www.google.it O1 - Hosts: 78.159.125.73 search.yahoo.com O1 - Hosts: 78.159.125.73 www.google.ie O1 - Hosts: 78.159.125.73 us.search.yahoo.com O1 - Hosts: 78.159.125.73 www.google.gr O1 - Hosts: 78.159.125.73 www.google.com.mx O1 - Hosts: 78.159.125.73 www.google.com.au O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: gwprimawega - {65a6ecf7-9b24-086b-da9f-4c98af6a6901} - C:\WINDOWS\system32\zUFoH--9b_i-.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {EFE88AED-A995-46B2-97D2-2618003CE191} - c:\windows\system32\sjfbukg.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [synAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [P2Pcontrol] C:\Program Files\P2Pcontrol\p2control.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AntiVirus Plus] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Carnet\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll", start 70700 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AntiVirus Plus] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Carnet\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll", start 70700 O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\Carnet\Application Data\SystemProc\lsass.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: SuperHybridEngine.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: qxhlrqps - C:\WINDOWS\SYSTEM32\sjfbukg.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 10974 bytes

Bonjour, SecurityTool s'est installé sur mon ordinateur. J'ai lancé Malwarebytes'Anti-Malware, lequel a partiellement supprimé SecurityTool. Grâce à cette action, j'accède à nouveau à mon bureau. Néanmoins, je pense que SecurityTool est toujours actif du fait qu'un raccourci de ce fichier est toujours présent sur mon bureau. Je cherche donc à le supprimer totalement. Je vous envoie ci-dessous un rapport d'HijackThis. D'avance merci pour votre aide : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:57:11, on 19/02/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WgaTray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\SpeedFan\speedfan.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Lydie et François\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avast.com/go.php?verb=register-home&lang=fre R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- End of file - 2334 bytes